Launchpad.net

CVE 2019-5010

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Related bugs and status

CVE-2019-5010 (Candidate) is related to these bugs:

Bug #1808476: Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants

		In	Importance	Status
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu)	Undecided	Fix Released
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu Disco)	Undecided	Fix Released
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu Cosmic)	Undecided	Fix Released
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu Bionic)	Undecided	Fix Released

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

Bug #1822993: SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8

		In	Importance	Status
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3-stdlib-extensions (Ubuntu)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3.7 (Ubuntu)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python-stdlib-extensions (Ubuntu)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python2.7 (Ubuntu)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python2.7 (Ubuntu Cosmic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python-stdlib-extensions (Ubuntu Cosmic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3.7 (Ubuntu Cosmic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3.6 (Ubuntu Cosmic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3-stdlib-extensions (Ubuntu Cosmic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3-stdlib-extensions (Ubuntu Bionic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python-stdlib-extensions (Ubuntu Bionic)	Undecided	Fix Released

Bug #1835135: FIPS OpenSSL crashes Python2 hashlib

		In	Importance	Status
1835135	FIPS OpenSSL crashes Python2 hashlib	python2.7 (Ubuntu)	High	Triaged
1835135	FIPS OpenSSL crashes Python2 hashlib	python2.7 (Ubuntu Bionic)	Medium	Fix Released
1835135	FIPS OpenSSL crashes Python2 hashlib	python2.7 (Ubuntu Xenial)	Medium	Fix Released
1835135	FIPS OpenSSL crashes Python2 hashlib	python2.7 (Ubuntu Cosmic)	Undecided	Won't Fix
1835135	FIPS OpenSSL crashes Python2 hashlib	python2.7 (Ubuntu Eoan)	High	Won't Fix
1835135	FIPS OpenSSL crashes Python2 hashlib	python2.7 (Ubuntu Disco)	Medium	Fix Released
1835135	FIPS OpenSSL crashes Python2 hashlib	python3.5 (Ubuntu)	Undecided	Invalid
1835135	FIPS OpenSSL crashes Python2 hashlib	python3.5 (Ubuntu Bionic)	Undecided	Invalid
1835135	FIPS OpenSSL crashes Python2 hashlib	python3.5 (Ubuntu Cosmic)	Undecided	Invalid
1835135	FIPS OpenSSL crashes Python2 hashlib	python3.5 (Ubuntu Disco)	Undecided	Invalid
1835135	FIPS OpenSSL crashes Python2 hashlib	python3.5 (Ubuntu Eoan)	Undecided	Invalid
1835135	FIPS OpenSSL crashes Python2 hashlib	python3.5 (Ubuntu Xenial)	Medium	Fix Released

Bug #1835738: SRU: Update Python interpreter to 3.6.9 and 3.7.5

		In	Importance	Status
1835738	SRU: Update Python interpreter to 3.6.9 and 3.7.5	python3.7 (Ubuntu)	Undecided	Fix Released
1835738	SRU: Update Python interpreter to 3.6.9 and 3.7.5	python3-stdlib-extensions (Ubuntu)	Undecided	Fix Released
1835738	SRU: Update Python interpreter to 3.6.9 and 3.7.5	python3-stdlib-extensions (Ubuntu Disco)	Undecided	Fix Released
1835738	SRU: Update Python interpreter to 3.6.9 and 3.7.5	python3.7 (Ubuntu Disco)	Undecided	Won't Fix
1835738	SRU: Update Python interpreter to 3.6.9 and 3.7.5	python3-stdlib-extensions (Ubuntu Eoan)	Undecided	Fix Released
1835738	SRU: Update Python interpreter to 3.6.9 and 3.7.5	python3.7 (Ubuntu Eoan)	Undecided	Fix Released
1835738	SRU: Update Python interpreter to 3.6.9 and 3.7.5	python3-stdlib-extensions (Ubuntu Bionic)	Undecided	Fix Released
1835738	SRU: Update Python interpreter to 3.6.9 and 3.7.5	python3.6 (Ubuntu Bionic)	Undecided	Fix Released
1835738	SRU: Update Python interpreter to 3.6.9 and 3.7.5	python3.7 (Ubuntu Bionic)	Undecided	Fix Released

Bug #1855133: SRU: update python2.7 to the 2.7.17 release

		In	Importance	Status
1855133	SRU: update python2.7 to the 2.7.17 release	python2.7 (Ubuntu)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python2.7 (Ubuntu Bionic)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python-stdlib-extensions (Ubuntu)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python-stdlib-extensions (Ubuntu Bionic)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python-stdlib-extensions (Ubuntu Eoan)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python2.7 (Ubuntu Eoan)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2019-5010

Related bugs and status

Related bugs

References