ALT-BU-2019-3464-1
Branch sisyphus update bulletin.
Package packagekit updated to version 1.1.12-alt2 for branch sisyphus in task 220147.
Closed bugs
Падения во время обновления системы
Closed vulnerabilities
BDU:2018-01554
Уязвимость пакета программ Python, связанная с ошибками при освобождении ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-02457
Уязвимость процедуры синтаксического анализа сертификата интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-14647
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
- http://www.securityfocus.com/bid/105396
- http://www.securitytracker.com/id/1041740
- https://access.redhat.com/errata/RHSA-2019:1260
- https://access.redhat.com/errata/RHSA-2019:2030
- https://access.redhat.com/errata/RHSA-2019:3725
- https://bugs.python.org/issue34623
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/
- https://usn.ubuntu.com/3817-1/
- https://usn.ubuntu.com/3817-2/
- https://www.debian.org/security/2018/dsa-4306
- https://www.debian.org/security/2018/dsa-4307
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
- http://www.securityfocus.com/bid/105396
- http://www.securitytracker.com/id/1041740
- https://access.redhat.com/errata/RHSA-2019:1260
- https://access.redhat.com/errata/RHSA-2019:2030
- https://access.redhat.com/errata/RHSA-2019:3725
- https://bugs.python.org/issue34623
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/
- https://usn.ubuntu.com/3817-1/
- https://usn.ubuntu.com/3817-2/
- https://www.debian.org/security/2018/dsa-4306
- https://www.debian.org/security/2018/dsa-4307
Modified: 2024-11-21
CVE-2019-5010
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
- https://access.redhat.com/errata/RHSA-2019:3520
- https://access.redhat.com/errata/RHSA-2019:3725
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html
- https://security.gentoo.org/glsa/202003-26
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
- https://access.redhat.com/errata/RHSA-2019:3520
- https://access.redhat.com/errata/RHSA-2019:3725
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html
- https://security.gentoo.org/glsa/202003-26
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0758
Closed bugs
rpm-build-python3 нет в Requires
Closed bugs
Не хватает зависимости на python-module-toml