[El-errata] ELSA-2016-2586 Low: Oracle Linux 7 python security, bug fix, and enhancement update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Nov 10 11:05:25 PST 2016
Oracle Linux Security Advisory ELSA-2016-2586
http://linux.oracle.com/errata/ELSA-2016-2586.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
python-2.7.5-48.0.1.el7.x86_64.rpm
python-debug-2.7.5-48.0.1.el7.x86_64.rpm
python-devel-2.7.5-48.0.1.el7.x86_64.rpm
python-libs-2.7.5-48.0.1.el7.i686.rpm
python-libs-2.7.5-48.0.1.el7.x86_64.rpm
python-test-2.7.5-48.0.1.el7.x86_64.rpm
python-tools-2.7.5-48.0.1.el7.x86_64.rpm
tkinter-2.7.5-48.0.1.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/python-2.7.5-48.0.1.el7.src.rpm
Description of changes:
[2.7.5-48.0.1]
- Add Oracle Linux distribution in platform.py [orabug 20812544]
[2.7.5-48]
- Fix for CVE-2016-1000110 HTTPoxy attack
Resolves: rhbz#1359164
[2.7.5-47]
- Fix for CVE-2016-5636: possible integer overflow and heap corruption
in zipimporter.get_data()
Resolves: rhbz#1356364
[2.7.5-46]
- Drop patch 221 that backported sslwrap function since it was
introducing regressions
- Refactor patch 227
Resolves: rhbz#1331425
[2.7.5-45]
- Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack
(rhbz#1303647)
Raise an error when STARTTLS fails (upstream patch)
- Fix for CVE-2016-5699 python: http protocol steam injection attack
(rhbz#1303699)
Disabled HTTP header injections in httplib (upstream patch)
Resolves: rhbz#1346357
[2.7.5-44]
- Fix iteration over files with very long lines
Resolves: rhbz#1271760
[2.7.5-43]
- Move python.conf from /etc/tmpfiles.d/ to /usr/lib/tmpfiles.d/
Resolves: rhbz#1288426
[2.7.5-42]
- JSON decoder lone surrogates fix
Resolves: rhbz#1301017
[2.7.5-41]
- Updated PEP493 implementation
Resolves: rhbz#1315758
[2.7.5-40]
- Backport of Computed Goto dispatch
Resolves: rhbz#1289277
More information about the El-errata
mailing list