Debian: New Python2.2 packages fix unauthorised XML-RPC internals access

    Date04 Feb 2005
    CategoryDebian
    8071
    Posted ByLinuxSecurity Advisories
    For the stable distribution (woody) this problem has been fixed in version 2.2.1-4.7. No other version of Python in woody is affected.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 666-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    February 4th, 2005                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : python2.2
    Vulnerability  : design flaw
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-0089
    
    The Python development team has discovered a flaw in their language
    packge.  The SimpleXMLRPCServer library module could permit remote
    attackers unintended access to internals of the registered object or
    its module or possibly other modules.  The flaw only affects Python
    XML-RPC servers that use the register_instance() method to register an
    object without a _dispatch() method.  Servers using only
    register_function() are not affected.
    
    For the stable distribution (woody) this problem has been fixed in
    version 2.2.1-4.7.  No other version of Python in woody is affected.
    
    For the testing (sarge) and unstable (sid) distributions the following
    matrix explains which version will contain the correction in which
    version:
    
                   testing                   unstable
    Python 2.2     2.2.3-14                  2.2.3-14
    Python 2.3     2.3.4-20               2.3.4+2.3.5c1-2
    Python 2.4      2.4-5                     2.4-5
    
    We recommend that you upgrade your Python packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.dsc
          Size/MD5 checksum:     1150 85a315a9618c391ce64b37d90a4b6160
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.diff.gz
          Size/MD5 checksum:    93937 2a941445a90fb85e18dd721beee86566
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
          Size/MD5 checksum:  6536167 88aa07574673ccfaf35904253c78fc7d
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.7_all.deb
          Size/MD5 checksum:   113210 f4e5e838b593a8def4278cfbc07e2394
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.7_all.deb
          Size/MD5 checksum:  1315614 38d7c923c64c5312c9a5508b7a5ad303
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.7_all.deb
          Size/MD5 checksum:    50288 f6bbdb75092381c536612a83edf8e924
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.7_all.deb
          Size/MD5 checksum:   478208 db866fa391f1f850a5e56aaaf1eafe4d
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_alpha.deb
          Size/MD5 checksum:  2139086 5cda0158ec7f3c945848c79fe01222d4
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_alpha.deb
          Size/MD5 checksum:   863972 674a650e0ad435888bee81c1ea35a6ee
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_alpha.deb
          Size/MD5 checksum:    18270 570725d263b40224bb2e02051a5b0ba4
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_alpha.deb
          Size/MD5 checksum:    21906 48cdabc2f821952bf36db4469f6f4258
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_alpha.deb
          Size/MD5 checksum:    86394 7a85cc7fba5b4c31ff11191bf6a46687
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_alpha.deb
          Size/MD5 checksum:    52514 28a63b110be9ad6cbe9ecc0cfb9a0e11
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_arm.deb
          Size/MD5 checksum:  1952432 aebc037d78eaf677674de178809a588f
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_arm.deb
          Size/MD5 checksum:   774696 07feb185349ac64863755c815bd1c158
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_arm.deb
          Size/MD5 checksum:    17076 5d4582d4f6153290b923c5bcd877df8a
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_arm.deb
          Size/MD5 checksum:    20322 9c8b3fb274d7ab940a2cdf66e1757893
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_arm.deb
          Size/MD5 checksum:    84678 9f34987930e3ab3b57564ce6e1573dfb
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_arm.deb
          Size/MD5 checksum:    49930 6335375b36b8dd0a84b85fa406bf31af
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_i386.deb
          Size/MD5 checksum:  1887968 c433c5dab40c9a40401f753d3429f10a
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_i386.deb
          Size/MD5 checksum:   684216 27f2959507f56b5fde64f9570a5b0669
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_i386.deb
          Size/MD5 checksum:    16880 c862eae493fb99c89255dbcb1658dc30
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_i386.deb
          Size/MD5 checksum:    20270 0bf9c9453cb32dd4a7bccb73ef0e3081
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_i386.deb
          Size/MD5 checksum:    83506 30f744958cc90e6ec2c3dc7b5bf493f0
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_i386.deb
          Size/MD5 checksum:    48906 30778077a089ecc3b7db06c86b44f0c7
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_ia64.deb
          Size/MD5 checksum:  2490164 9220114e75d322486b0ed913290b086e
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_ia64.deb
          Size/MD5 checksum:   936768 a04b6b7c02f920a80a448e8992a0b69d
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_ia64.deb
          Size/MD5 checksum:    19688 9935cfb13fe1767e690069eeb02a13b1
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_ia64.deb
          Size/MD5 checksum:    25620 c1ebfe7ba4719488559a8bdd4c76631c
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_ia64.deb
          Size/MD5 checksum:    90544 869cdd0347d6592526c97b19f0479316
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_ia64.deb
          Size/MD5 checksum:    56560 4a395d9ab5ca9966f5151867c9217887
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_hppa.deb
          Size/MD5 checksum:  2357088 9a444a7afcb97c787ec4319d0241589d
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_hppa.deb
          Size/MD5 checksum:   925014 2d3590f17319201a251d4728ccbe0ea7
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_hppa.deb
          Size/MD5 checksum:    18420 e48bcd48bd268b7a1e3344cbeb47627d
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_hppa.deb
          Size/MD5 checksum:    24218 c05b459cff729578f3db24c888a398cc
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_hppa.deb
          Size/MD5 checksum:    88238 55f881414b7284040c0492bce30d1eae
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_hppa.deb
          Size/MD5 checksum:    55136 9e2b25c2d89a2090431c99869b99aa9a
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_m68k.deb
          Size/MD5 checksum:  1894844 ac1ae3c1c47a7440981ba070c240c238
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_m68k.deb
          Size/MD5 checksum:   661046 36de9244bd994c06b828c3d61b9ebfe6
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_m68k.deb
          Size/MD5 checksum:    17008 c05c234760d49e779d584afdf0f7b5e8
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_m68k.deb
          Size/MD5 checksum:    19958 29d909b72afbf884381ff04754c6dee9
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_m68k.deb
          Size/MD5 checksum:    84390 7c33456556934c93775a87164f971b48
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_m68k.deb
          Size/MD5 checksum:    49730 65ce6ce72bd20d91ceaef6140069dab2
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mips.deb
          Size/MD5 checksum:  1953104 220170cd500d702d5cee30842155ba89
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mips.deb
          Size/MD5 checksum:   790394 94443815141ac2bffaa4b86dc26ba6db
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mips.deb
          Size/MD5 checksum:    17080 e2e946b5c38e1aca66a0efe4fa7719d2
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mips.deb
          Size/MD5 checksum:    20352 c10c5b001af1bfc395423f2269c22e62
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mips.deb
          Size/MD5 checksum:    83514 400a716e1feeef9a170933b68d0ea2b3
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mips.deb
          Size/MD5 checksum:    49106 259562cbc3a62d001c88a5ca627b3da5
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mipsel.deb
          Size/MD5 checksum:  1948366 b98830256b99b2c3038a13d312098975
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mipsel.deb
          Size/MD5 checksum:   790470 b0a9736cf354eebadbd510b770d5be3b
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mipsel.deb
          Size/MD5 checksum:    17116 71c2ccf27bf04f89c95c20f5bcd0031e
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mipsel.deb
          Size/MD5 checksum:    20380 392b8561e6743589f3ecc5faa74f5a5e
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mipsel.deb
          Size/MD5 checksum:    83502 8b3e908f1bb0c7fd1569f3ff3642a773
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mipsel.deb
          Size/MD5 checksum:    49068 aed6e8a847e2510735845d6f8c842a22
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_powerpc.deb
          Size/MD5 checksum:  1999004 b50f4bce7c6129b614e849cddd9f4a05
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_powerpc.deb
          Size/MD5 checksum:   775550 cebf3449bb1401c81d9c02956bfa6072
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_powerpc.deb
          Size/MD5 checksum:    17216 fba6f12e2a103b8dffb69de4c53a9b52
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_powerpc.deb
          Size/MD5 checksum:    20926 cc71efdeff475b546e0bd2b658cad361
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_powerpc.deb
          Size/MD5 checksum:    85108 28cf54ac30182aea9eb78e7e75587a30
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_powerpc.deb
          Size/MD5 checksum:    50466 b55e9e08952ded765ba7fb4865972d93
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_s390.deb
          Size/MD5 checksum:  1940928 012d96ec06e9f36de8ff7cba2af5510f
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_s390.deb
          Size/MD5 checksum:   692834 e35687e5401892a431a25ccf7c14816c
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_s390.deb
          Size/MD5 checksum:    17458 c294f4a99b4ab832a16db63ccb8e1de2
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_s390.deb
          Size/MD5 checksum:    20702 a25e0672101fccac0f15e3c904b79c88
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_s390.deb
          Size/MD5 checksum:    85490 a6299ac965787af1257d69fb8dbdb063
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_s390.deb
          Size/MD5 checksum:    50002 896271b9ee3b2bf6e49fc34ffb03e1c9
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_sparc.deb
          Size/MD5 checksum:  2037298 697d42e83005453061d90a04521a2c8a
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_sparc.deb
          Size/MD5 checksum:   738328 36f92e836b6d457198cb94d11f6e0567
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_sparc.deb
          Size/MD5 checksum:    20212 27217d51337be6b9f70f1ad0e5d4f6b0
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_sparc.deb
          Size/MD5 checksum:    19856 87a2823ed346ef6c5ef271b82cca256f
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_sparc.deb
          Size/MD5 checksum:    84330 dcb5057290e76192cd35823ecdf16451
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_sparc.deb
          Size/MD5 checksum:    49724 0e2ece8db3597681b02dee48528b6a28
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"14","type":"x","order":"1","pct":53.85,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"8","type":"x","order":"3","pct":30.77,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.