|
|
Log in / Subscribe / Register

Oracle alert ELSA-2017-1868 (python)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2017-1868 Moderate: Oracle Linux 7 python security and bug fix update 


Date:
    	      Tue, 8 Aug 2017 13:42:17 -0700


Message-ID:
    	      <77a5ec5b-e2b7-52b2-d56c-1b52f60adb19@oracle.com>


Oracle Linux Security Advisory ELSA-2017-1868

http://linux.oracle.com/errata/ELSA-2017-1868.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
python-2.7.5-58.0.1.el7.x86_64.rpm
python-debug-2.7.5-58.0.1.el7.x86_64.rpm
python-devel-2.7.5-58.0.1.el7.x86_64.rpm
python-libs-2.7.5-58.0.1.el7.i686.rpm
python-libs-2.7.5-58.0.1.el7.x86_64.rpm
python-test-2.7.5-58.0.1.el7.x86_64.rpm
python-tools-2.7.5-58.0.1.el7.x86_64.rpm
tkinter-2.7.5-58.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/python-2.7.5-58.0...



Description of changes:
[2.7.5-58.0.1]
- Add Oracle Linux distribution in platform.py [orabug 20812544]

[2.7.5-58]
- Set stream to None in case an _open() fails.
Resolves: rhbz#1432003

[2.7.5-57]
- Fix implicit declaration warnings of functions added by patches 147 
and 265
Resolves: rhbz#1441237

[2.7.5-56]
- Fix shutil.make_archive ignoring empty directories when creating zip files
Resolves: rhbz#1439734

[2.7.5-55]
- Update Python RPM macros with new ones from EPEL7 to simplify packaging
Resolves: rhbz#1297522

[2.7.5-54]
- Protect key list during fork()
Resolves: rhbz#1268226

[2.7.5-53]
- Fix _ssl.c reference leaks
Resolves: rhbz#1272562

[2.7.5-52]
- Workaround Python's threading library issue with non returning wait, 
for signals with timeout
Resolves: rhbz#1368076

[2.7.5-51]
- Enable certificate verification by default
Resolves: rhbz#1219110

[2.7.5-50]
- Fix incorrect parsing of certain regular expressions
Resolves: rhbz#1373363

[2.7.5-49]
- Fix ssl module's parsing of GEN_RID subject alternative name fields in 
X.509 certs
Resolves: rhbz#1364444

[2.7.5-48]
- Fix for CVE-2016-1000110 HTTPoxy attack
Resolves: rhbz#1359164

[2.7.5-47]
- Fix for CVE-2016-5636: possible integer overflow and heap corruption 
in zipimporter.get_data()
Resolves: rhbz#1356364

[2.7.5-46]
- Drop patch 221 that backported sslwrap function since it was 
introducing regressions
- Refactor patch 227
Resolves: rhbz#1331425

[2.7.5-45]
- Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack 
(rhbz#1303647)
   Raise an error when STARTTLS fails (upstream patch)
- Fix for CVE-2016-5699 python: http protocol steam injection attack 
(rhbz#1303699)
   Disabled HTTP header injections in httplib (upstream patch)
Resolves: rhbz#1346357

[2.7.5-44]
- Fix iteration over files with very long lines
Resolves: rhbz#1271760

[2.7.5-43]
- Move python.conf from /etc/tmpfiles.d/ to /usr/lib/tmpfiles.d/
Resolves: rhbz#1288426

[2.7.5-42]
- JSON decoder lone surrogates fix
Resolves: rhbz#1301017

[2.7.5-41]
- Updated PEP493 implementation
Resolves: rhbz#1315758

[2.7.5-40]
- Backport of Computed Goto dispatch
Resolves: rhbz#1289277


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds