Bug 1666519 (CVE-2019-5010)

Summary: CVE-2019-5010 python: NULL pointer dereference using a specially crafted X509 certificate
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: cheimes, cstratak, hhorak, jorton, mhroncok, python-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-06 13:21:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1666520, 1666521, 1666522, 1666523, 1666524, 1666525, 1666526, 1666527, 1666788, 1666789, 1666790, 1666791, 1666792, 1666793, 1709396    
Bug Blocks: 1666528    

Description Laura Pardo 2019-01-15 21:54:56 UTC 
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.


References:
https://bugs.python.org/issue35746

Upstream Patch:
https://github.com/python/cpython/pull/11569
Comment 1 Laura Pardo 2019-01-15 21:55:50 UTC 
Created python3 tracking bugs for this issue:

Affects: fedora-all [bug 1666522]


Created python33 tracking bugs for this issue:

Affects: fedora-28 [bug 1666524]


Created python34 tracking bugs for this issue:

Affects: epel-all [bug 1666526]
Affects: fedora-all [bug 1666525]


Created python35 tracking bugs for this issue:

Affects: fedora-all [bug 1666527]


Created python36 tracking bugs for this issue:

Affects: epel-7 [bug 1666523]
Affects: fedora-29 [bug 1666520]


Created python37 tracking bugs for this issue:

Affects: fedora-28 [bug 1666521]
Comment 4 Adam Mariš 2019-01-25 15:27:14 UTC 
Statement:

This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6.
Comment 5 Adam Mariš 2019-01-25 15:27:15 UTC 
External References:

https://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html
Comment 6 errata-xmlrpc 2019-08-06 12:04:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:2030
Comment 7 Product Security DevOps Team 2019-08-06 13:21:32 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-5010
Comment 8 errata-xmlrpc 2019-11-05 21:06:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3520 https://access.redhat.com/errata/RHSA-2019:3520
Comment 9 errata-xmlrpc 2019-11-06 09:45:20 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6

Via RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3725