RHSA-2006:0713-01 Important: python security update
Posted on: 10/10/2006 01:00 AM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: python security update
Advisory ID: RHSA-2006:0713-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0713.html
Issue date: 2006-10-09
Updated on: 2006-10-09
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-4980
- ---------------------------------------------------------------------

1. Summary:

Updated Python packages are now available to correct a security issue in
Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Python is an interpreted, interactive, object-oriented programming language.

A flaw was discovered in the way that the Python repr() function handled
UTF-32/UCS-4 strings. If an application written in Python used the repr()
function on untrusted data, this could lead to a denial of service or
possibly allow the execution of arbitrary code with the privileges of the
Python application. (CVE-2006-4980)

In addition, this errata fixes a regression in the SimpleXMLRPCServer
backport for Red Hat Enterprise Linux 3 that was introduced with RHSA-2005:109.

Users of Python should upgrade to these updated packages, which contain a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

160418 - Error in RHEL3-U4-errata python python-2.2-xmlfix.patch
208162 - CVE-2006-4980 repr unicode buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/python-2.2.3-6.5.src.rpm
7bd55e73c3a8afcf2190233bce2d3424 python-2.2.3-6.5.src.rpm

i386:
aa5c6ddaf74636f828d89565c440a84f python-2.2.3-6.5.i386.rpm
91d2242eb5fdf234dc8cd8935e67864e python-debuginfo-2.2.3-6.5.i386.rpm
7921f372dc7adb3b47b72ced396114cf python-devel-2.2.3-6.5.i386.rpm
d1ff62856ebeb0b64c8e893d6d20686b python-tools-2.2.3-6.5.i386.rpm
aa5a4072f9483e2d9127d2100787a1f1 tkinter-2.2.3-6.5.i386.rpm

ia64:
23e24399883628b9213e6bb2c1310384 python-2.2.3-6.5.ia64.rpm
0de3fb91fd40261e0434cdc7002391ec python-debuginfo-2.2.3-6.5.ia64.rpm
6ad20da697f6f72b543a25394f831421 python-devel-2.2.3-6.5.ia64.rpm
ef9a9aa4f82ea2862f3233c63623c0b8 python-tools-2.2.3-6.5.ia64.rpm
36c74ec8d24b295d6574ecada425591b tkinter-2.2.3-6.5.ia64.rpm

ppc:
513bc522e279569ca5ae609cc02a0901 python-2.2.3-6.5.ppc.rpm
3fbb1cb6de72bf7a098b19f6cafe8007 python-debuginfo-2.2.3-6.5.ppc.rpm
959ba7380d7f1830c0132ed570b55f8f python-devel-2.2.3-6.5.ppc.rpm
3fcbd3b923c1a4534f96cd717e1d0cf0 python-tools-2.2.3-6.5.ppc.rpm
240da66aab0fdef51662566bd9be8acb tkinter-2.2.3-6.5.ppc.rpm

s390:
95fbb55320dadfd9f9cad87038506695 python-2.2.3-6.5.s390.rpm
040ad1bf4c3bd0f4600958bb1ed0d231 python-debuginfo-2.2.3-6.5.s390.rpm
73137cda244d7ef351962d5e513e9ab6 python-devel-2.2.3-6.5.s390.rpm
71da560c7523b01b9c6e0d9c4a87c2c0 python-tools-2.2.3-6.5.s390.rpm
a93a8b2d9a7a2dc0dba6bc481e0dad1c tkinter-2.2.3-6.5.s390.rpm

s390x:
01363b0b6d57f7c66419b32038020782 python-2.2.3-6.5.s390x.rpm
1b511b48bff4f6cb51b406cab0905bcd python-debuginfo-2.2.3-6.5.s390x.rpm
9cdd24346a67eccf627d9e604d0775aa python-devel-2.2.3-6.5.s390x.rpm
a902f110ed483432451663e9fc546706 python-tools-2.2.3-6.5.s390x.rpm
cf46eeccc6308d6598e5fd336bb3644e tkinter-2.2.3-6.5.s390x.rpm

x86_64:
edb81dd6e870bcf318cd33ee97555c39 python-2.2.3-6.5.x86_64.rpm
1a903d13fa25c5e1cc556999f52d96c5 python-debuginfo-2.2.3-6.5.x86_64.rpm
c75ca79933b9ecbe82c711f8ed79e96b python-devel-2.2.3-6.5.x86_64.rpm
0f4df04e3e60b21fe40992df711c61a7 python-tools-2.2.3-6.5.x86_64.rpm
7351fc8da36d14d3a74171948c5e3823 tkinter-2.2.3-6.5.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/python-2.2.3-6.5.src.rpm
7bd55e73c3a8afcf2190233bce2d3424 python-2.2.3-6.5.src.rpm

i386:
aa5c6ddaf74636f828d89565c440a84f python-2.2.3-6.5.i386.rpm
91d2242eb5fdf234dc8cd8935e67864e python-debuginfo-2.2.3-6.5.i386.rpm
7921f372dc7adb3b47b72ced396114cf python-devel-2.2.3-6.5.i386.rpm
d1ff62856ebeb0b64c8e893d6d20686b python-tools-2.2.3-6.5.i386.rpm
aa5a4072f9483e2d9127d2100787a1f1 tkinter-2.2.3-6.5.i386.rpm

x86_64:
edb81dd6e870bcf318cd33ee97555c39 python-2.2.3-6.5.x86_64.rpm
1a903d13fa25c5e1cc556999f52d96c5 python-debuginfo-2.2.3-6.5.x86_64.rpm
c75ca79933b9ecbe82c711f8ed79e96b python-devel-2.2.3-6.5.x86_64.rpm
0f4df04e3e60b21fe40992df711c61a7 python-tools-2.2.3-6.5.x86_64.rpm
7351fc8da36d14d3a74171948c5e3823 tkinter-2.2.3-6.5.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/python-2.2.3-6.5.src.rpm
7bd55e73c3a8afcf2190233bce2d3424 python-2.2.3-6.5.src.rpm

i386:
aa5c6ddaf74636f828d89565c440a84f python-2.2.3-6.5.i386.rpm
91d2242eb5fdf234dc8cd8935e67864e python-debuginfo-2.2.3-6.5.i386.rpm
7921f372dc7adb3b47b72ced396114cf python-devel-2.2.3-6.5.i386.rpm
d1ff62856ebeb0b64c8e893d6d20686b python-tools-2.2.3-6.5.i386.rpm
aa5a4072f9483e2d9127d2100787a1f1 tkinter-2.2.3-6.5.i386.rpm

ia64:
23e24399883628b9213e6bb2c1310384 python-2.2.3-6.5.ia64.rpm
0de3fb91fd40261e0434cdc7002391ec python-debuginfo-2.2.3-6.5.ia64.rpm
6ad20da697f6f72b543a25394f831421 python-devel-2.2.3-6.5.ia64.rpm
ef9a9aa4f82ea2862f3233c63623c0b8 python-tools-2.2.3-6.5.ia64.rpm
36c74ec8d24b295d6574ecada425591b tkinter-2.2.3-6.5.ia64.rpm

x86_64:
edb81dd6e870bcf318cd33ee97555c39 python-2.2.3-6.5.x86_64.rpm
1a903d13fa25c5e1cc556999f52d96c5 python-debuginfo-2.2.3-6.5.x86_64.rpm
c75ca79933b9ecbe82c711f8ed79e96b python-devel-2.2.3-6.5.x86_64.rpm
0f4df04e3e60b21fe40992df711c61a7 python-tools-2.2.3-6.5.x86_64.rpm
7351fc8da36d14d3a74171948c5e3823 tkinter-2.2.3-6.5.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/python-2.2.3-6.5.src.rpm
7bd55e73c3a8afcf2190233bce2d3424 python-2.2.3-6.5.src.rpm

i386:
aa5c6ddaf74636f828d89565c440a84f python-2.2.3-6.5.i386.rpm
91d2242eb5fdf234dc8cd8935e67864e python-debuginfo-2.2.3-6.5.i386.rpm
7921f372dc7adb3b47b72ced396114cf python-devel-2.2.3-6.5.i386.rpm
d1ff62856ebeb0b64c8e893d6d20686b python-tools-2.2.3-6.5.i386.rpm
aa5a4072f9483e2d9127d2100787a1f1 tkinter-2.2.3-6.5.i386.rpm

ia64:
23e24399883628b9213e6bb2c1310384 python-2.2.3-6.5.ia64.rpm
0de3fb91fd40261e0434cdc7002391ec python-debuginfo-2.2.3-6.5.ia64.rpm
6ad20da697f6f72b543a25394f831421 python-devel-2.2.3-6.5.ia64.rpm
ef9a9aa4f82ea2862f3233c63623c0b8 python-tools-2.2.3-6.5.ia64.rpm
36c74ec8d24b295d6574ecada425591b tkinter-2.2.3-6.5.ia64.rpm

x86_64:
edb81dd6e870bcf318cd33ee97555c39 python-2.2.3-6.5.x86_64.rpm
1a903d13fa25c5e1cc556999f52d96c5 python-debuginfo-2.2.3-6.5.x86_64.rpm
c75ca79933b9ecbe82c711f8ed79e96b python-devel-2.2.3-6.5.x86_64.rpm
0f4df04e3e60b21fe40992df711c61a7 python-tools-2.2.3-6.5.x86_64.rpm
7351fc8da36d14d3a74171948c5e3823 tkinter-2.2.3-6.5.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/python-2.3.4-14.3.src.rpm
b77a2036a4496f91b19cf2bfc228ef9d python-2.3.4-14.3.src.rpm

i386:
588b1be239522d3e55b89bbb21d6ceec python-2.3.4-14.3.i386.rpm
f3db32a8d02225747ccd3a1e163644c6 python-debuginfo-2.3.4-14.3.i386.rpm
3431de9944ebcb847be132b64e87e513 python-devel-2.3.4-14.3.i386.rpm
c5b70323157c303f143db6d3ba369f58 python-docs-2.3.4-14.3.i386.rpm
06aab46ed671d94158d0d0b814b8427b python-tools-2.3.4-14.3.i386.rpm
3e78a7ef509eb7d19ed6aac9fa6c6546 tkinter-2.3.4-14.3.i386.rpm

ia64:
54f132a54ad12115cd8f3289cfb19c3c python-2.3.4-14.3.ia64.rpm
b58697dedc25b259f53b4a1c2600e9af python-debuginfo-2.3.4-14.3.ia64.rpm
b926a960dd693a2c68f417cb709f8f72 python-devel-2.3.4-14.3.ia64.rpm
0cd0c817921b4acf6b3093017302497c python-docs-2.3.4-14.3.ia64.rpm
3b618ab235a709c92a47d5b9c3c99a9c python-tools-2.3.4-14.3.ia64.rpm
45bf62592d6ea608d3cde2843444f021 tkinter-2.3.4-14.3.ia64.rpm

ppc:
7da257f798eba9dd049681325b99a688 python-2.3.4-14.3.ppc.rpm
979f91ead60ad5a16134af1a1bab0673 python-debuginfo-2.3.4-14.3.ppc.rpm
fcca089e509abe70e99907a028ea5e54 python-devel-2.3.4-14.3.ppc.rpm
f79cda57f4daf646765d144256669c18 python-docs-2.3.4-14.3.ppc.rpm
6c4d7d3cc8318431808076953c72faf0 python-tools-2.3.4-14.3.ppc.rpm
3795d5229135336249a8f190ecf391b1 tkinter-2.3.4-14.3.ppc.rpm

s390:
75743f9134b65b15531fd54441bc2074 python-2.3.4-14.3.s390.rpm
63e55bfca293aa0bd0fc3a9698055297 python-debuginfo-2.3.4-14.3.s390.rpm
5fd3244000892911334f7010529d0b7e python-devel-2.3.4-14.3.s390.rpm
fdda555ab73dbf88b399f9997cc1cd2f python-docs-2.3.4-14.3.s390.rpm
e0784b78a875e072e52bf6e5b1289555 python-tools-2.3.4-14.3.s390.rpm
edbd15c9cd96d53581b2634cde714a18 tkinter-2.3.4-14.3.s390.rpm

s390x:
fbf37d4cc36b601c137e291fd760fc21 python-2.3.4-14.3.s390x.rpm
dd0473e9dfab38025035c6fa29d6ab92 python-debuginfo-2.3.4-14.3.s390x.rpm
3cac0c4e00681da4bdbb3e3ea3d34f5e python-devel-2.3.4-14.3.s390x.rpm
94a85e10ef45b34ec2771007ed020a4a python-docs-2.3.4-14.3.s390x.rpm
87362e01198a3e4e90a0363106446510 python-tools-2.3.4-14.3.s390x.rpm
9b6f208be55ef77e869be749343d7eef tkinter-2.3.4-14.3.s390x.rpm

x86_64:
629204e2dfb213386bd616acf9c77f00 python-2.3.4-14.3.x86_64.rpm
0b4389017feedec4b372d215d7e30bd2 python-debuginfo-2.3.4-14.3.x86_64.rpm
f21880ce6f9bb3638fe221b9300200a7 python-devel-2.3.4-14.3.x86_64.rpm
ac59cfd06813a19a38f6771af45b1372 python-docs-2.3.4-14.3.x86_64.rpm
883f381cf0d71afb267782d0e7c0bf55 python-tools-2.3.4-14.3.x86_64.rpm
22ab34f9f5f8d46141e0e08b45cc3c62 tkinter-2.3.4-14.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/python-2.3.4-14.3.src.rpm
b77a2036a4496f91b19cf2bfc228ef9d python-2.3.4-14.3.src.rpm

i386:
588b1be239522d3e55b89bbb21d6ceec python-2.3.4-14.3.i386.rpm
f3db32a8d02225747ccd3a1e163644c6 python-debuginfo-2.3.4-14.3.i386.rpm
3431de9944ebcb847be132b64e87e513 python-devel-2.3.4-14.3.i386.rpm
c5b70323157c303f143db6d3ba369f58 python-docs-2.3.4-14.3.i386.rpm
06aab46ed671d94158d0d0b814b8427b python-tools-2.3.4-14.3.i386.rpm
3e78a7ef509eb7d19ed6aac9fa6c6546 tkinter-2.3.4-14.3.i386.rpm

x86_64:
629204e2dfb213386bd616acf9c77f00 python-2.3.4-14.3.x86_64.rpm
0b4389017feedec4b372d215d7e30bd2 python-debuginfo-2.3.4-14.3.x86_64.rpm
f21880ce6f9bb3638fe221b9300200a7 python-devel-2.3.4-14.3.x86_64.rpm
ac59cfd06813a19a38f6771af45b1372 python-docs-2.3.4-14.3.x86_64.rpm
883f381cf0d71afb267782d0e7c0bf55 python-tools-2.3.4-14.3.x86_64.rpm
22ab34f9f5f8d46141e0e08b45cc3c62 tkinter-2.3.4-14.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/python-2.3.4-14.3.src.rpm
b77a2036a4496f91b19cf2bfc228ef9d python-2.3.4-14.3.src.rpm

i386:
588b1be239522d3e55b89bbb21d6ceec python-2.3.4-14.3.i386.rpm
f3db32a8d02225747ccd3a1e163644c6 python-debuginfo-2.3.4-14.3.i386.rpm
3431de9944ebcb847be132b64e87e513 python-devel-2.3.4-14.3.i386.rpm
c5b70323157c303f143db6d3ba369f58 python-docs-2.3.4-14.3.i386.rpm
06aab46ed671d94158d0d0b814b8427b python-tools-2.3.4-14.3.i386.rpm
3e78a7ef509eb7d19ed6aac9fa6c6546 tkinter-2.3.4-14.3.i386.rpm

ia64:
54f132a54ad12115cd8f3289cfb19c3c python-2.3.4-14.3.ia64.rpm
b58697dedc25b259f53b4a1c2600e9af python-debuginfo-2.3.4-14.3.ia64.rpm
b926a960dd693a2c68f417cb709f8f72 python-devel-2.3.4-14.3.ia64.rpm
0cd0c817921b4acf6b3093017302497c python-docs-2.3.4-14.3.ia64.rpm
3b618ab235a709c92a47d5b9c3c99a9c python-tools-2.3.4-14.3.ia64.rpm
45bf62592d6ea608d3cde2843444f021 tkinter-2.3.4-14.3.ia64.rpm

x86_64:
629204e2dfb213386bd616acf9c77f00 python-2.3.4-14.3.x86_64.rpm
0b4389017feedec4b372d215d7e30bd2 python-debuginfo-2.3.4-14.3.x86_64.rpm
f21880ce6f9bb3638fe221b9300200a7 python-devel-2.3.4-14.3.x86_64.rpm
ac59cfd06813a19a38f6771af45b1372 python-docs-2.3.4-14.3.x86_64.rpm
883f381cf0d71afb267782d0e7c0bf55 python-tools-2.3.4-14.3.x86_64.rpm
22ab34f9f5f8d46141e0e08b45cc3c62 tkinter-2.3.4-14.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/python-2.3.4-14.3.src.rpm
b77a2036a4496f91b19cf2bfc228ef9d python-2.3.4-14.3.src.rpm

i386:
588b1be239522d3e55b89bbb21d6ceec python-2.3.4-14.3.i386.rpm
f3db32a8d02225747ccd3a1e163644c6 python-debuginfo-2.3.4-14.3.i386.rpm
3431de9944ebcb847be132b64e87e513 python-devel-2.3.4-14.3.i386.rpm
c5b70323157c303f143db6d3ba369f58 python-docs-2.3.4-14.3.i386.rpm
06aab46ed671d94158d0d0b814b8427b python-tools-2.3.4-14.3.i386.rpm
3e78a7ef509eb7d19ed6aac9fa6c6546 tkinter-2.3.4-14.3.i386.rpm

ia64:
54f132a54ad12115cd8f3289cfb19c3c python-2.3.4-14.3.ia64.rpm
b58697dedc25b259f53b4a1c2600e9af python-debuginfo-2.3.4-14.3.ia64.rpm
b926a960dd693a2c68f417cb709f8f72 python-devel-2.3.4-14.3.ia64.rpm
0cd0c817921b4acf6b3093017302497c python-docs-2.3.4-14.3.ia64.rpm
3b618ab235a709c92a47d5b9c3c99a9c python-tools-2.3.4-14.3.ia64.rpm
45bf62592d6ea608d3cde2843444f021 tkinter-2.3.4-14.3.ia64.rpm

x86_64:
629204e2dfb213386bd616acf9c77f00 python-2.3.4-14.3.x86_64.rpm
0b4389017feedec4b372d215d7e30bd2 python-debuginfo-2.3.4-14.3.x86_64.rpm
f21880ce6f9bb3638fe221b9300200a7 python-devel-2.3.4-14.3.x86_64.rpm
ac59cfd06813a19a38f6771af45b1372 python-docs-2.3.4-14.3.x86_64.rpm
883f381cf0d71afb267782d0e7c0bf55 python-tools-2.3.4-14.3.x86_64.rpm
22ab34f9f5f8d46141e0e08b45cc3c62 tkinter-2.3.4-14.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFFKsWiXlSAg2UNWIIRAsMxAJsGg8xVk/q0TFW1599G55i5mb+CNQCgiXXG
CTCTXJtQNossU9qiyBvkz9U=
=4hbK
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20060713_01_important_python_security_update.html)