Fix CVE-2025-15366, CVE-2025-15367
Resolves: RHEL-143058, RHEL-143111
This commit is contained in:
Karolina Surma
Charalampos Stratakis
parent
44d0677443
commit
f02202cb27
59
00474-cve-2025-15366.patch
Normal file
59
00474-cve-2025-15366.patch
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Seth Michael Larson <seth@python.org>
|
||||||
|
Date: Tue, 20 Jan 2026 14:45:42 -0600
|
||||||
|
Subject: 00474: CVE-2025-15366
|
||||||
|
|
||||||
|
Downstream only: Reject control characters in IMAP commands
|
||||||
|
---
|
||||||
|
Lib/imaplib.py | 4 +++-
|
||||||
|
Lib/test/test_imaplib.py | 6 ++++++
|
||||||
|
.../Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst | 1 +
|
||||||
|
3 files changed, 10 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst
|
||||||
|
|
||||||
|
diff --git a/Lib/imaplib.py b/Lib/imaplib.py
|
||||||
|
index cbe129b3e7..b9c691aacd 100644
|
||||||
|
--- a/Lib/imaplib.py
|
||||||
|
+++ b/Lib/imaplib.py
|
||||||
|
@@ -131,7 +131,7 @@
|
||||||
|
# We compile these in _mode_xxx.
|
||||||
|
_Literal = br'.*{(?P<size>\d+)}$'
|
||||||
|
_Untagged_status = br'\* (?P<data>\d+) (?P<type>[A-Z-]+)( (?P<data2>.*))?'
|
||||||
|
-
|
||||||
|
+_control_chars = re.compile(b'[\x00-\x1F\x7F]')
|
||||||
|
|
||||||
|
|
||||||
|
class IMAP4:
|
||||||
|
@@ -1108,6 +1108,8 @@ def _command(self, name, *args):
|
||||||
|
if arg is None: continue
|
||||||
|
if isinstance(arg, str):
|
||||||
|
arg = bytes(arg, self._encoding)
|
||||||
|
+ if _control_chars.search(arg):
|
||||||
|
+ raise ValueError("Control characters not allowed in commands")
|
||||||
|
data = data + b' ' + arg
|
||||||
|
|
||||||
|
literal = self.literal
|
||||||
|
diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py
|
||||||
|
index a03d7b8bb2..e26400b588 100644
|
||||||
|
--- a/Lib/test/test_imaplib.py
|
||||||
|
+++ b/Lib/test/test_imaplib.py
|
||||||
|
@@ -663,6 +663,12 @@ def test_unselect(self):
|
||||||
|
self.assertEqual(data[0], b'Returned to authenticated state. (Success)')
|
||||||
|
self.assertEqual(client.state, 'AUTH')
|
||||||
|
|
||||||
|
+ def test_control_characters(self):
|
||||||
|
+ client, _ = self._setup(SimpleIMAPHandler)
|
||||||
|
+ for c0 in support.control_characters_c0():
|
||||||
|
+ with self.assertRaises(ValueError):
|
||||||
|
+ client.login(f'user{c0}', 'pass')
|
||||||
|
+
|
||||||
|
# property tests
|
||||||
|
|
||||||
|
def test_file_property_should_not_be_accessed(self):
|
||||||
|
diff --git a/Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst b/Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..4e13fe92bc
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/Misc/NEWS.d/next/Security/2026-01-16-11-41-06.gh-issue-143921.AeCOor.rst
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+Reject control characters in IMAP commands.
|
||||||
59
00475-cve-2025-15367.patch
Normal file
59
00475-cve-2025-15367.patch
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Seth Michael Larson <seth@python.org>
|
||||||
|
Date: Tue, 20 Jan 2026 14:46:32 -0600
|
||||||
|
Subject: 00475: CVE-2025-15367
|
||||||
|
|
||||||
|
Downstream only: Reject control characters in POP3 commands
|
||||||
|
---
|
||||||
|
Lib/poplib.py | 2 ++
|
||||||
|
Lib/test/test_poplib.py | 8 ++++++++
|
||||||
|
.../2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst | 1 +
|
||||||
|
3 files changed, 11 insertions(+)
|
||||||
|
create mode 100644 Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst
|
||||||
|
|
||||||
|
diff --git a/Lib/poplib.py b/Lib/poplib.py
|
||||||
|
index 4469bff44b..b97274c5c3 100644
|
||||||
|
--- a/Lib/poplib.py
|
||||||
|
+++ b/Lib/poplib.py
|
||||||
|
@@ -122,6 +122,8 @@ def _putline(self, line):
|
||||||
|
def _putcmd(self, line):
|
||||||
|
if self._debugging: print('*cmd*', repr(line))
|
||||||
|
line = bytes(line, self.encoding)
|
||||||
|
+ if re.search(b'[\x00-\x1F\x7F]', line):
|
||||||
|
+ raise ValueError('Control characters not allowed in commands')
|
||||||
|
self._putline(line)
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/Lib/test/test_poplib.py b/Lib/test/test_poplib.py
|
||||||
|
index ef2da97f86..18ca7cb556 100644
|
||||||
|
--- a/Lib/test/test_poplib.py
|
||||||
|
+++ b/Lib/test/test_poplib.py
|
||||||
|
@@ -17,6 +17,7 @@
|
||||||
|
from test.support import threading_helper
|
||||||
|
from test.support import asynchat
|
||||||
|
from test.support import asyncore
|
||||||
|
+from test.support import control_characters_c0
|
||||||
|
|
||||||
|
|
||||||
|
test_support.requires_working_socket(module=True)
|
||||||
|
@@ -395,6 +396,13 @@ def test_quit(self):
|
||||||
|
self.assertIsNone(self.client.sock)
|
||||||
|
self.assertIsNone(self.client.file)
|
||||||
|
|
||||||
|
+ def test_control_characters(self):
|
||||||
|
+ for c0 in control_characters_c0():
|
||||||
|
+ with self.assertRaises(ValueError):
|
||||||
|
+ self.client.user(f'user{c0}')
|
||||||
|
+ with self.assertRaises(ValueError):
|
||||||
|
+ self.client.pass_(f'{c0}pass')
|
||||||
|
+
|
||||||
|
@requires_ssl
|
||||||
|
def test_stls_capa(self):
|
||||||
|
capa = self.client.capa()
|
||||||
|
diff --git a/Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst b/Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..3cde4df3e0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/Misc/NEWS.d/next/Security/2026-01-16-11-43-47.gh-issue-143923.DuytMe.rst
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+Reject control characters in POP3 commands.
|
||||||
@ -410,6 +410,18 @@ Patch464: 00464-enable-pac-and-bti-protections-for-aarch64.patch
|
|||||||
# which is tested as working.
|
# which is tested as working.
|
||||||
Patch466: 00466-downstream-only-skip-tests-not-working-with-older-expat-version.patch
|
Patch466: 00466-downstream-only-skip-tests-not-working-with-older-expat-version.patch
|
||||||
|
|
||||||
|
# 00474 # 0d9da266d5ecb31d8a417a0a5daa251a2d99389f
|
||||||
|
# CVE-2025-15366
|
||||||
|
#
|
||||||
|
# Downstream only: Reject control characters in IMAP commands
|
||||||
|
Patch474: 00474-cve-2025-15366.patch
|
||||||
|
|
||||||
|
# 00475 # 91e12ebfb2a88b265f3764a0d852b6fa53b2386a
|
||||||
|
# CVE-2025-15367
|
||||||
|
#
|
||||||
|
# Downstream only: Reject control characters in POP3 commands
|
||||||
|
Patch475: 00475-cve-2025-15367.patch
|
||||||
|
|
||||||
# 00477 # f9f53e560d161531a0c3476c08ee26b89a628bde
|
# 00477 # f9f53e560d161531a0c3476c08ee26b89a628bde
|
||||||
# Raise an error when importing stdlib modules compiled for a different Python version
|
# Raise an error when importing stdlib modules compiled for a different Python version
|
||||||
#
|
#
|
||||||
@ -1966,8 +1978,9 @@ CheckPython freethreading
|
|||||||
* Wed Feb 04 2026 Karolina Surma <ksurma@redhat.com> - 3.14.3-1
|
* Wed Feb 04 2026 Karolina Surma <ksurma@redhat.com> - 3.14.3-1
|
||||||
- Update to Python 3.14.3
|
- Update to Python 3.14.3
|
||||||
- Security fixes for CVE-2025-11468, CVE-2026-0672,CVE-2026-0865,
|
- Security fixes for CVE-2025-11468, CVE-2026-0672,CVE-2026-0865,
|
||||||
CVE-2025-15282, CVE-2026-1299, CVE-2025-11468
|
CVE-2025-15282, CVE-2026-1299, CVE-2025-11468, CVE-2025-15366,
|
||||||
Resolves: RHEL-144855
|
CVE-2025-15367
|
||||||
|
Resolves: RHEL-144855, RHEL-143058, RHEL-143111
|
||||||
|
|
||||||
* Mon Jan 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 3.14.2-3
|
* Mon Jan 19 2026 Charalampos Stratakis <cstratak@redhat.com> - 3.14.2-3
|
||||||
- Support OpenSSL FIPS mode
|
- Support OpenSSL FIPS mode
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user