Date: Tue, 10 Mar 2015 21:59:13 +1100 From: Michael Samuel <mik@...net.net> To: oss-security@...ts.openwall.com Subject: Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 On 10 March 2015 at 20:41, John Haxby <john.haxby@...cle.com> wrote: > None of this, however, has anything to do with the matter at hand. If > no one from Red Hat is unwilling to cooperate in getting a single > backward-compatible resolution to incorporating PEP-466 into the > distro python versions then perhaps someone else is. > > If there's interest, I'll gladly work with anyone who wants to find a > way to do this. This is just me trying, as usual, to do the best by > everyone. I don't speak for Oracle, I'm not paid enough for that, I'm > just trying to make sure that we don't wind up with a backported fix > that makes the overall situation worse. I'm happy to help work on this. The two ways to attack this seem to be: 1) Use alternatives for the ssl module, and a new package has a higher priority version of the module. 2) Include both versions of the module under different names, and have a script that symlinks the correct one in place. This may work better in chroot environments, etc. Regards, Michael
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ