[security-announce] Python: Security update

Tudor Florea tudor.florea at enea.com
Fri Jul 3 18:43:02 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Python: Security update

=========================================================
Product/package: Python: 2.7.3
Severity: Low
CVE Name: CVE-2013-1752 httplib: header parsing is unlimited
=========================================================

This security patch fixes a insufficient check when parsing
the HTTP header leading to improper memory consumption

README file:  0019-python-CVE-2013-1752-httplib.README.asc
Signed patch: 0019-python-CVE-2013-1752-httplib.patch.asc

Description
===========
The httplib module / package can read arbitrary amounts of data
from its socket when it's parsing the HTTP header. This may lead
to issues when a user connects to a broken HTTP server or
something that isn't a HTTP at all.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752
https://bugs.python.org/issue16037


How to apply the patches
=======================
Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget https://linux.enea.com/5.0-beta-m400/patches/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

Fetch and apply the new patch
wget https://linux.enea.com/5.0-beta-m400/\
patches/0019-python-CVE-2013-1752-httplib.patch.asc
patch -p1 < ./0019-python-CVE-2013-1752-httplib.patch.asc

Contact Info
============
If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Tudor Florea
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVlruTAAoJEMCI2qnpaXcscCoH/iGtPwIUKXPLWvcqLCNYTSag
t3zHlVr8xVV5DlYV6RRY+WwF4olrtdI5Tov/q69OemyDoOgQ8pzuPElt59x9PyQG
KaLZGcAa5dJqVNyLlXmbGuxwJNdK3BF+lKu6KnCzvoskKQbyob64oKwUwhUtv1Sl
RDbXF45dUTZgLa+NHglBqUUChgEH4O+Oy1AZrkkrQlCQ/ZR9mSJ+FRiITo/RkQRF
kCVQ8h0mNUjjQep99ePVcBsO0NFgbO/eaxJdJapNflF2P1oXE00By+fJWUY0IZOg
rk3Qk4p64+IX6q2lO/rmYGXjaZOZi3jcywK44PU9xyF7awGDsn1c8ergPadPrG0=
=gS06
-----END PGP SIGNATURE-----



More information about the security-announce mailing list