RHSA-2015:0042-01 -- Redhat python-backports, python-backports-ssl_match_hostname, python-six, python-urllib3, cloud-init, python-boto, python-jsonpatch, python-jsonpointerID: oval:org.secpod.oval:def:502167 | Date: (C)2017-10-25 (M)2023-02-20 |
Class: PATCH | Family: unix |
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts. A denial of service flaw was found in the way Python"s SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. This issue was discovered by Florian Weimer of Red Hat Product Security. The cloud-init packages have been upgraded to upstream version 0.7.5, which provides a number of bug fixes and enhancements over the previous version. All cloud-init users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Platform: |
Red Hat Enterprise Linux 6 |
Product: |
python-backports |
python-backports-ssl_match_hostname |
python-six |
python-urllib3 |
cloud-init |
python-boto |
python-jsonpatch |
python-jsonpointer |