安全公告详情

NS-SA-2019-0187

2019-10-14 19:29:28

简介

moderate: python/binutils security update

严重级别

moderate

主题

An update for python/binutils is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

python: python-debug provides a version of the Python runtime with numerous debugging features enabled, aimed at advanced Python users, such as developers of Python extension modules. This version uses more memory and will be slower than the regular Python build, but is useful for tracking down reference-counting issues, and other bugs. The bytecodes are unchanged, so that .pyc files are compatible between the two version of Python, but the debugging features mean that C/C++ extension modules are ABI-incompatible with those built for the standard runtime. It shares installation directories with the standard Python runtime, so that .py and .pyc files can be shared. All compiled extension modules gain a "_d" suffix ("foo_d.so" rather than "foo.so") so that each Python implementation can load its own extensions.
binutils: Binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from archives), as (a family of GNU assemblers), gprof (for displaying call graph profile data), ld (the GNU linker), nm (for listing symbols from object files), objcopy (for copying and translating object files), objdump (for displaying information from object files), ranlib (for generating an index for the contents of an archive), readelf (for displaying detailed information about binary files), size (for listing the section sizes of an object or archive file), strings (for listing printable strings from files), strip (for discarding symbols), and addr2line (for converting addresses to file and line).


Security Fix(es):
python: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.(CVE-2018-14647)
python: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947)
python: A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.(CVE-2019-5010)
python: urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.(CVE-2019-9948)
python: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740)
python: bugfix
binutils: An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new.(CVE-2018-12641)
binutils: A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.(CVE-2018-12697)
binutils: version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.(CVE-2018-1000876)
binutils: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F18.

影响组件

  • python
  • binutils

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["python-debug-2.7.5-86.el7.cgslv5.0.1.g0527923.x86_64.rpm","python-debuginfo-2.7.5-86.el7.cgslv5.0.1.g0527923.x86_64.rpm","python-devel-2.7.5-86.el7.cgslv5.0.1.g0527923.x86_64.rpm","tkinter-2.7.5-86.el7.cgslv5.0.1.g0527923.x86_64.rpm","python-test-2.7.5-86.el7.cgslv5.0.1.g0527923.x86_64.rpm","python-tools-2.7.5-86.el7.cgslv5.0.1.g0527923.x86_64.rpm","python-2.7.5-86.el7.cgslv5.0.1.g0527923.x86_64.rpm","python-libs-2.7.5-86.el7.cgslv5.0.1.g0527923.x86_64.rpm"],"source":"python-2.7.5-86.el7.cgslv5.0.1.g0527923.src.rpm"},{"binary":["binutils-2.27-41.base.el7.x86_64.rpm","binutils-debuginfo-2.27-41.base.el7.x86_64.rpm","binutils-devel-2.27-41.base.el7.x86_64.rpm"],"source":"binutils-2.27-41.base.el7.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["tkinter-2.7.5-86.el7.cgslv5.0.1.g0527923.lite.x86_64.rpm","python-test-2.7.5-86.el7.cgslv5.0.1.g0527923.lite.x86_64.rpm","python-tools-2.7.5-86.el7.cgslv5.0.1.g0527923.lite.x86_64.rpm","python-libs-2.7.5-86.el7.cgslv5.0.1.g0527923.lite.x86_64.rpm","python-2.7.5-86.el7.cgslv5.0.1.g0527923.lite.x86_64.rpm","python-debug-2.7.5-86.el7.cgslv5.0.1.g0527923.lite.x86_64.rpm","python-debuginfo-2.7.5-86.el7.cgslv5.0.1.g0527923.lite.x86_64.rpm","python-devel-2.7.5-86.el7.cgslv5.0.1.g0527923.lite.x86_64.rpm"],"source":"python-2.7.5-86.el7.cgslv5.0.1.g0527923.lite.src.rpm"},{"binary":["binutils-2.27-41.base.el7.x86_64.rpm","binutils-debuginfo-2.27-41.base.el7.x86_64.rpm","binutils-devel-2.27-41.base.el7.x86_64.rpm"],"source":"binutils-2.27-41.base.el7.src.rpm"}]}]}

CVE

参考