python is vulnerable to man-in-the-middle (MitM). The vulnerability exists as the ssl.match_hostname
function does not properly handle wildcards in hostnames.
seclists.org/oss-sec/2015/q2/483
seclists.org/oss-sec/2015/q2/483
seclists.org/oss-sec/2015/q2/523
seclists.org/oss-sec/2015/q2/523
www.securityfocus.com/bid/74707
www.securityfocus.com/bid/74707
access.redhat.com/articles/2039753
access.redhat.com/errata/RHSA-2016:1166
access.redhat.com/security/updates/classification/#moderate
bugs.python.org/issue17997
bugs.python.org/issue17997
bugzilla.redhat.com/show_bug.cgi?id=1173041
bugzilla.redhat.com/show_bug.cgi?id=1224999
bugzilla.redhat.com/show_bug.cgi?id=1224999
bugzilla.redhat.com/show_bug.cgi?id=1266529
bugzilla.redhat.com/show_bug.cgi?id=1297783
bugzilla.redhat.com/show_bug.cgi?id=1297784
bugzilla.redhat.com/show_bug.cgi?id=1318319
bugzilla.redhat.com/show_bug.cgi?id=1329141
bugzilla.redhat.com/show_bug.cgi?id=1329944
bugzilla.redhat.com/show_bug.cgi?id=1330041
bugzilla.redhat.com/show_bug.cgi?id=1334447
hg.python.org/cpython/rev/10d0edadbcdd
hg.python.org/cpython/rev/10d0edadbcdd