Python 3.5.1 and 2.7.11 Released

Last weekend the Python Foundation made available Python 2.7.11. Yesterday they also made available Python 3.5.1 (and a release candidate for 3.4.4).

The noteworthy changes in these updates are as follows:

For version 3.5.1, the following issues are resolved:

  • 1x buffer overead
  • 1x overflow in _Unpickler_Read (not a typo)
  • 2x memory leaks in SSLSocket.getpeercer()
  • SSLv3 is disabled by default when ssl.SSLContext

For version 2.7.11, the following issues are resolved:

  • 6x buffer overreads
  • 1x issue reading from a buffer
  • 1x buffer overflow
  • 1x integer overflow
  • 1x use after free (defined) issue
  • OpenSSL upgraded from 1.0.2a to 1.0.2d (which resolves 7 CVEs (defined))
  • SSLv3 is disabled by default when ssl.SSLContext


The full changelogs are available at the following links:

Version 3.5.1
Version 2.7.11

As before, while the above versions resolve buffer overflows, use-after-free bugs etc. these bugs have not been assigned CVE numbers and are not explicitly reported as security vulnerabilities in these changelogs, it is still best practice to patch these bugs if you are using an affected version of Python. My note above concerning CVEs within OpenSSL originated from OpenSSL’s release rotes for version 1.0.2.

An application on my computer uses Python 2.7 and it continues to work with the 2.7.11 release. If you have an older release of Python installed e.g. 3.4.3 or older, please consider upgrading to the most recent 3.5.0 update to benefit from the above mentioned fixes.

Advice on porting (adapting) older Python code to newer releases is available here and here.

As a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.