Package name
python
Date
2013-08-21
Advisory ID
MDVSA-2013:214
Affected versions
MBS1 x86_64

Problem description

Updated python packages fix security vulnerability:

Ryan Sleevi of the Google Chrome Security Team has discovered that
Python's SSL module doesn't handle NULL bytes inside subjectAltNames
general names. This could lead to a breach when an application uses
ssl.match_hostname() to match the hostname againt the certificate's
subjectAltName's dNSName general names. (CVE-2013-4238).

Updated packages

MBS1 x86_64

 752209b35068bee71a37ebf5a3529526  mbs1/x86_64/lib64python2.7-2.7.3-4.4.mbs1.x86_64.rpm
 7005795c9900d103dc06fba1e63a4369  mbs1/x86_64/lib64python-devel-2.7.3-4.4.mbs1.x86_64.rpm
 25a9f67c8e64f8f7cada826edbd6cc03  mbs1/x86_64/python-2.7.3-4.4.mbs1.x86_64.rpm
 b7db45905e718ec28d1aa13520443918  mbs1/x86_64/python-docs-2.7.3-4.4.mbs1.noarch.rpm
 a944c78f7347b66f95c9e2fb9185bab0  mbs1/x86_64/tkinter-2.7.3-4.4.mbs1.x86_64.rpm
 52c5bd1a11d814b7a25412763b5d4cb5  mbs1/x86_64/tkinter-apps-2.7.3-4.4.mbs1.x86_64.rpm 
 7eca355fc59fcf1e782edfbb762846a6  mbs1/SRPMS/python-2.7.3-4.4.mbs1.src.rpm

References