Sicherheit: Zwei Probleme in python3
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in python3
ID: FEDORA-2020-d808fdd597
Distribution: Fedora
Plattformen: Fedora 31
Datum: Fr, 14. August 2020, 06:59
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14422
Applikationen: Python


Fedora Update Notification
2020-08-14 02:43:09.714652

Name : python3
Product : Fedora 31
Version : 3.7.8
Release : 2.fc31
URL : https://www.python.org/
Summary : Interpreter of the Python programming language
Description :
Python is an accessible, high-level, dynamically typed, interpreted programming
language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3 package provides the "python3" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3-libs package,
which should be installed automatically along with python3.
The remaining parts of the Python standard library are broken out into the
python3-tkinter and python3-test packages, which may need to be installed

Documentation for Python is provided in the python3-docs package.

Packages containing additional libraries for Python are generally named with
the "python3-" prefix.

Update Information:

Security fix for CVE-2019-20907, CVE-2020-14422. Provide a versioned
pathfix3.7.py command.

* Tue Jul 28 2020 Charalampos Stratakis <cstratak@redhat.com> - 3.7.8-2
- Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
Resolves: rhbz#1856481
- Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422)
Resolves: rhbz#1854926
- Ship versioned pathfixX.Y.py in main and non-main Python versions

[ 1 ] Bug #1854926 - CVE-2020-14422 python: DoS via inefficiency in
IPv{4,6}Interface classes
[ 2 ] Bug #1856481 - CVE-2019-20907 python: infinite loop in the tarfile
module via crafted TAR archive

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-d808fdd597' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten