CentOS 6 ELS: python package gradual rollout
A new updated python package within CentOS 6 ELS has been scheduled for gradual rollout from our production repository.
Rollout slot: 2
Rolled out to: 0.1%
ETA for 100% rollout: October 7
Errata: https://errata.cloudlinux.com/els6/CLSA-2021-1632401716.html
CHANGELOG
python-2.6.6-70.el6.
- Fix prefix dot in domain for proper subdomain validation (CVE-2018-20852)
- Fix allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client (CVE-2020-8492)
- Fix http.client allows CRLF injection if the attacker controls the HTTP request method (CVE-2020-26116)
- Fix unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)
UPDATE COMMAND
yum update python*
IMMEDIATE UPDATE (VIA BYPASS)
yum update python* --enablerepo=ELS6-rollout-2-bypass