Lucene search
CentOS ProjectCESA-2018:2123HistoryJul 13, 2018 - 4:28 p.m.
python, tkinter security update
2018-07-1316:28:09
CentOS Project
lists.centos.org
364
0.005 Low
EPSS
Percentile
77.0%
CentOS Errata and Security Advisory CESA-2018:2123
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
Note: This update modifies the Python ssl module to disable 3DES cipher suites by default.
Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2018-July/085126.html
Affected packages:
python
python-debug
python-devel
python-libs
python-test
python-tools
tkinter
Upstream details at:
https://access.redhat.com/errata/RHSA-2018:2123
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 7 | x86_64 | python | < 2.7.5-69.el7_5 | python-2.7.5-69.el7_5.x86_64.rpm |
| CentOS | 7 | x86_64 | python-debug | < 2.7.5-69.el7_5 | python-debug-2.7.5-69.el7_5.x86_64.rpm |
| CentOS | 7 | x86_64 | python-devel | < 2.7.5-69.el7_5 | python-devel-2.7.5-69.el7_5.x86_64.rpm |
| CentOS | 7 | i686 | python-libs | < 2.7.5-69.el7_5 | python-libs-2.7.5-69.el7_5.i686.rpm |
| CentOS | 7 | x86_64 | python-libs | < 2.7.5-69.el7_5 | python-libs-2.7.5-69.el7_5.x86_64.rpm |
| CentOS | 7 | x86_64 | python-test | < 2.7.5-69.el7_5 | python-test-2.7.5-69.el7_5.x86_64.rpm |
| CentOS | 7 | x86_64 | python-tools | < 2.7.5-69.el7_5 | python-tools-2.7.5-69.el7_5.x86_64.rpm |
| CentOS | 7 | x86_64 | tkinter | < 2.7.5-69.el7_5 | tkinter-2.7.5-69.el7_5.x86_64.rpm |
Related
ibm
ibm
hackerone
hackerone
Legal Robot: SWEET32 TLS attack
2017-01-18 18:03:52
Udemy: sweet32
2017-03-31 12:18:22
Yelp: Yelp.com is vulnerable to SWEET32 attack
2017-01-18 17:43:32
nessus
nessus
F5 Networks BIG-IP : OpenSSL vulnerability (K13167034)
2017-03-02 00:00:00
SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:0719-1)
2017-03-20 00:00:00
SSL Medium Strength Cipher Suites Supported (SWEET32)
2009-11-23 00:00:00
prion
prion
Design/Logic Flaw
2016-09-01 00:59:00
Design/Logic Flaw
2023-01-17 21:15:00
cve
cve
CVE-2016-2183
2016-09-01 00:59:00
CVE-2023-0296
2023-01-17 21:15:15
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:0719-1)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2016-1090)
2020-01-23 00:00:00
checkpoint_advisories
checkpoint_advisories
Weak SSL 3DES Cipher Suites (CVE-2016-2183)
2016-09-25 00:00:00
attackerkb
attackerkb
CVE-2016-2183
2016-09-01 00:00:00
cloudfoundry
cloudfoundry
alpinelinux
alpinelinux
CVE-2016-2183
2016-09-01 00:59:00
cvelist
cvelist
CVE-2016-2183
2016-09-01 00:00:00
CVE-2023-0296
2023-01-17 00:00:00
redhat
redhat
(RHSA-2019:1245) Moderate: Red Hat Quay 3.0.2 security and bug fix update
2019-05-20 14:11:05
(RHSA-2017:0462) Moderate: java-1.8.0-ibm security update
2017-03-08 11:18:03
oraclelinux
oraclelinux
python security update
2018-07-03 00:00:00
python security and bug fix update
2018-11-05 00:00:00
openssl security update
2016-10-13 00:00:00
f5
f5
SOL13167034 - OpenSSL vulnerability CVE-2016-2183
2016-10-04 00:00:00
K13167034 : OpenSSL vulnerability CVE-2016-2183
2016-10-04 00:00:00
ubuntucve
ubuntucve
CVE-2016-2183
2016-08-31 00:00:00
veracode
veracode
Weak Encryption
2019-01-15 09:15:57
Information Disclosure
2017-01-09 02:06:31
osv
osv
CVE-2016-2183
2016-09-01 00:59:00
Kyverno vulnerable due to usage of insecure cipher
2023-05-30 20:07:06
threatpost
threatpost
New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption
2016-08-24 08:00:39
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
2016-09-23 15:47:13
OpenSSL Fixes Critical Bug Introduced by Latest Update
2016-09-26 10:45:04
github
github
Kyverno vulnerable due to usage of insecure cipher
2023-05-30 20:07:06
openssl
openssl
Vulnerability in OpenSSL CVE-2016-2183
2016-08-24 00:00:00
zdt
zdt
fortinet
fortinet
Protect
2019-02-07 00:00:00
exploitpack
exploitpack
hp
hp
Certain HP Printers may be vulnerable to 3DES Sweet32 Vulnerability
2022-12-05 00:00:00
redhatcve
redhatcve
CVE-2023-0296
2023-01-16 14:05:12
symantec
symantec
SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish
2016-12-22 08:00:00
packetstorm
packetstorm
IBM Informix Dynamic Server DLL Injection / Code Execution
2017-05-31 00:00:00
ubuntu
ubuntu
NSS vulnerabilities
2017-04-27 00:00:00
NSS vulnerability
2017-07-31 00:00:00
seebug
seebug
IBM Informix Dynamic Server Open Admin Tool RCE (CVE-2017-1092)
2017-05-24 00:00:00
slackware
slackware
[slackware-security] python
2016-12-28 21:09:54
exploitdb
exploitdb
ics
ics
Mitsubishi Electric Air Conditioning Systems
2022-06-20 12:00:00