Bug 1666519 (CVE-2019-5010)
Summary: | CVE-2019-5010 python: NULL pointer dereference using a specially crafted X509 certificate | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | cheimes, cstratak, hhorak, jorton, mhroncok, python-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-06 13:21:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1666520, 1666521, 1666522, 1666523, 1666524, 1666525, 1666526, 1666527, 1666788, 1666789, 1666790, 1666791, 1666792, 1666793, 1709396 | ||
Bug Blocks: | 1666528 |
Description
Laura Pardo
2019-01-15 21:54:56 UTC
Created python3 tracking bugs for this issue: Affects: fedora-all [bug 1666522] Created python33 tracking bugs for this issue: Affects: fedora-28 [bug 1666524] Created python34 tracking bugs for this issue: Affects: epel-all [bug 1666526] Affects: fedora-all [bug 1666525] Created python35 tracking bugs for this issue: Affects: fedora-all [bug 1666527] Created python36 tracking bugs for this issue: Affects: epel-7 [bug 1666523] Affects: fedora-29 [bug 1666520] Created python37 tracking bugs for this issue: Affects: fedora-28 [bug 1666521] Statement: This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6. External References: https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:2030 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-5010 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3520 https://access.redhat.com/errata/RHSA-2019:3520 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3725 |