CentOS 6 ELS: python package gradual rollout - TuxCare

CentOS 6 ELS: python package gradual rollout

TuxCare Team

September 23, 2021

changelog

A new updated python package within CentOS 6 ELS has been scheduled for gradual rollout from our production repository.

Rollout slot: 2
Rolled out to: 0.1%
ETA for 100% rollout: October 7

Errata: https://errata.cloudlinux.com/els6/CLSA-2021-1632401716.html


CHANGELOG

python-2.6.6-70.el6.cloudlinux.els

  • Fix prefix dot in domain for proper subdomain validation (CVE-2018-20852)
  • Fix allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client (CVE-2020-8492)
  • Fix http.client allows CRLF injection if the attacker controls the HTTP request method (CVE-2020-26116)
  • Fix unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)

UPDATE COMMAND

yum update python*

IMMEDIATE UPDATE (VIA BYPASS)

yum update python* --enablerepo=ELS6-rollout-2-bypass

 

Stay in the Loop

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching