Linux Security
Linux Security
Linux Security

Debian: New Python2.2 packages fix unauthorised XML-RPC internals access

Date 04 Feb 2005
Posted By LinuxSecurity Advisories
For the stable distribution (woody) this problem has been fixed in version 2.2.1-4.7. No other version of Python in woody is affected.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 666-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
February 4th, 2005            
- --------------------------------------------------------------------------

Package        : python2.2
Vulnerability  : design flaw
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-0089

The Python development team has discovered a flaw in their language
packge.  The SimpleXMLRPCServer library module could permit remote
attackers unintended access to internals of the registered object or
its module or possibly other modules.  The flaw only affects Python
XML-RPC servers that use the register_instance() method to register an
object without a _dispatch() method.  Servers using only
register_function() are not affected.

For the stable distribution (woody) this problem has been fixed in
version 2.2.1-4.7.  No other version of Python in woody is affected.

For the testing (sarge) and unstable (sid) distributions the following
matrix explains which version will contain the correction in which

               testing                   unstable
Python 2.2     2.2.3-14                  2.2.3-14
Python 2.3     2.3.4-20               2.3.4+2.3.5c1-2
Python 2.4      2.4-5                     2.4-5

We recommend that you upgrade your Python packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:     1150 85a315a9618c391ce64b37d90a4b6160
      Size/MD5 checksum:    93937 2a941445a90fb85e18dd721beee86566
      Size/MD5 checksum:  6536167 88aa07574673ccfaf35904253c78fc7d

  Architecture independent components:
      Size/MD5 checksum:   113210 f4e5e838b593a8def4278cfbc07e2394
      Size/MD5 checksum:  1315614 38d7c923c64c5312c9a5508b7a5ad303
      Size/MD5 checksum:    50288 f6bbdb75092381c536612a83edf8e924
      Size/MD5 checksum:   478208 db866fa391f1f850a5e56aaaf1eafe4d

  Alpha architecture:
      Size/MD5 checksum:  2139086 5cda0158ec7f3c945848c79fe01222d4
      Size/MD5 checksum:   863972 674a650e0ad435888bee81c1ea35a6ee
      Size/MD5 checksum:    18270 570725d263b40224bb2e02051a5b0ba4
      Size/MD5 checksum:    21906 48cdabc2f821952bf36db4469f6f4258
      Size/MD5 checksum:    86394 7a85cc7fba5b4c31ff11191bf6a46687
      Size/MD5 checksum:    52514 28a63b110be9ad6cbe9ecc0cfb9a0e11

  ARM architecture:
      Size/MD5 checksum:  1952432 aebc037d78eaf677674de178809a588f
      Size/MD5 checksum:   774696 07feb185349ac64863755c815bd1c158
      Size/MD5 checksum:    17076 5d4582d4f6153290b923c5bcd877df8a
      Size/MD5 checksum:    20322 9c8b3fb274d7ab940a2cdf66e1757893
      Size/MD5 checksum:    84678 9f34987930e3ab3b57564ce6e1573dfb
      Size/MD5 checksum:    49930 6335375b36b8dd0a84b85fa406bf31af

  Intel IA-32 architecture:
      Size/MD5 checksum:  1887968 c433c5dab40c9a40401f753d3429f10a
      Size/MD5 checksum:   684216 27f2959507f56b5fde64f9570a5b0669
      Size/MD5 checksum:    16880 c862eae493fb99c89255dbcb1658dc30
      Size/MD5 checksum:    20270 0bf9c9453cb32dd4a7bccb73ef0e3081
      Size/MD5 checksum:    83506 30f744958cc90e6ec2c3dc7b5bf493f0
      Size/MD5 checksum:    48906 30778077a089ecc3b7db06c86b44f0c7

  Intel IA-64 architecture:
      Size/MD5 checksum:  2490164 9220114e75d322486b0ed913290b086e
      Size/MD5 checksum:   936768 a04b6b7c02f920a80a448e8992a0b69d
      Size/MD5 checksum:    19688 9935cfb13fe1767e690069eeb02a13b1
      Size/MD5 checksum:    25620 c1ebfe7ba4719488559a8bdd4c76631c
      Size/MD5 checksum:    90544 869cdd0347d6592526c97b19f0479316
      Size/MD5 checksum:    56560 4a395d9ab5ca9966f5151867c9217887

  HP Precision architecture:
      Size/MD5 checksum:  2357088 9a444a7afcb97c787ec4319d0241589d
      Size/MD5 checksum:   925014 2d3590f17319201a251d4728ccbe0ea7
      Size/MD5 checksum:    18420 e48bcd48bd268b7a1e3344cbeb47627d
      Size/MD5 checksum:    24218 c05b459cff729578f3db24c888a398cc
      Size/MD5 checksum:    88238 55f881414b7284040c0492bce30d1eae
      Size/MD5 checksum:    55136 9e2b25c2d89a2090431c99869b99aa9a

  Motorola 680x0 architecture:
      Size/MD5 checksum:  1894844 ac1ae3c1c47a7440981ba070c240c238
      Size/MD5 checksum:   661046 36de9244bd994c06b828c3d61b9ebfe6
      Size/MD5 checksum:    17008 c05c234760d49e779d584afdf0f7b5e8
      Size/MD5 checksum:    19958 29d909b72afbf884381ff04754c6dee9
      Size/MD5 checksum:    84390 7c33456556934c93775a87164f971b48
      Size/MD5 checksum:    49730 65ce6ce72bd20d91ceaef6140069dab2

  Big endian MIPS architecture:
      Size/MD5 checksum:  1953104 220170cd500d702d5cee30842155ba89
      Size/MD5 checksum:   790394 94443815141ac2bffaa4b86dc26ba6db
      Size/MD5 checksum:    17080 e2e946b5c38e1aca66a0efe4fa7719d2
      Size/MD5 checksum:    20352 c10c5b001af1bfc395423f2269c22e62
      Size/MD5 checksum:    83514 400a716e1feeef9a170933b68d0ea2b3
      Size/MD5 checksum:    49106 259562cbc3a62d001c88a5ca627b3da5

  Little endian MIPS architecture:
      Size/MD5 checksum:  1948366 b98830256b99b2c3038a13d312098975
      Size/MD5 checksum:   790470 b0a9736cf354eebadbd510b770d5be3b
      Size/MD5 checksum:    17116 71c2ccf27bf04f89c95c20f5bcd0031e
      Size/MD5 checksum:    20380 392b8561e6743589f3ecc5faa74f5a5e
      Size/MD5 checksum:    83502 8b3e908f1bb0c7fd1569f3ff3642a773
      Size/MD5 checksum:    49068 aed6e8a847e2510735845d6f8c842a22

  PowerPC architecture:
      Size/MD5 checksum:  1999004 b50f4bce7c6129b614e849cddd9f4a05
      Size/MD5 checksum:   775550 cebf3449bb1401c81d9c02956bfa6072
      Size/MD5 checksum:    17216 fba6f12e2a103b8dffb69de4c53a9b52
      Size/MD5 checksum:    20926 cc71efdeff475b546e0bd2b658cad361
      Size/MD5 checksum:    85108 28cf54ac30182aea9eb78e7e75587a30
      Size/MD5 checksum:    50466 b55e9e08952ded765ba7fb4865972d93

  IBM S/390 architecture:
      Size/MD5 checksum:  1940928 012d96ec06e9f36de8ff7cba2af5510f
      Size/MD5 checksum:   692834 e35687e5401892a431a25ccf7c14816c
      Size/MD5 checksum:    17458 c294f4a99b4ab832a16db63ccb8e1de2
      Size/MD5 checksum:    20702 a25e0672101fccac0f15e3c904b79c88
      Size/MD5 checksum:    85490 a6299ac965787af1257d69fb8dbdb063
      Size/MD5 checksum:    50002 896271b9ee3b2bf6e49fc34ffb03e1c9

  Sun Sparc architecture:
      Size/MD5 checksum:  2037298 697d42e83005453061d90a04521a2c8a
      Size/MD5 checksum:   738328 36f92e836b6d457198cb94d11f6e0567
      Size/MD5 checksum:    20212 27217d51337be6b9f70f1ad0e5d4f6b0
      Size/MD5 checksum:    19856 87a2823ed346ef6c5ef271b82cca256f
      Size/MD5 checksum:    84330 dcb5057290e76192cd35823ecdf16451
      Size/MD5 checksum:    49724 0e2ece8db3597681b02dee48528b6a28

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.