← Back to team overview

group.of.nepali.translators team mailing list archive

  1. group.of.nepali.translators team
  2. Mailing list archive
  3. Message #37311

[Bug 1898078] Re: FIPS OpenSSL crashes Python2.7 hashlib when using MD5

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package python2.7 - 2.7.17-1~18.04ubuntu1.2

---------------
python2.7 (2.7.17-1~18.04ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: CRLF injection
    - debian/patches/CVE-2020-26116.patch: prevent header injection
      in http methods in Lib/httplib.py, Lib/test/test_httlib.py.
    - CVE-2020-26116
  * debian/patches/issue9146.patch: re-adding fix FIPS mode environments where MD5
    isn't available in Modules/_hashopenssl.c. (LP: #1898078)

 -- leo.barbosa@xxxxxxxxxxxxx (Leonidas S. Barbosa)  Wed, 30 Sep 2020
10:38:04 -0300

** Changed in: python2.7 (Ubuntu Bionic)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26116

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1898078

Title:
  FIPS OpenSSL crashes Python2.7 hashlib when using MD5

Status in python2.7 package in Ubuntu:
  New
Status in python2.7 source package in Xenial:
  New
Status in python2.7 source package in Bionic:
  Fix Released
Status in python2.7 source package in Focal:
  New
Status in python2.7 source package in Groovy:
  New

Bug description:
  LP #1835135 was fixed in python2.7. However, when python2.7 was
  updated to current verion, the fix was not included. It needs to be
  included again into current version of python2.7 to prevent FIPS
  issues when using fips openssl with python's hashlib. This is only a
  problem in latest python2.7 versions in xenial, bionic, focal, and
  groovy. python3 versions do not have this problem in these releases.

  The fix was a backport of
  https://github.com/python/cpython/pull/1777/commits/5e3e3568d27b99dabe44b8aa6283dc76d70f2dae

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1898078/+subscriptions
  Thread PreviousDate PreviousThread Next