ClickCease CentOS 6 ELS: python package gradual rollout - TuxCare

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

CentOS 6 ELS: python package gradual rollout

September 23, 2021 - TuxCare PR Team

A new updated python package within CentOS 6 ELS has been scheduled for gradual rollout from our production repository.

Rollout slot: 2
Rolled out to: 0.1%
ETA for 100% rollout: October 7

Errata: https://errata.cloudlinux.com/els6/CLSA-2021-1632401716.html

CHANGELOG

python-2.6.6-70.el6.cloudlinux.els

  • Fix prefix dot in domain for proper subdomain validation (CVE-2018-20852)
  • Fix allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client (CVE-2020-8492)
  • Fix http.client allows CRLF injection if the attacker controls the HTTP request method (CVE-2020-26116)
  • Fix unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)

UPDATE COMMAND

yum update python*

IMMEDIATE UPDATE (VIA BYPASS)

yum update python* --enablerepo=ELS6-rollout-2-bypass

 

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter