RHSA-2005:108-01: Important: python security update
Posted on: 02/15/2005 02:05 PM

A python security update is available for Red Hat Enterprise Linux 4

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: python security update
Advisory ID: RHSA-2005:108-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-108.html
Issue date: 2005-02-15
Updated on: 2005-02-15
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0089
----------------------------------------------------------------------

1. Summary:

Updated Python packages that fix several security issues are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Python is an interpreted, interactive, object-oriented programming language.

An object traversal bug was found in the Python SimpleXMLRPCServer. This bug could allow a remote untrusted user to do unrestricted object traversal and allow them to access or change function internals using the im_* and func_* attributes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0089 to this issue.

Users of Python are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146649 - CAN-2005-0089 python SimpleXMLRPCServer security issue

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/python-2.3.4-14.1.src.rpm
d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm

i386:
2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm
be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm
20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm
05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm
689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm

ia64:
6ba1f92092692ce7dc000f2396444430 python-2.3.4-14.1.ia64.rpm
f45375f74a80c5a541c5c6f8c511c6ed python-devel-2.3.4-14.1.ia64.rpm
aea178005376626a739f9e9deb46d85e python-docs-2.3.4-14.1.ia64.rpm
68884aa4b76210190f984b0a644b7bcc python-tools-2.3.4-14.1.ia64.rpm
1182fdc4661ee0aaa6187a4adcf88309 tkinter-2.3.4-14.1.ia64.rpm

ppc:
ef9131d7daa839fb8b80051c0a248ec8 python-2.3.4-14.1.ppc.rpm
974938aea5959d3b9d7dfe17bee28bc8 python-devel-2.3.4-14.1.ppc.rpm
29b6d4fc9a8e46a5dd4ea76eb0262ec5 python-docs-2.3.4-14.1.ppc.rpm
ad59f7d118c70b89c522a28054df5abd python-tools-2.3.4-14.1.ppc.rpm
85e2c0aec90cd30f2b6a0bb4f711f06e tkinter-2.3.4-14.1.ppc.rpm

s390:
c2c5d0e3a66dcfd17ebaffdadbb84d8a python-2.3.4-14.1.s390.rpm
1192f7711e7296bd55e407afe275dea2 python-devel-2.3.4-14.1.s390.rpm
baaccfd176d523a9019befc6ca3e4546 python-docs-2.3.4-14.1.s390.rpm
757b1117779443567ae9f9ba5470397d python-tools-2.3.4-14.1.s390.rpm
8ab54fcc6429685ca89a004255da2302 tkinter-2.3.4-14.1.s390.rpm

s390x:
7364a75ad005e960d90c68c26db1b9d6 python-2.3.4-14.1.s390x.rpm
57ed41904fd90af8020cb2a12c6b9efa python-devel-2.3.4-14.1.s390x.rpm
5c001929d0620a477310cfcc611b57bf python-docs-2.3.4-14.1.s390x.rpm
4ec4346b001bd2b2568ac7b3d2fc18ba python-tools-2.3.4-14.1.s390x.rpm
cd2d59c73aa0dee5c8140b653b74792c tkinter-2.3.4-14.1.s390x.rpm

x86_64:
ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm
51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm
5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm
fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm
26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/python-2.3.4-14.1.src.rpm
d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm

i386:
2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm
be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm
20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm
05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm
689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm

x86_64:
ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm
51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm
5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm
fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm
26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/python-2.3.4-14.1.src.rpm
d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm

i386:
2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm
be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm
20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm
05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm
689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm

ia64:
6ba1f92092692ce7dc000f2396444430 python-2.3.4-14.1.ia64.rpm
f45375f74a80c5a541c5c6f8c511c6ed python-devel-2.3.4-14.1.ia64.rpm
aea178005376626a739f9e9deb46d85e python-docs-2.3.4-14.1.ia64.rpm
68884aa4b76210190f984b0a644b7bcc python-tools-2.3.4-14.1.ia64.rpm
1182fdc4661ee0aaa6187a4adcf88309 tkinter-2.3.4-14.1.ia64.rpm

x86_64:
ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm
51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm
5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm
fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm
26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/python-2.3.4-14.1.src.rpm
d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm

i386:
2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm
be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm
20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm
05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm
689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm

ia64:
6ba1f92092692ce7dc000f2396444430 python-2.3.4-14.1.ia64.rpm
f45375f74a80c5a541c5c6f8c511c6ed python-devel-2.3.4-14.1.ia64.rpm
aea178005376626a739f9e9deb46d85e python-docs-2.3.4-14.1.ia64.rpm
68884aa4b76210190f984b0a644b7bcc python-tools-2.3.4-14.1.ia64.rpm
1182fdc4661ee0aaa6187a4adcf88309 tkinter-2.3.4-14.1.ia64.rpm

x86_64:
ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm
51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm
5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm
fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm
26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://www.python.org/security/PSF-2005-001/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089

8. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2005108_01_important_python_security_update.html)