SB2019012316 - NULL pointer dereference in python2-tkinter (Alpine package)
Published: January 23, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2019-5010)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the X509 certificate parser of the affected software improperly handles X509 certificates with a certificate extension that uses a Certificate Revocation List (CRL) distribution point with empty distributionPoint and cRLIssuer fields. A remote attacker can send a request to initiate a Transport Layer Security (TLS) connection using an X509 certificate that submits malicious input, trigger a NULL pointer dereference condition that causes the application to crash, resulting in a DoS condition.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5ad0ec7da1064361cc74d56edf7524960f49ef9b
- https://git.alpinelinux.org/aports/commit/?id=e805db56e9b5e94cd4c98c90d20c40b0587b940d
- https://git.alpinelinux.org/aports/commit/?id=c01f27f5016fb801d36ffea67177a9f2f6b6f784
- https://git.alpinelinux.org/aports/commit/?id=881a54816216d011d1d27286df2693851c86caef
- https://git.alpinelinux.org/aports/commit/?id=40a4951871b0a2e718de6a07e0772730fc280d06
- https://git.alpinelinux.org/aports/commit/?id=df74bb35f4ace14f0d6d6edbeca3fc6f1e74d66a
- https://git.alpinelinux.org/aports/commit/?id=bab9a458665985f45b83a039c4f46b732a37b420
- https://git.alpinelinux.org/aports/commit/?id=41e574563a228c690047bb1b5c88c58978a2cfd5
- https://git.alpinelinux.org/aports/commit/?id=ee312f48b0731565f62598ba871c8f47ae55514a
- https://git.alpinelinux.org/aports/commit/?id=fa1c2c7dc62ae0bcfa5d21d98e7646ba5a21c963
- https://git.alpinelinux.org/aports/commit/?id=45bea4333be5abe733052c6122bc6eb77f85aa13
- https://git.alpinelinux.org/aports/commit/?id=6121420d19f3c96f25010e6ce958f49c39772f4f
- https://git.alpinelinux.org/aports/commit/?id=194863bbdd81667d94fb476a74d6f785fa1ea8d9
- https://git.alpinelinux.org/aports/commit/?id=92e9d5045d9ebc6eee24a9af5ace07b5153ebaf3
- https://git.alpinelinux.org/aports/commit/?id=66da3a776ba04d0f80d60c91b82c730dc0541386
- https://git.alpinelinux.org/aports/commit/?id=a22bed04e6d6950b727d73d46a56ac32beaa305b
- https://git.alpinelinux.org/aports/commit/?id=d96309a215754135a99d10a0a43b14ca0bd4d434
- https://git.alpinelinux.org/aports/commit/?id=79f386b90585ae7a00a19a23b9be4df36ee3bfdb
- https://git.alpinelinux.org/aports/commit/?id=0a1b69723c359df0c1629684fbf2109a61257b46