| Summary: | python3 new security issue CVE-2020-27619 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, mageia, ouaurelien, sysadmin-bugs, tarazed25 |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | python3-3.7.9-1.mga7.src.rpm | CVE: | CVE-2020-27619 |
| Status comment: | |||
|
Description
David Walser
2020-12-18 20:20:00 CET
David Walser
2020-12-18 20:36:03 CET
Whiteboard:
(none) =>
MGA7TOO Fixed already in the latest python 3.8 from cauldron ( the fixed commit is https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33 ) Version:
Cauldron =>
7 Fix pushed in updates_testing: src: python3-3.7.9-1.1.mga7 Assignee:
python =>
qa-bugs Advisory: ======================== Updated python3 packages fix security vulnerability: In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP (CVE-2020-27619). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008081.html ======================== Updated packages in core/updates_testing: ======================== python3-3.7.9-1.1.mga7 libpython3.7-3.7.9-1.1.mga7 libpython3.7-stdlib-3.7.9-1.1.mga7 libpython3.7-testsuite-3.7.9-1.1.mga7 libpython3-devel-3.7.9-1.1.mga7 python3-docs-3.7.9-1.1.mga7 tkinter3-3.7.9-1.1.mga7 tkinter3-apps-3.7.9-1.1.mga7 from python3-3.7.9-1.1.mga7.src.rpm mga7, x64 Updated all the packages via MageiaUpdate after trying smem. $ urpmq --requires smem python3 python3dist(matplotlib) $ smem -u --pie=user lcl That produced a piechart showing that lcl was using 6.29% of memory. Simple scripts work: $ python3 fibonacci.py Fibonacci series for first 13 terms 0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233 The tenth term is 34 [0, 1, 1, 2, 3, 5, 8, 13, 21, 34] $ python3 sieve.py q = 2 q = 3 q = 5 [...] q = 281 q = 283 q = 293 $ python3 button.py <Created a simple gui with two buttons which produced simple results> Interactive python3 works. $ python3 Python 3.7.9 (default, Dec 24 2020, 09:00:40) [GCC 8.4.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import itertools def fib( n ): a, b = 0, 1 for i in range( n ): a, b = b, a + b return a .......................... a = fiblist( 13 ) print( "Fibonacci series for first 13 terms" ) >>> print( str( a ).strip( '[]' ) ) 0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233 >>> print( "The tenth term is %d" % a[9] ) The tenth term is 34 >>> print( list( itertools.islice( fibo( ), 10 ) ) ) [0, 1, 1, 2, 3, 5, 8, 13, 21, 34] >>> exit( ) $ $ ll /usr/bin/python3 lrwxrwxrwx 1 root root 9 Dec 24 09:01 /usr/bin/python3 -> python3.7* $ urpmq --whatrequires python3 | sort -u | wc -l 65 This is probably all we need to do for this. CC:
(none) =>
tarazed25 Validating. Advisory in Comment 3. CC:
(none) =>
andrewsfarm, sysadmin-bugs Advisory pushed to SVN. Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0477.html Resolution:
(none) =>
FIXED |