[security-announce] Python 2.7.3: Security update

Sona Sarmadi sona.sarmadi at enea.com
Thu Mar 5 10:28:12 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

           Enea Linux Security Advisory

=========================================================
Product/package: Python 2.7.3
Severity: Moderate
CVE Name: Disables-SSLv3, this is related to "SSLv3 POODLE
vulnerability" CVE-2014-3566
=========================================================
A securiy patch that disables SSL 3.0 in Python is now available at
http://linux.enea.com/4.0/patches:

README file: 0052-python2.7.3-Disables-SSLv3.README
Patch file: 0052-python2.7.3-Disables-SSLv3.patch

Description
===========
With POODLE there is now no ability to securely connect via SSL 3.0.
This patch disables SSL 3.0 in Python similarly to how SSL 2.0 is
disabled, where it is disabled by default unless the user has
explicitly re-enabled it.

References
==========
http://bugs.python.org/issue22638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget http://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
wget
http://linux.enea.com/4.0/patches/0052-python2.7.3-Disables-SSLv3.patch
patch -p1 < ./0052-python2.7.3-Disables-SSLv3.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU+CGsAAoJEHc+9u9ocWoULugP/2OG9JhDeK08uVvpj2za/0oQ
I5KKCqdIFQ/9znswaqJolyKRTUH/Y+EYV98G4pMwG8gH4hS3jVx1WtPnY/i4XgKi
Sot517hmhLXM5trD8vajtgUh1RGL5AVN6HHCCk8Qg6QqXAj6EBVIkroyCWZVQG9w
t0/IOL1DH5daqw2W0+aSb3rqr/2XVo+6OXbwS0Kd2GMHjKQdZsbTQ6QnidtM2eYa
wQnRn8FbbaNJcwkV6lDf/4uHoQSJjevAVUJhtqc2+4t2hdT8zwprEwiKxmaftJCo
Br/HoH/JbDviU5qhgU2vSz8z3VV40ipgOiLbSKGm4ZDRhlSpV/8b5hfI01IN0IhX
KGDtWDeF9RDG6cuGkoS95VlWpup7CfIAlMKBqNt4rDc9kHjpEzIo8jzHy9apFAW2
opKM1me/dO3itaIUpfxU7zwXcj6IoVZ821egpHlouTji+Gb/FGNiDGsh+ixMZyLz
3P2XhEGrGt++2g58qzuW/CUgh0gI7odXJXIjMR3+ibdJLHFCjZDJ8CoxYIJEbBwk
c7bWZlESZT7wUsi41AqS9dj/ACzxtNre7KeJPPy0CAPYt4OqYflBfEJ4ZX1HmkuC
MJ55mykAjG8nixEtDWNMNSQvhk8pokBdbn4q8Emz69q6N/q9OjhbEelBOwh8whE3
9/RG95zsfi1ArrdVFgyt
=4wFS
-----END PGP SIGNATURE-----



More information about the security-announce mailing list