ID CVE-2014-9365
Summary The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
Vulnerable Configurations
  • Python 2.0
    cpe:2.3:a:python:python:2.0
  • Python 2.0.1
    cpe:2.3:a:python:python:2.0.1
  • Python 2.1
    cpe:2.3:a:python:python:2.1
  • Python 2.1.1
    cpe:2.3:a:python:python:2.1.1
  • Python 2.1.2
    cpe:2.3:a:python:python:2.1.2
  • Python 2.1.3
    cpe:2.3:a:python:python:2.1.3
  • Python 2.2
    cpe:2.3:a:python:python:2.2
  • Python 2.2.1
    cpe:2.3:a:python:python:2.2.1
  • Python 2.2.2
    cpe:2.3:a:python:python:2.2.2
  • Python 2.2.3
    cpe:2.3:a:python:python:2.2.3
  • Python 2.3
    cpe:2.3:a:python:python:2.3
  • Python 2.3.1
    cpe:2.3:a:python:python:2.3.1
  • Python 2.3.2
    cpe:2.3:a:python:python:2.3.2
  • Python 2.3.3
    cpe:2.3:a:python:python:2.3.3
  • Python 2.3.4
    cpe:2.3:a:python:python:2.3.4
  • Python 2.3.5
    cpe:2.3:a:python:python:2.3.5
  • Python 2.3.7
    cpe:2.3:a:python:python:2.3.7
  • Python 2.4
    cpe:2.3:a:python:python:2.4
  • Python 2.4.1
    cpe:2.3:a:python:python:2.4.1
  • Python 2.4.2
    cpe:2.3:a:python:python:2.4.2
  • Python Python 2.4.3
    cpe:2.3:a:python:python:2.4.3
  • Python 2.4.4
    cpe:2.3:a:python:python:2.4.4
  • Python 2.4.6
    cpe:2.3:a:python:python:2.4.6
  • Python 2.5
    cpe:2.3:a:python:python:2.5
  • Python 2.5.1
    cpe:2.3:a:python:python:2.5.1
  • Python 2.5.2
    cpe:2.3:a:python:python:2.5.2
  • Python 2.5.3
    cpe:2.3:a:python:python:2.5.3
  • Python 2.5.4
    cpe:2.3:a:python:python:2.5.4
  • Python 2.5.6
    cpe:2.3:a:python:python:2.5.6
  • Python 2.5.150
    cpe:2.3:a:python:python:2.5.150
  • Python 2.6
    cpe:2.3:a:python:python:2.6
  • Python 2.6.1
    cpe:2.3:a:python:python:2.6.1
  • Python 2.6.2
    cpe:2.3:a:python:python:2.6.2
  • Python 2.6.3
    cpe:2.3:a:python:python:2.6.3
  • Python 2.6.4
    cpe:2.3:a:python:python:2.6.4
  • Python 2.6.5
    cpe:2.3:a:python:python:2.6.5
  • Python 2.6.6
    cpe:2.3:a:python:python:2.6.6
  • Python 2.6.7
    cpe:2.3:a:python:python:2.6.7
  • Python 2.6.8
    cpe:2.3:a:python:python:2.6.8
  • Python 2.6.2150
    cpe:2.3:a:python:python:2.6.2150
  • Python 2.6.6150
    cpe:2.3:a:python:python:2.6.6150
  • Python 2.7
    cpe:2.3:a:python:python:2.7
  • Python 2.7.1
    cpe:2.3:a:python:python:2.7.1
  • Python 2.7.1 Release Candiate 1
    cpe:2.3:a:python:python:2.7.1:rc1
  • Python 2.7.2 Release Candidate 1
    cpe:2.3:a:python:python:2.7.2:rc1
  • Python 2.7.3
    cpe:2.3:a:python:python:2.7.3
  • Python 2.7.4
    cpe:2.3:a:python:python:2.7.4
  • Python 2.7.5
    cpe:2.3:a:python:python:2.7.5
  • Python 2.7.6
    cpe:2.3:a:python:python:2.7.6
  • Python 2.7.7
    cpe:2.3:a:python:python:2.7.7
  • Python 2.7.8
    cpe:2.3:a:python:python:2.7.8
  • Python 2.7.1150
    cpe:2.3:a:python:python:2.7.1150
  • Python 2.7.1150 (x64) 64-bit
    cpe:2.3:a:python:python:2.7.1150:-:-:-:-:-:x64
  • Python 2.7.2150
    cpe:2.3:a:python:python:2.7.2150
  • Python 3.0
    cpe:2.3:a:python:python:3.0
  • Python 3.0.1
    cpe:2.3:a:python:python:3.0.1
  • Python 3.1
    cpe:2.3:a:python:python:3.1
  • Python 3.1.1
    cpe:2.3:a:python:python:3.1.1
  • Python 3.1.2
    cpe:2.3:a:python:python:3.1.2
  • Python 3.1.3
    cpe:2.3:a:python:python:3.1.3
  • Python 3.1.4
    cpe:2.3:a:python:python:3.1.4
  • Python 3.1.5
    cpe:2.3:a:python:python:3.1.5
  • Python 3.1.2150 (x64) 64-bit
    cpe:2.3:a:python:python:3.1.2150:-:-:-:-:-:x64
  • Python 3.2
    cpe:2.3:a:python:python:3.2
  • Python 3.2-alpha
    cpe:2.3:a:python:python:3.2:alpha
  • Python 3.2.0
    cpe:2.3:a:python:python:3.2.0
  • Python 3.2.1
    cpe:2.3:a:python:python:3.2.1
  • Python 3.2.2
    cpe:2.3:a:python:python:3.2.2
  • Python 3.2.3
    cpe:2.3:a:python:python:3.2.3
  • Python 3.2.4
    cpe:2.3:a:python:python:3.2.4
  • Python 3.2.5
    cpe:2.3:a:python:python:3.2.5
  • Python 3.2.6
    cpe:2.3:a:python:python:3.2.6
  • Python 3.2.2150
    cpe:2.3:a:python:python:3.2.2150
  • Python 3.3
    cpe:2.3:a:python:python:3.3
  • Python 3.3 beta 2
    cpe:2.3:a:python:python:3.3:beta2
  • Python 3.3.0
    cpe:2.3:a:python:python:3.3.0
  • Python 3.3.1
    cpe:2.3:a:python:python:3.3.1
  • Python 3.3.1 release candidate 1
    cpe:2.3:a:python:python:3.3.1:rc1
  • Python 3.3.2
    cpe:2.3:a:python:python:3.3.2
  • Python 3.3.3
    cpe:2.3:a:python:python:3.3.3
  • Python 3.3. release candidate 1
    cpe:2.3:a:python:python:3.3.3:rc1
  • Python 3.3.3 release candidate 2
    cpe:2.3:a:python:python:3.3.3:rc2
  • Python 3.3.4
    cpe:2.3:a:python:python:3.3.4
  • Python 3.3.4 release candidate 1
    cpe:2.3:a:python:python:3.3.4:rc1
  • Python 3.3.5
    cpe:2.3:a:python:python:3.3.5
  • Python 3.3.5 release candidate 1
    cpe:2.3:a:python:python:3.3.5:rc1
  • Python 3.3.5 release candidate 2
    cpe:2.3:a:python:python:3.3.5:rc2
  • Python 3.3.6 release candidate 1
    cpe:2.3:a:python:python:3.3.6:rc1
  • Python 3.4 alpha 1
    cpe:2.3:a:python:python:3.4:alpha1
  • Python 3.4.0
    cpe:2.3:a:python:python:3.4.0
  • Python 3.4.1
    cpe:2.3:a:python:python:3.4.1
  • Python 3.4.2
    cpe:2.3:a:python:python:3.4.2
  • Apple Mac OS X 10.10.4
    cpe:2.3:o:apple:mac_os_x:10.10.4
CVSS
Base: 5.8 (as of 01-11-2016 - 13:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_10_5.NASL
    description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 85408
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85408
    title Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1868.NASL
    description From Red Hat Security Advisory 2017:1868 : An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to enable certificate verification by default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219110) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 102286
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102286
    title Oracle Linux 7 : python (ELSA-2017-1868)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1868.NASL
    description An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to enable certificate verification by default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219110) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102741
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102741
    title CentOS 7 : python (CESA-2017:1868)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170801_PYTHON_ON_SL7_X.NASL
    description Security Fix(es) : - The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 102654
    published 2017-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102654
    title Scientific Linux Security Update : python on SL7.x x86_64
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1186.NASL
    description According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 103024
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103024
    title EulerOS 2.0 SP2 : python (EulerOS-SA-2017-1186)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201503-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201503-10 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-02
    plugin id 82009
    published 2015-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82009
    title GLSA-201503-10 : Python: Multiple vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-552.NASL
    description It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.(CVE-2013-1752) It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data.(CVE-2014-9365)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 84369
    published 2015-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84369
    title Amazon Linux AMI : python27 (ALAS-2015-552)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1868.NASL
    description An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to enable certificate verification by default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219110) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 102104
    published 2017-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102104
    title RHEL 7 : python (RHSA-2017:1868)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1185.NASL
    description According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 103023
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103023
    title EulerOS 2.0 SP1 : python (EulerOS-SA-2017-1185)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151119_PYTHON_ON_SL7_X.NASL
    description It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) This update also fixes the following bugs : - Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. - When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. - The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value. - The load_cert_chain() function now accepts 'None' as a keyfile argument. In addition, this update adds the following enhancements : - Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more. - Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. - The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 87570
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87570
    title Scientific Linux Security Update : python on SL7.x x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-075.NASL
    description Updated python packages fix security vulnerabilities : A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912). This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules (CVE-2013-1752). Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules (CVE-2013-1752). A gzip bomb and unbound read denial of service flaw in python XMLRPC library (CVE-2013-1753). Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616). The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root (CVE-2014-4650). Python before 2.7.8 is vulnerable to an integer overflow in the buffer type (CVE-2014-7185). When Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking (CVE-2014-9365). The python-pip and tix packages was added due to missing build dependencies.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 82328
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82328
    title Mandriva Linux Security Advisory : python (MDVSA-2015:075)
redhat via4
advisories
  • bugzilla
    id 1439734
    title Backport fix for shutil.make_archive doesn't archive empty directories
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment python is earlier than 0:2.7.5-58.el7
          oval oval:com.redhat.rhsa:tst:20171868017
        • comment python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554008
      • AND
        • comment python-debug is earlier than 0:2.7.5-58.el7
          oval oval:com.redhat.rhsa:tst:20171868015
        • comment python-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152101016
      • AND
        • comment python-devel is earlier than 0:2.7.5-58.el7
          oval oval:com.redhat.rhsa:tst:20171868007
        • comment python-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554010
      • AND
        • comment python-libs is earlier than 0:2.7.5-58.el7
          oval oval:com.redhat.rhsa:tst:20171868009
        • comment python-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554014
      • AND
        • comment python-test is earlier than 0:2.7.5-58.el7
          oval oval:com.redhat.rhsa:tst:20171868013
        • comment python-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554016
      • AND
        • comment python-tools is earlier than 0:2.7.5-58.el7
          oval oval:com.redhat.rhsa:tst:20171868005
        • comment python-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554012
      • AND
        • comment tkinter is earlier than 0:2.7.5-58.el7
          oval oval:com.redhat.rhsa:tst:20171868011
        • comment tkinter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554018
    rhsa
    id RHSA-2017:1868
    released 2017-08-01
    severity Moderate
    title RHSA-2017:1868: python security and bug fix update (Moderate)
  • rhsa
    id RHSA-2016:1166
  • rhsa
    id RHSA-2017:1162
rpms
  • python-0:2.7.5-58.el7
  • python-debug-0:2.7.5-58.el7
  • python-devel-0:2.7.5-58.el7
  • python-libs-0:2.7.5-58.el7
  • python-test-0:2.7.5-58.el7
  • python-tools-0:2.7.5-58.el7
  • tkinter-0:2.7.5-58.el7
refmap via4
apple APPLE-SA-2015-08-13-2
bid 71639
confirm
gentoo GLSA-201503-10
mlist [oss-security] 20141211 CVE request: Python, standard library HTTP clients
Last major update 28-11-2016 - 14:13
Published 12-12-2014 - 06:59
Last modified 04-01-2018 - 21:29
Back to Top