RHSA-2018:2123

Affecting python-libs package, versions <0:2.7.5-69.el7_5

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note: This update modifies the Python ssl module to disable 3DES cipher suites by default. Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters.

CVE
RHSA-2018:2123
Snyk ID
SNYK-CENTOS7-PYTHONLIBS-289768
Published
11 Jul, 2018