Synopsis: Moderate: python security and bug fix update Advisory ID: SLSA-2019:2030-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2019-9947 CVE-2018-14647 CVE-2019-9740 CVE-2019-9948 CVE-2019-5010 -- Security Fix(es): * python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) -- SL7 x86_64 python-2.7.5-86.el7.x86_64.rpm python-libs-2.7.5-86.el7.i686.rpm python-devel-2.7.5-86.el7.x86_64.rpm python-libs-2.7.5-86.el7.x86_64.rpm python-test-2.7.5-86.el7.x86_64.rpm python-tools-2.7.5-86.el7.x86_64.rpm python-debug-2.7.5-86.el7.x86_64.rpm tkinter-2.7.5-86.el7.x86_64.rpm python-debuginfo-2.7.5-86.el7.i686.rpm python-debuginfo-2.7.5-86.el7.x86_64.rpm - Scientific Linux Development Team