Solution
Please Install the Updated Packages.
Insight
Python is an interpreted, interactive, object-oriented programming language.
A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. (CVE-2013-4238)
These updated python packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.
All users of python are advised to upgrade to these updated packages, which fix these issues and add this enhancement.
Affected
python on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-4238 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities