CVE-2019-5010

Priority
Description
An exploitable denial-of-service vulnerability exists in the X509
certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted
X509 certificate can cause a NULL pointer dereference, resulting in a
denial of service. An attacker can initiate or accept TLS connections using
crafted certificates to trigger this vulnerability.
Assigned-to
mdeslaur
Notes
mdeslaurDoS is only possible in certain situations, see upstream bug
report. Marking as low.
Package
Upstream:released (2.7.16)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.7.12-1ubuntu0~16.04.8)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.7.15-4ubuntu4~18.04.1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.7.16-2)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.7.16-2)
Ubuntu 20.04 (Focal Fossa):not-affected (2.7.16-2)
Patches:
Upstream:https://github.com/python/cpython/commit/06b15424b0dcacb1c551b2a36e739fffa8d0c595
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (3.4.3-1ubuntu1~14.04.7+esm2)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/6c655ce34ae54adb8eef22b73108e22cc381cb8d
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.2-2ubuntu0~16.04.8)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/efec7631edf3b9480dc3988c97ffef94df8800da
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (3.6.8-1~18.04.2)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a
Package
Upstream:released (3.7.2-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.7.3~rc1-1)
Ubuntu 19.04 (Disco Dingo):not-affected (3.7.3-2)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.7.3-2)
Ubuntu 20.04 (Focal Fossa):not-affected (3.7.3-2)
Patches:
Upstream:https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031
More Information

Updated: 2019-12-05 20:08:09 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)