[security-announce] Python 2.7.3: Security update

Sona Sarmadi sona.sarmadi at enea.com
Wed Mar 11 07:47:19 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory

=========================================================
Product/package: Python 2.7.3
Severity: Moderate
CVE Name: This fix is related to "SSLv3 POODLE vulnerability"
CVE-2014-3566
=========================================================
A security patch that disables SSL 3.0 in Python is now available at
http://linux.enea.com/5.0-beta-m400/patches:

README file: 0008-python-Disables-SSLv3.README
Patch file: 0008-python-Disables-SSLv3.patch

Description
===========
With POODLE there is now no ability to securely connect via SSL 3.0.
This patch disables SSL 3.0 in Python similarly to how SSL 2.0 is
disabled, where it is disabled by default unless the user has
explicitly re-enabled it.

References
==========
http://bugs.python.org/issue22638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget http://linux.enea.com/5.0-beta-m400/Enea-Linux-5.0-beta-m400.tar.gz
tar zxvf Enea-Linux-5.0-beta-m400.tar.gz
<Fetch and apply the existing patches, please refer to
    README file for the individual patch>

 - Fetch and apply the new patch
cd Enea-Linux-5.0-beta-m400/poky
wget
http://linux.enea.com/5.0-beta-m400/patches/0008-python-Disables-SSLv3.patch
patch -p1 < ./0008-python-Disables-SSLv3.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

This message, including attachments, is CONFIDENTIAL. It may also be
privileged or otherwise protected by law. If you received this email
by mistake please let us know by reply and then delete it from your
system; you should not copy it or disclose its contents to anyone.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJU/+T3AAoJEHc+9u9ocWoU5SIP/1bzY0HWLJ8gA8+PfwM+aYiL
qbToIjck9O30GhpjTgaKCQM2BN2kk+z7/kn+HTbHrgRNVkjEyA4JZ1tYqQYGembC
FbfS7aBw3cbyuNN4Vy9PS2f9ThGy82iEdABzV1mv7zM6h5XsJDnITcTQLKOdXoP0
7pnJyCvBjJC+p2YdnrnpkXkDQrWD41/sTsuUWAhi3jNNH1T5icm/GYMubjbuWPpT
RodBz1u14Pdyo9imLqFhDDKbopd7gT1JQQnwR1GsckbV3eNUvZvJH2AFBpSS6zEs
WVIozYhNQqE/9qV05bMVD69lSqG2mEC6Jv7mEeKv1Z0FytmA8mgRMSt9bRJ6GxW7
/oYmOj0nUI2QeE8iRE7WWhs2I8WNq4seK1spcXEYvz+sQmRrVthl2wwNQ5PPaywi
oxisi5fT0RRY1n6+2ik1QidaKx6Ay95AMsxiDy5p2BhG+njSZ+LcjQlWsvLvMflD
KpZtGB3oiPdwfPEQLx0a9JUG7TKGoHthqj3+/NwTXQr6QPyBOIAiGmu75kCxrqHZ
aoM7iYNYs36R9pR0nb453cVtw241gkt40wowm8MVCqb6C9qoYyPFO/U5yA+8tpCR
VUAsOOBoSn9o8L0Ab0TeSYt2ytx2vBWEMN5x/EZMMYmmgSZrn3vKCY+NHazoVwmT
N3c970JOZBJ3qpH9Zrem
=6bW0
-----END PGP SIGNATURE-----



More information about the security-announce mailing list