Issued:
2019-08-06
Updated:
2019-08-06

RHSA-2019:2030 - Security Advisory

Synopsis

Moderate: python security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: Missing salt initialization in _elementtree.c module (CVE-2018-14647)
  • python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010)
  • python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)
  • python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)
  • python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1629982 - Python can sometimes create incorrect .pyc files
  • BZ - 1631822 - CVE-2018-14647 python: Missing salt initialization in _elementtree.c module
  • BZ - 1666519 - CVE-2019-5010 python: NULL pointer dereference using a specially crafted X509 certificate
  • BZ - 1688169 - CVE-2019-9740 python: CRLF injection via the query part of the url passed to urlopen()
  • BZ - 1695570 - CVE-2019-9948 python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
  • BZ - 1695572 - CVE-2019-9947 python: CRLF injection via the path part of the url passed to urlopen()
  • BZ - 1703600 - python2-devel can't be installed during RHEL 7 to 8 upgrade due to incorrect Obsoletes

Red Hat Enterprise Linux Server 7

SRPM
python-2.7.5-86.el7.src.rpm SHA-256: 9873efceb273d8af2bb9c9281acb9bffac4d289514185dd68ab5847bdc528f57
x86_64
python-2.7.5-86.el7.x86_64.rpm SHA-256: 3fc83d7c70034bbf9039bbde7a4d7273324dddb3de7334563ce9173c03c3463a
python-debug-2.7.5-86.el7.x86_64.rpm SHA-256: 932c4724e53e6460e152023dba7e6ab622bdbda480ebf03c40b9c1919018679a
python-debuginfo-2.7.5-86.el7.i686.rpm SHA-256: c1165f59cbff3c36fef0cb4168752e272fce0aa35567b93b114eb95148d3ec24
python-debuginfo-2.7.5-86.el7.x86_64.rpm SHA-256: 183248549b99ef60bf8c90efbc03b8a667acc0c3d55799c54147c94d2108b52a
python-debuginfo-2.7.5-86.el7.x86_64.rpm SHA-256: 183248549b99ef60bf8c90efbc03b8a667acc0c3d55799c54147c94d2108b52a
python-devel-2.7.5-86.el7.x86_64.rpm SHA-256: 59500f9e50a06af62ef799d6edbaec2024ea831567c389b489f7cecbf76ef704
python-libs-2.7.5-86.el7.i686.rpm SHA-256: e7c1f2e5dd7f87c3887968316e588859664925131824536d1138efb42d2761ed
python-libs-2.7.5-86.el7.x86_64.rpm SHA-256: fc0a71077849f8d91d6f3bc83af9f162186d5b7580e9861a1c7ceac88b9cde4f
python-test-2.7.5-86.el7.x86_64.rpm SHA-256: a0cf6aa918cfc81fb0afc785d3e8d6d663fc77471002d23a9ffa82d6b7c7b0ea
python-tools-2.7.5-86.el7.x86_64.rpm SHA-256: 4a61aeaf3f45bcb27d94591a684c468cddfe8dfb0eae60589f4afedde4596c74
tkinter-2.7.5-86.el7.x86_64.rpm SHA-256: a5e252d2fd476edc423ce95a3b4d462efb7c5d207422cd28ef8325ee7b8e29d9

Red Hat Enterprise Linux Workstation 7

SRPM
python-2.7.5-86.el7.src.rpm SHA-256: 9873efceb273d8af2bb9c9281acb9bffac4d289514185dd68ab5847bdc528f57
x86_64
python-2.7.5-86.el7.x86_64.rpm SHA-256: 3fc83d7c70034bbf9039bbde7a4d7273324dddb3de7334563ce9173c03c3463a
python-debug-2.7.5-86.el7.x86_64.rpm SHA-256: 932c4724e53e6460e152023dba7e6ab622bdbda480ebf03c40b9c1919018679a
python-debuginfo-2.7.5-86.el7.i686.rpm SHA-256: c1165f59cbff3c36fef0cb4168752e272fce0aa35567b93b114eb95148d3ec24
python-debuginfo-2.7.5-86.el7.x86_64.rpm SHA-256: 183248549b99ef60bf8c90efbc03b8a667acc0c3d55799c54147c94d2108b52a
python-debuginfo-2.7.5-86.el7.x86_64.rpm SHA-256: 183248549b99ef60bf8c90efbc03b8a667acc0c3d55799c54147c94d2108b52a
python-devel-2.7.5-86.el7.x86_64.rpm SHA-256: 59500f9e50a06af62ef799d6edbaec2024ea831567c389b489f7cecbf76ef704
python-libs-2.7.5-86.el7.i686.rpm SHA-256: e7c1f2e5dd7f87c3887968316e588859664925131824536d1138efb42d2761ed
python-libs-2.7.5-86.el7.x86_64.rpm SHA-256: fc0a71077849f8d91d6f3bc83af9f162186d5b7580e9861a1c7ceac88b9cde4f
python-test-2.7.5-86.el7.x86_64.rpm SHA-256: a0cf6aa918cfc81fb0afc785d3e8d6d663fc77471002d23a9ffa82d6b7c7b0ea
python-tools-2.7.5-86.el7.x86_64.rpm SHA-256: 4a61aeaf3f45bcb27d94591a684c468cddfe8dfb0eae60589f4afedde4596c74
tkinter-2.7.5-86.el7.x86_64.rpm SHA-256: a5e252d2fd476edc423ce95a3b4d462efb7c5d207422cd28ef8325ee7b8e29d9

Red Hat Enterprise Linux Desktop 7

SRPM
python-2.7.5-86.el7.src.rpm SHA-256: 9873efceb273d8af2bb9c9281acb9bffac4d289514185dd68ab5847bdc528f57
x86_64
python-2.7.5-86.el7.x86_64.rpm SHA-256: 3fc83d7c70034bbf9039bbde7a4d7273324dddb3de7334563ce9173c03c3463a
python-debug-2.7.5-86.el7.x86_64.rpm SHA-256: 932c4724e53e6460e152023dba7e6ab622bdbda480ebf03c40b9c1919018679a
python-debuginfo-2.7.5-86.el7.i686.rpm SHA-256: c1165f59cbff3c36fef0cb4168752e272fce0aa35567b93b114eb95148d3ec24
python-debuginfo-2.7.5-86.el7.x86_64.rpm SHA-256: 183248549b99ef60bf8c90efbc03b8a667acc0c3d55799c54147c94d2108b52a
python-debuginfo-2.7.5-86.el7.x86_64.rpm SHA-256: 183248549b99ef60bf8c90efbc03b8a667acc0c3d55799c54147c94d2108b52a
python-devel-2.7.5-86.el7.x86_64.rpm SHA-256: 59500f9e50a06af62ef799d6edbaec2024ea831567c389b489f7cecbf76ef704
python-libs-2.7.5-86.el7.i686.rpm SHA-256: e7c1f2e5dd7f87c3887968316e588859664925131824536d1138efb42d2761ed
python-libs-2.7.5-86.el7.x86_64.rpm SHA-256: fc0a71077849f8d91d6f3bc83af9f162186d5b7580e9861a1c7ceac88b9cde4f
python-test-2.7.5-86.el7.x86_64.rpm SHA-256: a0cf6aa918cfc81fb0afc785d3e8d6d663fc77471002d23a9ffa82d6b7c7b0ea
python-tools-2.7.5-86.el7.x86_64.rpm SHA-256: 4a61aeaf3f45bcb27d94591a684c468cddfe8dfb0eae60589f4afedde4596c74
tkinter-2.7.5-86.el7.x86_64.rpm SHA-256: a5e252d2fd476edc423ce95a3b4d462efb7c5d207422cd28ef8325ee7b8e29d9

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
python-2.7.5-86.el7.src.rpm SHA-256: 9873efceb273d8af2bb9c9281acb9bffac4d289514185dd68ab5847bdc528f57
s390x
python-2.7.5-86.el7.s390x.rpm SHA-256: af43f6b4a4b821b6f46b1aa9bd953303e91dcf13f8079325b555e17e17361e19
python-debug-2.7.5-86.el7.s390x.rpm SHA-256: 0052cb73896c5ce4cc608eb623a803307c08011c7063e7ee2935f395962aca9a
python-debuginfo-2.7.5-86.el7.s390.rpm SHA-256: 7e974b005377a72ab9bf9ab92f358778984b0a7e66b5e59083344091347d176f
python-debuginfo-2.7.5-86.el7.s390x.rpm SHA-256: 89d10ae5d8cb6accbb49989e306b7490524c3b8a34814f44c317c62063b3eade
python-debuginfo-2.7.5-86.el7.s390x.rpm SHA-256: 89d10ae5d8cb6accbb49989e306b7490524c3b8a34814f44c317c62063b3eade
python-devel-2.7.5-86.el7.s390x.rpm SHA-256: fcf1626c8a842a8e3f35190d792744d2abefb9056ea60e38c49e0dfdc452c8a7
python-libs-2.7.5-86.el7.s390.rpm SHA-256: f6ee3a7b79db1d87bb40d1145a3b84fa78a5905767fb7dbc7be2ca157a41267a
python-libs-2.7.5-86.el7.s390x.rpm SHA-256: babfcc22bb086746853783c7b2617200416d8d2350e2a371ee694fb118127511
python-test-2.7.5-86.el7.s390x.rpm SHA-256: 7d905e94f46565f976c3ac0ed98933070271ef1e9050831d0c4e635e78b90501
python-tools-2.7.5-86.el7.s390x.rpm SHA-256: bcfc0843e12e6a2d5922aa2771d1bbe88bec5cca4e122819ac9ec92795a2c953
tkinter-2.7.5-86.el7.s390x.rpm SHA-256: 437d19f5536540dab5d6ffdaf664c4141db59cf38b53dcab9593a38c5dbf6545

Red Hat Enterprise Linux for Power, big endian 7

SRPM
python-2.7.5-86.el7.src.rpm SHA-256: 9873efceb273d8af2bb9c9281acb9bffac4d289514185dd68ab5847bdc528f57
ppc64
python-2.7.5-86.el7.ppc64.rpm SHA-256: 019a46b256fb191ffe544be015f7bc8d3412ccae5ba787d0ebe6add8108210ce
python-debug-2.7.5-86.el7.ppc64.rpm SHA-256: 5852bfb4b5954ca10410b53e0c26805485c55489a7d093da60ef0f1edcd798a0
python-debuginfo-2.7.5-86.el7.ppc.rpm SHA-256: 112865b99b1482cdef63dfd883147bba7e5cc151cb620e7a43f341891f99204a
python-debuginfo-2.7.5-86.el7.ppc64.rpm SHA-256: ac79fc1ea4814373615abf899443d14dc3fa6bbfa01718bfc8b7f082862e887e
python-debuginfo-2.7.5-86.el7.ppc64.rpm SHA-256: ac79fc1ea4814373615abf899443d14dc3fa6bbfa01718bfc8b7f082862e887e
python-devel-2.7.5-86.el7.ppc64.rpm SHA-256: b6ae9f9e440ed02c2f2bceda5bbc94ceb13c2ad8f793e6af7d46bc5dbec5d2ae
python-libs-2.7.5-86.el7.ppc.rpm SHA-256: 7b6c1007eaee457128a10a1dfd9654d45b54787787d046e16539b2dd8d2e76b5
python-libs-2.7.5-86.el7.ppc64.rpm SHA-256: 4e7322c96a205c4d61bb58ff2e8177842a7bdf3fddac3e451be233d20adb742c
python-test-2.7.5-86.el7.ppc64.rpm SHA-256: 83b69c84ec8348e6c1f3d8d3582a9502a0f9edfc8dd806f8574dcfbfd812c18a
python-tools-2.7.5-86.el7.ppc64.rpm SHA-256: 3202bcf3fa0ba28b954823c7b80b63554c14fa3507cbeb24049420a621771534
tkinter-2.7.5-86.el7.ppc64.rpm SHA-256: 28fc42f3b55eea51b265f48fdd2b366610397baebf5e51c23490bf52d316da80

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
python-2.7.5-86.el7.src.rpm SHA-256: 9873efceb273d8af2bb9c9281acb9bffac4d289514185dd68ab5847bdc528f57
x86_64
python-2.7.5-86.el7.x86_64.rpm SHA-256: 3fc83d7c70034bbf9039bbde7a4d7273324dddb3de7334563ce9173c03c3463a
python-debug-2.7.5-86.el7.x86_64.rpm SHA-256: 932c4724e53e6460e152023dba7e6ab622bdbda480ebf03c40b9c1919018679a
python-debuginfo-2.7.5-86.el7.i686.rpm SHA-256: c1165f59cbff3c36fef0cb4168752e272fce0aa35567b93b114eb95148d3ec24
python-debuginfo-2.7.5-86.el7.x86_64.rpm SHA-256: 183248549b99ef60bf8c90efbc03b8a667acc0c3d55799c54147c94d2108b52a
python-debuginfo-2.7.5-86.el7.x86_64.rpm SHA-256: 183248549b99ef60bf8c90efbc03b8a667acc0c3d55799c54147c94d2108b52a
python-devel-2.7.5-86.el7.x86_64.rpm SHA-256: 59500f9e50a06af62ef799d6edbaec2024ea831567c389b489f7cecbf76ef704
python-libs-2.7.5-86.el7.i686.rpm SHA-256: e7c1f2e5dd7f87c3887968316e588859664925131824536d1138efb42d2761ed
python-libs-2.7.5-86.el7.x86_64.rpm SHA-256: fc0a71077849f8d91d6f3bc83af9f162186d5b7580e9861a1c7ceac88b9cde4f
python-test-2.7.5-86.el7.x86_64.rpm SHA-256: a0cf6aa918cfc81fb0afc785d3e8d6d663fc77471002d23a9ffa82d6b7c7b0ea
python-tools-2.7.5-86.el7.x86_64.rpm SHA-256: 4a61aeaf3f45bcb27d94591a684c468cddfe8dfb0eae60589f4afedde4596c74
tkinter-2.7.5-86.el7.x86_64.rpm SHA-256: a5e252d2fd476edc423ce95a3b4d462efb7c5d207422cd28ef8325ee7b8e29d9

Red Hat Enterprise Linux for Power, little endian 7

SRPM
python-2.7.5-86.el7.src.rpm SHA-256: 9873efceb273d8af2bb9c9281acb9bffac4d289514185dd68ab5847bdc528f57
ppc64le
python-2.7.5-86.el7.ppc64le.rpm SHA-256: 97b9f5d08d1fc1b2ef40346172f7a04f6311bdee00af343e5f88005dc42cc50d
python-debug-2.7.5-86.el7.ppc64le.rpm SHA-256: 3adfce28bc46b2ec9985cb81cabb82f7f5f7f81972e90ddc28e086c9ab189c16
python-debuginfo-2.7.5-86.el7.ppc64le.rpm SHA-256: b54a17628e93bf95be191bb15af6c96b43e7aed2cea285bee69048621f9e9268
python-debuginfo-2.7.5-86.el7.ppc64le.rpm SHA-256: b54a17628e93bf95be191bb15af6c96b43e7aed2cea285bee69048621f9e9268
python-devel-2.7.5-86.el7.ppc64le.rpm SHA-256: 1b2c3fb5b6405084b874881b223e33f2781226f2cb661374831f0fb8aa3d4610
python-libs-2.7.5-86.el7.ppc64le.rpm SHA-256: 97f77fd2ab9a99ab7f0f525d8fc8fa27d668751a8138c67061e94c24e87d7690
python-test-2.7.5-86.el7.ppc64le.rpm SHA-256: bf0674b33f6388480a93586e742ea56e337fa36ee0452ad4edf899bd460e3aac
python-tools-2.7.5-86.el7.ppc64le.rpm SHA-256: c2960a321336978f453b3e7c92e12882a533ce55745fd5118d556acd792c860a
tkinter-2.7.5-86.el7.ppc64le.rpm SHA-256: e1c37ae8ca8ee7063b2bf935ee4dc4dcbcab935dbd49018edee1f7f0ffb45f38

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.