Your one-stop web resource providing safety and security information to manufacturers

Security fixes are one of the major issues in the latest version of the Python programming language released by the Python Software Foundation.

The developers said the OpenSSL version bundled with the Windows installer ended up updated to version 1.0.1h, which addresses the ChangeCipherSpec (CCS) injection vulnerability that could allow for a man-in-the-middle (MitM) attack against an encrypted connection.

RELATED STORIES
Solar Companies Under Attack
Hiking Software Security in a SWAMP
Apache Struts Security Fixes in VMware
After False Start, Apache Struts Fixed

Another issue fixed with Python 2.7.8 refers to a possible buffer overflow that could allow memory reading. The flaw reported in late June 24 ended up catalogued as a “release blocker,” a priority assigned to bugs that “stop the release dead in its tracks.”

Additionally, a vulnerability in the CGIHTTPServer module got a patch. An attacker could leverage the bug, rated as “critical,” to execute arbitrary code.

Cyber Security

“The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script’s source code or execute arbitrary scripts in the server’s document root,” said the bug report for the flaw.

Additional details are available in the release notes.

Pin It on Pinterest

Share This