Matej Cepl
e509746279
- Security
- bpo-43434: Creating a sqlite3.Connection object now also
produces a sqlite3.connect auditing event. Previously this
event was only produced by sqlite3.connect() calls. Patch
by Erlend E. Aasland.
- bpo-43472: Ensures interpreter-level audit hooks receive
the cpython.PyInterpreterState_New event when called
through the _xxsubinterpreters module.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
vulnerability in urllib.request.AbstractBasicAuthHandler.
The ReDoS-vulnerable regex has quadratic worst-case
complexity and it allows cause a denial of service when
identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the
HTTP server.
- Core and Builtins
- bpo-43105: Importlib now resolves relative paths when
creating module spec objects from file locations.
- bpo-42924: Fix bytearray repetition incorrectly copying
data from the start of the buffer, even if the data is
offset within the buffer (e.g. after reassigning a slice at
the start of the bytearray to a shorter byte string).
- Library
- bpo-43993: Update bundled pip to 21.1.1.
- bpo-43937: Fixed the turtle module working with non-default
root window.
- bpo-43930: Update bundled pip to 21.1 and setuptools to
56.0.0
- bpo-43920: OpenSSL 3.0.0: load_verify_locations() now
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=66
58 lines
2.2 KiB
Diff
58 lines
2.2 KiB
Diff
From a37f52436f9aa4b9292878b72f3ff1480e2606c3 Mon Sep 17 00:00:00 2001
|
|
From: Christian Heimes <christian@python.org>
|
|
Date: Tue, 15 Jan 2019 23:47:42 +0100
|
|
Subject: [PATCH] bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
|
|
|
|
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
|
|
distribution points with empty DP or URI correctly. A malicious or buggy
|
|
certificate can result into segfault.
|
|
|
|
Signed-off-by: Christian Heimes <christian@python.org>
|
|
|
|
|
|
|
|
https://bugs.python.org/issue35746
|
|
---
|
|
Lib/test/test_ssl.py | 21 ++++++++++
|
|
Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst | 3 +
|
|
2 files changed, 24 insertions(+)
|
|
create mode 100644 Lib/test/talos-2019-0758.pem
|
|
create mode 100644 Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
|
|
|
|
--- a/Lib/test/test_ssl.py
|
|
+++ b/Lib/test/test_ssl.py
|
|
@@ -501,6 +501,27 @@ class BasicSocketTests(unittest.TestCase
|
|
}
|
|
)
|
|
|
|
+ def test_parse_cert_CVE_2019_5010(self):
|
|
+ p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP)
|
|
+ if support.verbose:
|
|
+ sys.stdout.write("\n" + pprint.pformat(p) + "\n")
|
|
+ self.assertEqual(
|
|
+ p,
|
|
+ {
|
|
+ 'issuer': (
|
|
+ (('countryName', 'UK'),), (('commonName', 'cody-ca'),)),
|
|
+ 'notAfter': 'Jun 14 18:00:58 2028 GMT',
|
|
+ 'notBefore': 'Jun 18 18:00:58 2018 GMT',
|
|
+ 'serialNumber': '02',
|
|
+ 'subject': ((('countryName', 'UK'),),
|
|
+ (('commonName',
|
|
+ 'codenomicon-vm-2.test.lal.cisco.com'),)),
|
|
+ 'subjectAltName': (
|
|
+ ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),),
|
|
+ 'version': 3
|
|
+ }
|
|
+ )
|
|
+
|
|
def test_parse_cert_CVE_2013_4238(self):
|
|
p = ssl._ssl._test_decode_cert(NULLBYTECERT)
|
|
if support.verbose:
|
|
--- /dev/null
|
|
+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
|
|
@@ -0,0 +1,3 @@
|
|
+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
|
|
+not handle CRL distribution points with empty DP or URI correctly. A
|
|
+malicious or buggy certificate can result into segfault.
|