advisories/23664.adv

type: security
subject: Updated python3 packages fix security vulnerability
CVE:
 - CVE-2018-14647
 - CVE-2018-20406
 - CVE-2019-5010
 - CVE-2019-9636
src:
  6:
   core:
     - python3-3.5.7-1.mga6
description: |
  Python's elementtree C accelerator failed to initialise Expat's hash salt
  during initialization. This could make it easy to conduct denial of service
  attacks against Expat by contructing an XML document that would cause
  pathological hash collisions in Expat's internal data structures, consuming
  large amounts CPU and RAM (CVE-2018-14647).

  Modules/_pickle.c in Python before 3.5.7 has an integer overflow via a large
  LONG_BINPUT value that is mishandled during a "resize to twice the size"
  attempt. This issue might cause memory exhaustion, but is only relevant if
  the pickle format is used for serializing tens or hundreds of gigabytes of
  data
  (CVE-2018-20406).

  A null pointer dereference vulnerability was found in the certificate
  parsing code in Python. This causes a denial of service to applications when
  parsing specially crafted certificates. This vulnerability is unlikely to be
  triggered if application enables SSL/TLS certificate validation and accepts
  certificates only from trusted root certificate authorities (CVE-2019-5010).

  A vulnerability was found in Python 3.x through 3.5.7. An improper Handling
  of Unicode Encoding (with an incorrect netloc) during NFKC normalization could
  lead to an Information Disclosure (credentials, cookies, etc. that are cached
  against a given hostname) in the urllib.parse.urlsplit, urllib.parse.urlparse
  components. A specially crafted URL could be incorrectly parsed to locate
  cookies or authentication data and send that information to a different host
  than when parsed correctly (CVE-2019-9636).

  The python3 package has been updated to version 3.5.7, fixing these and other
  issues.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=23664
 - https://pythoninsider.blogspot.com/2019/03/python-3.html
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A7QEHDSATR6O6LCG44EN2DA4QDAYBYWW/
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
ID: MGASA-2019-0135
1	type: security
2	subject: Updated python3 packages fix security vulnerability
3	CVE:
4	- CVE-2018-14647
5	- CVE-2018-20406
6	- CVE-2019-5010
7	- CVE-2019-9636
8	src:
9	6:
10	core:
11	- python3-3.5.7-1.mga6
12	description: \|
13	Python's elementtree C accelerator failed to initialise Expat's hash salt
14	during initialization. This could make it easy to conduct denial of service
15	attacks against Expat by contructing an XML document that would cause
16	pathological hash collisions in Expat's internal data structures, consuming
17	large amounts CPU and RAM (CVE-2018-14647).
18
19	Modules/_pickle.c in Python before 3.5.7 has an integer overflow via a large
20	LONG_BINPUT value that is mishandled during a "resize to twice the size"
21	attempt. This issue might cause memory exhaustion, but is only relevant if
22	the pickle format is used for serializing tens or hundreds of gigabytes of
23	data
24	(CVE-2018-20406).
25
26	A null pointer dereference vulnerability was found in the certificate
27	parsing code in Python. This causes a denial of service to applications when
28	parsing specially crafted certificates. This vulnerability is unlikely to be
29	triggered if application enables SSL/TLS certificate validation and accepts
30	certificates only from trusted root certificate authorities (CVE-2019-5010).
31
32	A vulnerability was found in Python 3.x through 3.5.7. An improper Handling
33	of Unicode Encoding (with an incorrect netloc) during NFKC normalization could
34	lead to an Information Disclosure (credentials, cookies, etc. that are cached
35	against a given hostname) in the urllib.parse.urlsplit, urllib.parse.urlparse
36	components. A specially crafted URL could be incorrectly parsed to locate
37	cookies or authentication data and send that information to a different host
38	than when parsed correctly (CVE-2019-9636).
39
40	The python3 package has been updated to version 3.5.7, fixing these and other
41	issues.
42	references:
43	- https://bugs.mageia.org/show_bug.cgi?id=23664
44	- https://pythoninsider.blogspot.com/2019/03/python-3.html
45	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A7QEHDSATR6O6LCG44EN2DA4QDAYBYWW/
46	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/
47	ID: MGASA-2019-0135