RHSA-2006:0197-01 Moderate: python security update
Posted on: 03/09/2006 10:12 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: python security update
Advisory ID: RHSA-2006:0197-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0197.html
Issue date: 2006-03-09
Updated on: 2006-03-09
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-2491
- ---------------------------------------------------------------------

1. Summary:

Updated Python packages are now available to correct a security issue.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Python is an interpreted, interactive, object-oriented programming language.

An integer overflow flaw was found in Python's PCRE library that could be
triggered by a maliciously crafted regular expression. On systems that
accept arbitrary regular expressions from untrusted users, this could be
exploited to execute arbitrary code with the privileges of the application
using the library. The Common Vulnerabilities and Exposures project
assigned the name CVE-2005-2491 to this issue.

Users of Python should upgrade to these updated packages, which contain a
backported patch that is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166335 - CVE-2005-2491 PCRE heap overflow


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1 python-1.5.2-43.72.1.src.rpm

i386:
0f61c0e64c1c55ba51995f7d4cd2041a python-1.5.2-43.72.1.i386.rpm
109bda6f553ab2f1f7744c0d7c08f7c7 python-devel-1.5.2-43.72.1.i386.rpm
5a0e085579668fc56f99d49ed9e24e27 python-docs-1.5.2-43.72.1.i386.rpm
89e44bb7cee5d62528314681187a727c python-tools-1.5.2-43.72.1.i386.rpm
92a1bd1a87f2c3a06bf076407cc9efe5 tkinter-1.5.2-43.72.1.i386.rpm

ia64:
35440c0c7525d3538c9b85db25c85ba9 python-1.5.2-43.72.1.ia64.rpm
b2f0acf9206db13d53c9d6537ca38887 python-devel-1.5.2-43.72.1.ia64.rpm
044e2d59c10510eb14a76ec6eb595794 python-docs-1.5.2-43.72.1.ia64.rpm
36e36f4446cd8ee12e86ff1ff409c87b python-tools-1.5.2-43.72.1.ia64.rpm
f22c83beb9c706d5ba84407a6a5d9e81 tkinter-1.5.2-43.72.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1 python-1.5.2-43.72.1.src.rpm

ia64:
35440c0c7525d3538c9b85db25c85ba9 python-1.5.2-43.72.1.ia64.rpm
b2f0acf9206db13d53c9d6537ca38887 python-devel-1.5.2-43.72.1.ia64.rpm
044e2d59c10510eb14a76ec6eb595794 python-docs-1.5.2-43.72.1.ia64.rpm
36e36f4446cd8ee12e86ff1ff409c87b python-tools-1.5.2-43.72.1.ia64.rpm
f22c83beb9c706d5ba84407a6a5d9e81 tkinter-1.5.2-43.72.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1 python-1.5.2-43.72.1.src.rpm

i386:
0f61c0e64c1c55ba51995f7d4cd2041a python-1.5.2-43.72.1.i386.rpm
109bda6f553ab2f1f7744c0d7c08f7c7 python-devel-1.5.2-43.72.1.i386.rpm
5a0e085579668fc56f99d49ed9e24e27 python-docs-1.5.2-43.72.1.i386.rpm
89e44bb7cee5d62528314681187a727c python-tools-1.5.2-43.72.1.i386.rpm
92a1bd1a87f2c3a06bf076407cc9efe5 tkinter-1.5.2-43.72.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1 python-1.5.2-43.72.1.src.rpm

i386:
0f61c0e64c1c55ba51995f7d4cd2041a python-1.5.2-43.72.1.i386.rpm
109bda6f553ab2f1f7744c0d7c08f7c7 python-devel-1.5.2-43.72.1.i386.rpm
5a0e085579668fc56f99d49ed9e24e27 python-docs-1.5.2-43.72.1.i386.rpm
89e44bb7cee5d62528314681187a727c python-tools-1.5.2-43.72.1.i386.rpm
92a1bd1a87f2c3a06bf076407cc9efe5 tkinter-1.5.2-43.72.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2 python-2.2.3-6.2.src.rpm

i386:
46d0d18e436bb2bf42c34fb0da65cdf6 python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2 python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80 python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597 tkinter-2.2.3-6.2.i386.rpm

ia64:
f2814a1da58066eb9560f7900fa6292a python-2.2.3-6.2.ia64.rpm
88f6f071af2de3e2689e49db6b78bc34 python-devel-2.2.3-6.2.ia64.rpm
d5abbc27fabe7ea02a4a9a26431ec48e python-tools-2.2.3-6.2.ia64.rpm
e8e347fda6ed101646699a878a2dc85e tkinter-2.2.3-6.2.ia64.rpm

ppc:
a0d56e413962137c52c2d4567354b992 python-2.2.3-6.2.ppc.rpm
ddcd62cb48ef70bd72ec9b760beb6a4c python-devel-2.2.3-6.2.ppc.rpm
4760085d9a3956ca198f15b7f60838c8 python-tools-2.2.3-6.2.ppc.rpm
975f6d98e087c877510c7f2ca3f579b2 tkinter-2.2.3-6.2.ppc.rpm

s390:
728864e38fdc365f3835c02059e36346 python-2.2.3-6.2.s390.rpm
3e7e29dbc7ecafa23e2c2a25aaecc2f9 python-devel-2.2.3-6.2.s390.rpm
21dfae7a7ed849b31304246e4a88b397 python-tools-2.2.3-6.2.s390.rpm
841f9571e4be7374dcc705b1fb4dba62 tkinter-2.2.3-6.2.s390.rpm

s390x:
057e717a9ad4b649cdc3c2fcd57168b7 python-2.2.3-6.2.s390x.rpm
12939bfd3893742f7f4fad01deb50c35 python-devel-2.2.3-6.2.s390x.rpm
8f30447cafdace1e9428b3939240303f python-tools-2.2.3-6.2.s390x.rpm
1247bdca0ea840ba341ed7d997b7fb07 tkinter-2.2.3-6.2.s390x.rpm

x86_64:
46fa69fbcd41b500462ae09f25a13b1a python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391 python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99 python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226 tkinter-2.2.3-6.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2 python-2.2.3-6.2.src.rpm

i386:
46d0d18e436bb2bf42c34fb0da65cdf6 python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2 python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80 python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597 tkinter-2.2.3-6.2.i386.rpm

x86_64:
46fa69fbcd41b500462ae09f25a13b1a python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391 python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99 python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226 tkinter-2.2.3-6.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2 python-2.2.3-6.2.src.rpm

i386:
46d0d18e436bb2bf42c34fb0da65cdf6 python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2 python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80 python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597 tkinter-2.2.3-6.2.i386.rpm

ia64:
f2814a1da58066eb9560f7900fa6292a python-2.2.3-6.2.ia64.rpm
88f6f071af2de3e2689e49db6b78bc34 python-devel-2.2.3-6.2.ia64.rpm
d5abbc27fabe7ea02a4a9a26431ec48e python-tools-2.2.3-6.2.ia64.rpm
e8e347fda6ed101646699a878a2dc85e tkinter-2.2.3-6.2.ia64.rpm

x86_64:
46fa69fbcd41b500462ae09f25a13b1a python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391 python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99 python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226 tkinter-2.2.3-6.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2 python-2.2.3-6.2.src.rpm

i386:
46d0d18e436bb2bf42c34fb0da65cdf6 python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2 python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80 python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597 tkinter-2.2.3-6.2.i386.rpm

ia64:
f2814a1da58066eb9560f7900fa6292a python-2.2.3-6.2.ia64.rpm
88f6f071af2de3e2689e49db6b78bc34 python-devel-2.2.3-6.2.ia64.rpm
d5abbc27fabe7ea02a4a9a26431ec48e python-tools-2.2.3-6.2.ia64.rpm
e8e347fda6ed101646699a878a2dc85e tkinter-2.2.3-6.2.ia64.rpm

x86_64:
46fa69fbcd41b500462ae09f25a13b1a python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391 python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99 python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226 tkinter-2.2.3-6.2.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6 python-2.3.4-14.2.src.rpm

i386:
df466645c2b9d03c10142dd42300c683 python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143 python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3 python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6 tkinter-2.3.4-14.2.i386.rpm

ia64:
26c9831130c8626f38ae84e496f6cca9 python-2.3.4-14.2.ia64.rpm
2c5a9b6d51bce7e980169b709a1237da python-devel-2.3.4-14.2.ia64.rpm
2777ec9136a5c1c0110cb2f392e3ffa1 python-docs-2.3.4-14.2.ia64.rpm
cb1232712381552d537f1c6083227b2a python-tools-2.3.4-14.2.ia64.rpm
4863fdbc3a593680bd0d73b51b9c7087 tkinter-2.3.4-14.2.ia64.rpm

ppc:
5b394c4331164f44ca78e4765dcafa15 python-2.3.4-14.2.ppc.rpm
0b6dd3a7b075565c96311a0d1911b2f0 python-devel-2.3.4-14.2.ppc.rpm
7459f354f19a04d319782a2c36154f9e python-docs-2.3.4-14.2.ppc.rpm
8c89c25c09351e3bf4f65413a0a69a1e python-tools-2.3.4-14.2.ppc.rpm
b3df223f69f097ef61316196d17ddb89 tkinter-2.3.4-14.2.ppc.rpm

s390:
133dcaf2d283fd4b30edffff334f438a python-2.3.4-14.2.s390.rpm
5e274bbe1038ef1e83685a73f7572db7 python-devel-2.3.4-14.2.s390.rpm
ca90dc87cd01cdde917db21af892e274 python-docs-2.3.4-14.2.s390.rpm
f253e43910631e1c52f34b3cde491b8c python-tools-2.3.4-14.2.s390.rpm
31045fca98c7c5e43b13f6a1cfe3a1dc tkinter-2.3.4-14.2.s390.rpm

s390x:
201785855ee123fb0acb668d01103569 python-2.3.4-14.2.s390x.rpm
800c98b7ad8d8de9ebe976acbf5f3a03 python-devel-2.3.4-14.2.s390x.rpm
585b25e9f5455b1d35844c45dead9a09 python-docs-2.3.4-14.2.s390x.rpm
eb16cb00ab306f57d44142694c366811 python-tools-2.3.4-14.2.s390x.rpm
16a1018ef58c4febe6df4992a81b5853 tkinter-2.3.4-14.2.s390x.rpm

x86_64:
6dc9edca56b561260f537627d46638e1 python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639 python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef tkinter-2.3.4-14.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6 python-2.3.4-14.2.src.rpm

i386:
df466645c2b9d03c10142dd42300c683 python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143 python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3 python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6 tkinter-2.3.4-14.2.i386.rpm

x86_64:
6dc9edca56b561260f537627d46638e1 python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639 python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef tkinter-2.3.4-14.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6 python-2.3.4-14.2.src.rpm

i386:
df466645c2b9d03c10142dd42300c683 python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143 python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3 python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6 tkinter-2.3.4-14.2.i386.rpm

ia64:
26c9831130c8626f38ae84e496f6cca9 python-2.3.4-14.2.ia64.rpm
2c5a9b6d51bce7e980169b709a1237da python-devel-2.3.4-14.2.ia64.rpm
2777ec9136a5c1c0110cb2f392e3ffa1 python-docs-2.3.4-14.2.ia64.rpm
cb1232712381552d537f1c6083227b2a python-tools-2.3.4-14.2.ia64.rpm
4863fdbc3a593680bd0d73b51b9c7087 tkinter-2.3.4-14.2.ia64.rpm

x86_64:
6dc9edca56b561260f537627d46638e1 python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639 python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef tkinter-2.3.4-14.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6 python-2.3.4-14.2.src.rpm

i386:
df466645c2b9d03c10142dd42300c683 python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143 python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3 python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6 tkinter-2.3.4-14.2.i386.rpm

ia64:
26c9831130c8626f38ae84e496f6cca9 python-2.3.4-14.2.ia64.rpm
2c5a9b6d51bce7e980169b709a1237da python-devel-2.3.4-14.2.ia64.rpm
2777ec9136a5c1c0110cb2f392e3ffa1 python-docs-2.3.4-14.2.ia64.rpm
cb1232712381552d537f1c6083227b2a python-tools-2.3.4-14.2.ia64.rpm
4863fdbc3a593680bd0d73b51b9c7087 tkinter-2.3.4-14.2.ia64.rpm

x86_64:
6dc9edca56b561260f537627d46638e1 python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639 python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef tkinter-2.3.4-14.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEEJZoXlSAg2UNWIIRArFPAJ9g8H3NyovfS7y68eX2g3eVDCSdYgCeJ/fv
xMr2sd+uSyxGaKy3Eq+twfk=
=4Y2h
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20060197_01_moderate_python_security_update.html)