Oracle Errata System
Oracle Linux
5.3
2021-09-09T12:48:23
ELSA-2017-1868: python security and bug fix update (MODERATE)
Oracle Linux 7
[2.7.5-58.0.1]
- Add Oracle Linux distribution in platform.py [orabug 20812544]
[2.7.5-58]
- Set stream to None in case an _open() fails.
Resolves: rhbz#1432003
[2.7.5-57]
- Fix implicit declaration warnings of functions added by patches 147 and 265
Resolves: rhbz#1441237
[2.7.5-56]
- Fix shutil.make_archive ignoring empty directories when creating zip files
Resolves: rhbz#1439734
[2.7.5-55]
- Update Python RPM macros with new ones from EPEL7 to simplify packaging
Resolves: rhbz#1297522
[2.7.5-54]
- Protect key list during fork()
Resolves: rhbz#1268226
[2.7.5-53]
- Fix _ssl.c reference leaks
Resolves: rhbz#1272562
[2.7.5-52]
- Workaround Python's threading library issue with non returning wait, for signals with timeout
Resolves: rhbz#1368076
[2.7.5-51]
- Enable certificate verification by default
Resolves: rhbz#1219110
[2.7.5-50]
- Fix incorrect parsing of certain regular expressions
Resolves: rhbz#1373363
[2.7.5-49]
- Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs
Resolves: rhbz#1364444
[2.7.5-48]
- Fix for CVE-2016-1000110 HTTPoxy attack
Resolves: rhbz#1359164
[2.7.5-47]
- Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.get_data()
Resolves: rhbz#1356364
[2.7.5-46]
- Drop patch 221 that backported sslwrap function since it was introducing regressions
- Refactor patch 227
Resolves: rhbz#1331425
[2.7.5-45]
- Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647)
Raise an error when STARTTLS fails (upstream patch)
- Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699)
Disabled HTTP header injections in httplib (upstream patch)
Resolves: rhbz#1346357
[2.7.5-44]
- Fix iteration over files with very long lines
Resolves: rhbz#1271760
[2.7.5-43]
- Move python.conf from /etc/tmpfiles.d/ to /usr/lib/tmpfiles.d/
Resolves: rhbz#1288426
[2.7.5-42]
- JSON decoder lone surrogates fix
Resolves: rhbz#1301017
[2.7.5-41]
- Updated PEP493 implementation
Resolves: rhbz#1315758
[2.7.5-40]
- Backport of Computed Goto dispatch
Resolves: rhbz#1289277
MODERATE
Copyright 2017 Oracle, Inc.
CVE-2014-9365
tkinter
oraclelinux-release
python
python-devel
python-libs
python-tools
python-debug
python-test
72f97b74ec551f03
^7
aarch64
0:2.7.5-58.0.1.el7
x86_64