Critical Vulnerability Information Vulnerability Overview Type/Severity: Moderate - Python security fixes, bug fixes, and enhancements Subject: The Python package has been updated to fix multiple security issues, multiple bugs, and add one enhancement, now available for Red Hat Enterprise Linux 6. Advisory Details Release Date: 2015-07-22 Update Date: 2015-07-22 Vulnerability Details CVE-2014-1912: The function did not check the size of the provided buffer, potentially leading to a buffer overflow. CVE-2013-1752: Multiple network protocols implemented in Python standard library modules (such as httplib or smtplib) did not limit the size of server responses, allowing malicious servers to cause clients to consume excessive memory. CVE-2014-4650: The CGIHTTPServer module improperly handled URL-encoded paths, enabling remote attackers to execute scripts or leak script source code. CVE-2014-7185: The function had an integer overflow issue when processing its offset and size parameters; attackers could control these parameters to leak application memory or cause crashes. Solution Upgrade to the updated Python packages, which include backported patches to fix these issues and add enhancements. Affected Products Multiple versions of Red Hat Enterprise Linux 6, including x86_64, i386, and z Systems 6 s390x. Bugzilla Fix Records Multiple fix records addressing the issues mentioned in the above CVEs, as well as numerous other Python-related bugs and enhancements. CVE References CVE-2014-7185 CVE-2013-1752 CVE-2014-1912 CVE-2014-4650 Reference Links https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/1495363