Hide Forgot
A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS.
Patch : Branch 2.7 : https://hg.python.org/cpython/rev/b3ce713fb9be Branch 3.4 : https://hg.python.org/cpython/rev/d590114c2394
Created python tracking bugs for this issue: Affects: fedora-all [bug 1346344]
Created python26 tracking bugs for this issue: Affects: epel-5 [bug 1346346]
Created python3 tracking bugs for this issue: Affects: fedora-all [bug 1346345]
Unembargoing : flaw and patch are now public
Created python34 tracking bugs for this issue: Affects: epel-7 [bug 1348973]
python-2.7.11-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
python-2.7.11-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
pypy and pypy3 in Fedora are affected as well
Created pypy tracking bugs for this issue: Affects: fedora-all [bug 1351679]
Created pypy3 tracking bugs for this issue: Affects: fedora-all [bug 1351680]
Created pypy tracking bugs for this issue: Affects: epel-5 [bug 1351681] Affects: epel-6 [bug 1351682] Affects: epel-7 [bug 1351684]
python3-3.5.1-9.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
pypy3-2.4.0-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
pypy-5.0.1-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
pypy-4.0.1-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
python3-3.4.3-9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
pypy-5.0.1-3.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
pypy3-2.4.0-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
python-2.7.10-10.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
python3-3.4.2-8.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
pypy3-2.4.0-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
python34-3.4.3-5.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Via RHSA-2016:1627 https://rhn.redhat.com/errata/RHSA-2016-1627.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2016:1626 https://rhn.redhat.com/errata/RHSA-2016-1626.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2016:1628 https://rhn.redhat.com/errata/RHSA-2016-1628.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2016:1630 https://rhn.redhat.com/errata/RHSA-2016-1630.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2016:1629 https://rhn.redhat.com/errata/RHSA-2016-1629.html