SUSE has issued an advisory on February 6: http://lists.suse.com/pipermail/sle-security-updates/2019-February/005089.html The issue also affects python3 (Bug 23664).
Whiteboard: (none) => MGA6TOO
CC: (none) => marja11Assignee: bugsquad => python
Fixed both Cauldron and mga6!
CC: (none) => geiger.david68210
Advisory: ======================== Updated python packages fix security vulnerability: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability (CVE-2019-5010). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010 http://lists.suse.com/pipermail/sle-security-updates/2019-February/005089.html ======================== Updated packages in core/updates_testing: ======================== python-2.7.15-1.2.mga6 libpython2.7-2.7.15-1.2.mga6 libpython2.7-stdlib-2.7.15-1.2.mga6 libpython2.7-testsuite-2.7.15-1.2.mga6 libpython-devel-2.7.15-1.2.mga6 python-docs-2.7.15-1.2.mga6 tkinter-2.7.15-1.2.mga6 tkinter-apps-2.7.15-1.2.mga6 from python-2.7.15-1.2.mga6.src.rpm
Whiteboard: MGA6TOO => (none)Assignee: python => qa-bugsVersion: Cauldron => 6Severity: normal => major
MGA6-32 MATE on IBM Thinkpad R50e No installation issues Ref to bug 23061 for test ideas $ cd /usr/lib/python2.7/bsddb/test/ $ python test_all.py -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Berkeley DB 5.3.28: (September 9, 2013) bsddb.db.version(): (5, 3, 28) bsddb.db.full_version(): ('Berkeley DB 11g Release 2, library version 11.2.5.3.28: (September 9, 2013)', 11, 2, 5, 3, 28) bsddb.db.__version__: 5.3.0 bsddb.db.cvsid: $Id$ py module: /usr/lib/python2.7/bsddb/__init__.pyc extension module: /usr/lib/python2.7/bsddb/__init__.pyc python version: 2.7.15 (default, Feb 12 2019, 06:59:01) [GCC 5.5.0] My pid: 11315 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Exception in thread reader 0: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner self.run() File "/usr/lib/python2.7/threading.py", line 754, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib/python2.7/bsddb/test/test_thread.py", line 292, in readerThread rec = dbutils.DeadlockWrap(c.next, max_retries=10) File "/usr/lib/python2.7/bsddb/dbutils.py", line 68, in DeadlockWrap return function(*_args, **_kwargs) DBLockDeadlockError: (-30993, 'BDB0068 DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock') ...... ---------------------------------------------------------------------- Ran 479 tests in 30.168s OK If it says OK, I'm not going to contradict it. Sonata opens OK Opened new empty sla file in scribus, saved it, exit scribus and open the file again from caja. All OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0084.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
openSUSE has issued an advisory for this today (February 14): https://lists.opensuse.org/opensuse-updates/2019-02/msg00071.html
CC: (none) => pikachu17997