You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa python 3.7

Sigurnosni nedostaci programskog paketa python 3.7

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2020-08-14 02:43:09.714652

Name : python3
Product : Fedora 31
Version : 3.7.8
Release : 2.fc31
Summary : Interpreter of the Python programming language
Description :
Python is an accessible, high-level, dynamically typed, interpreted programming
language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.

The python3 package provides the “python3” executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3-libs package,
which should be installed automatically along with python3.
The remaining parts of the Python standard library are broken out into the
python3-tkinter and python3-test packages, which may need to be installed

Documentation for Python is provided in the python3-docs package.

Packages containing additional libraries for Python are generally named with
the “python3-” prefix.

Update Information:

Security fix for CVE-2019-20907, CVE-2020-14422. Provide a versioned command.

* Tue Jul 28 2020 Charalampos Stratakis <> – 3.7.8-2
– Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
Resolves: rhbz#1856481
– Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422)
Resolves: rhbz#1854926
– Ship versioned in main and non-main Python versions

[ 1 ] Bug #1854926 – CVE-2020-14422 python: DoS via inefficiency in IPv{4,6}Interface classes
[ 2 ] Bug #1856481 – CVE-2019-20907 python: infinite loop in the tarfile module via crafted TAR archive

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-d808fdd597’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorFilip Omazic
Cert idNCERT-REF-2020-08-0001-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa lilypond

Otkriven je sigurnosni nedostatak u programskom paketu lilypond za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenja....