[security-announce] Python: Security update

Tudor Florea tudor.florea at enea.com
Tue Jul 7 23:46:03 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

	Python: Security update

=======================================================================
Product/package: Python: 2.7.3
Severity: Low
CVE Name: CVE-2013-1752 ftplib, imaplib, nntplib and poplib: read limit
=======================================================================

This security patch fixes insufficient checks in
ftplib, imaplib, nntplib and poplib modules.

README file:  0088-python-CVE-2013-1752-ftp-imap-nntp-pop.README.asc
Signed patch: 0088-python-CVE-2013-1752-ftp-imap-nntp-pop.patch.asc

Description
===========
The ftplib, imaplib, nntplib and poplib modules doesn't limit the amount
of read data in its call to readline().
The ftplib, imaplib, nntplib and poplib modules are modified to use
limited readline() to _MAXLINE amount of data read.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752
https://bugs.python.org/issue16038
https://bugs.python.org/issue16039
https://bugs.python.org/issue16040
https://bugs.python.org/issue16041


How to apply the patches
========================
Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

Fetch and apply the new patch
wget https://linux.enea.com/4.0/patches/\
0088-python-CVE-2013-1752-ftp-imap-nntp-pop.patch.asc
patch -p1 < ./0088-python-CVE-2013-1752-ftp-imap-nntp-pop.patch.asc

Contact Info
============
If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Tudor Florea
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVnEiWAAoJEMCI2qnpaXcsUeoIANtMtlhVQKkj/OI23ewscAPe
5Jqq46hfcFbJH+391+a/VstYJXEoC2XGrotSqbT1YvMtYi+RaVu9/OGw6iKX6+oV
+ZwbBsbOMDJuMeJX0Hrl+9MocpdqJJMbTCQ37vFoHf+/o66HPKYTVcGzYEZD8mmh
FGxqyF7lcA10ueRFUiT0F328qv7KVztVDZjYJ6fBPc/SPjgOXrlAFKuVCokJ2Ev3
zcghL96Y6XLvRI1PHBWUVQm7XrOQfQH1YbaZQnOcy9bQ5UoygC71TvlldLhPZy4I
vhdPkd3aUa2/5bPR8IBFqpd3iFJaqG5sRGhvyEvU/iAyYeQBLgjWaYi6DGsbK4o=
=BP0Z
-----END PGP SIGNATURE-----



More information about the security-announce mailing list