검색

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

8.160. python

download PDF
Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
Python is an interpreted, interactive, object-oriented programming language.

Security Fix

CVE-2013-4238
A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts.

Bug Fixes

BZ#521898
Previously, several Python executables from the python-tools subpackage started with the #!/usr/bin/env python shebang. This made it harder to install and use alternative Python versions. With this update, the first line of these executables has been replaced with #!/usr/bin/python that explicitly refers to the system version of Python. As a result, a user-preferred version of Python can now be used without complications
BZ#841937
Prior to this update, the sqlite3.Cursor.lastrowid object did not accept an insert statement specified in the Turkish locale. Consequently, when installing Red Hat Enterprise Linux 6 with the graphical installer, selecting "Turkish" as the install language led to an installation failure. With this update, sqlite3.Cursor.lastrowid has been fixed and installation no longer fails under the Turkish locale.
BZ#845802
Previously, the SysLogHandler class inserted a UTF-8 byte order mark (BOM) into log messages. Consequently, these messages were evaluated as having the emergency priority level and were logged to all user consoles. With this update, SysLogHandler no longer appends a BOM to log messages, and messages are now assigned correct priority levels.
BZ#893034
Previously, the random.py script failed to import the random module when the /dev/urandom file did not exist on the system. This led subsequent programs, such as Yum, to terminate unexpectedly. This bug has been fixed, and random.py now works as expected even without /dev/urandom.
BZ#919163
The WatchedFileHandler class was sensitive to a race condition, which led to occasional errors. Consequently, rotating to a new log file failed. WatchedFileHandler has been fixed and the log rotation now works as expected.
BZ#928390
Prior to this update, Python did not read Alternative Subject Names from certain Secure Sockets Layer (SSL) certificates. Consequently, a false authentication failure could have occurred when checking the certificate host name. This update fixes the handling of Alternative Subject Names and false authentication errors no longer occur.
BZ#948025
Previously, the SocketServer module did not handle the system call interruption properly. This caused certain HTTP servers to terminate unexpectedly. With this update, SocketServer has been modified to handle the interruption and servers no longer crash in the aforementioned scenario.
BZ#958868
Passing the timeout=None argument to the subprocess.Popen() function caused the upstream version of the Eventlet library to terminate unexpectedly. This bug has been fixed and Eventlet no longer fails in the described case.
BZ#960168
When a connection incoming to a server with an enabled SSLSocket class failed to pass the automatic do_handshake() function, the connection remained open. This problem affected only Python 2 versions. The underlying source code has been fixed and the failed incoming connection is now closed properly.
BZ#962779
In cases when multiple libexpat.so libraries were available, Python failed to choose the correct one. This update adds an explicit RPATH to the _elementtree.so, thus fixing this bug.
BZ#978129
Previously, the urlparse module did not parse the query and fragment parts of URLs properly for arbitrary XML schemes. With this update, urlparse has been fixed and correct parsing is now assured in this scenario.

Enhancement

BZ#929258
This update adds the collections.OrderedDict data structure to the collections package. collections.OrderedDict is used in application code to ensure that the in-memory python dictionaries are emitted in the same order when converted to a string by the json.dumps routines.
All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.