- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Important: python security update
Advisory ID:       RHSA-2005:108-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2005:108.html
Issue date:        2005-02-15
Updated on:        2005-02-15
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0089
- ---------------------------------------------------------------------1. Summary:

Updated Python packages that fix several security issues are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Python is an interpreted, interactive, object-oriented programming language.

An object traversal bug was found in the Python SimpleXMLRPCServer.  This
bug could allow a remote untrusted user to do unrestricted object traversal
and allow them to access or change function internals using the im_* and
func_* attributes.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0089 to this issue.

Users of Python are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

146649 - CAN-2005-0089 python SimpleXMLRPCServer security issue

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
d189468154d7cf63aa6af6678cb8613d  python-2.3.4-14.1.src.rpm

i386:
2712b8f9d2912600d8f646d35f689996  python-2.3.4-14.1.i386.rpm
be88db797f56d1a501ed3732757b657d  python-devel-2.3.4-14.1.i386.rpm
20a88af26a767018c87e39032552a57a  python-docs-2.3.4-14.1.i386.rpm
05a2588346ef5950ae83b76f140cd029  python-tools-2.3.4-14.1.i386.rpm
689f7fc46cf2e5e2107653f5f338f471  tkinter-2.3.4-14.1.i386.rpm

ia64:
6ba1f92092692ce7dc000f2396444430  python-2.3.4-14.1.ia64.rpm
f45375f74a80c5a541c5c6f8c511c6ed  python-devel-2.3.4-14.1.ia64.rpm
aea178005376626a739f9e9deb46d85e  python-docs-2.3.4-14.1.ia64.rpm
68884aa4b76210190f984b0a644b7bcc  python-tools-2.3.4-14.1.ia64.rpm
1182fdc4661ee0aaa6187a4adcf88309  tkinter-2.3.4-14.1.ia64.rpm

ppc:
ef9131d7daa839fb8b80051c0a248ec8  python-2.3.4-14.1.ppc.rpm
974938aea5959d3b9d7dfe17bee28bc8  python-devel-2.3.4-14.1.ppc.rpm
29b6d4fc9a8e46a5dd4ea76eb0262ec5  python-docs-2.3.4-14.1.ppc.rpm
ad59f7d118c70b89c522a28054df5abd  python-tools-2.3.4-14.1.ppc.rpm
85e2c0aec90cd30f2b6a0bb4f711f06e  tkinter-2.3.4-14.1.ppc.rpm

s390:
c2c5d0e3a66dcfd17ebaffdadbb84d8a  python-2.3.4-14.1.s390.rpm
1192f7711e7296bd55e407afe275dea2  python-devel-2.3.4-14.1.s390.rpm
baaccfd176d523a9019befc6ca3e4546  python-docs-2.3.4-14.1.s390.rpm
757b1117779443567ae9f9ba5470397d  python-tools-2.3.4-14.1.s390.rpm
8ab54fcc6429685ca89a004255da2302  tkinter-2.3.4-14.1.s390.rpm

s390x:
7364a75ad005e960d90c68c26db1b9d6  python-2.3.4-14.1.s390x.rpm
57ed41904fd90af8020cb2a12c6b9efa  python-devel-2.3.4-14.1.s390x.rpm
5c001929d0620a477310cfcc611b57bf  python-docs-2.3.4-14.1.s390x.rpm
4ec4346b001bd2b2568ac7b3d2fc18ba  python-tools-2.3.4-14.1.s390x.rpm
cd2d59c73aa0dee5c8140b653b74792c  tkinter-2.3.4-14.1.s390x.rpm

x86_64:
ba4668c9e17ec0a36950f84a6e4d6ed9  python-2.3.4-14.1.x86_64.rpm
51c6c2801c10e1ab406303446b2b2f11  python-devel-2.3.4-14.1.x86_64.rpm
5f32fc6f75760f31ca259534af097eb2  python-docs-2.3.4-14.1.x86_64.rpm
fdabec76f02d3616b5a540f0402c5237  python-tools-2.3.4-14.1.x86_64.rpm
26bb9a58781a462848dc632bfd08eb81  tkinter-2.3.4-14.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
d189468154d7cf63aa6af6678cb8613d  python-2.3.4-14.1.src.rpm

i386:
2712b8f9d2912600d8f646d35f689996  python-2.3.4-14.1.i386.rpm
be88db797f56d1a501ed3732757b657d  python-devel-2.3.4-14.1.i386.rpm
20a88af26a767018c87e39032552a57a  python-docs-2.3.4-14.1.i386.rpm
05a2588346ef5950ae83b76f140cd029  python-tools-2.3.4-14.1.i386.rpm
689f7fc46cf2e5e2107653f5f338f471  tkinter-2.3.4-14.1.i386.rpm

x86_64:
ba4668c9e17ec0a36950f84a6e4d6ed9  python-2.3.4-14.1.x86_64.rpm
51c6c2801c10e1ab406303446b2b2f11  python-devel-2.3.4-14.1.x86_64.rpm
5f32fc6f75760f31ca259534af097eb2  python-docs-2.3.4-14.1.x86_64.rpm
fdabec76f02d3616b5a540f0402c5237  python-tools-2.3.4-14.1.x86_64.rpm
26bb9a58781a462848dc632bfd08eb81  tkinter-2.3.4-14.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
d189468154d7cf63aa6af6678cb8613d  python-2.3.4-14.1.src.rpm

i386:
2712b8f9d2912600d8f646d35f689996  python-2.3.4-14.1.i386.rpm
be88db797f56d1a501ed3732757b657d  python-devel-2.3.4-14.1.i386.rpm
20a88af26a767018c87e39032552a57a  python-docs-2.3.4-14.1.i386.rpm
05a2588346ef5950ae83b76f140cd029  python-tools-2.3.4-14.1.i386.rpm
689f7fc46cf2e5e2107653f5f338f471  tkinter-2.3.4-14.1.i386.rpm

ia64:
6ba1f92092692ce7dc000f2396444430  python-2.3.4-14.1.ia64.rpm
f45375f74a80c5a541c5c6f8c511c6ed  python-devel-2.3.4-14.1.ia64.rpm
aea178005376626a739f9e9deb46d85e  python-docs-2.3.4-14.1.ia64.rpm
68884aa4b76210190f984b0a644b7bcc  python-tools-2.3.4-14.1.ia64.rpm
1182fdc4661ee0aaa6187a4adcf88309  tkinter-2.3.4-14.1.ia64.rpm

x86_64:
ba4668c9e17ec0a36950f84a6e4d6ed9  python-2.3.4-14.1.x86_64.rpm
51c6c2801c10e1ab406303446b2b2f11  python-devel-2.3.4-14.1.x86_64.rpm
5f32fc6f75760f31ca259534af097eb2  python-docs-2.3.4-14.1.x86_64.rpm
fdabec76f02d3616b5a540f0402c5237  python-tools-2.3.4-14.1.x86_64.rpm
26bb9a58781a462848dc632bfd08eb81  tkinter-2.3.4-14.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
d189468154d7cf63aa6af6678cb8613d  python-2.3.4-14.1.src.rpm

i386:
2712b8f9d2912600d8f646d35f689996  python-2.3.4-14.1.i386.rpm
be88db797f56d1a501ed3732757b657d  python-devel-2.3.4-14.1.i386.rpm
20a88af26a767018c87e39032552a57a  python-docs-2.3.4-14.1.i386.rpm
05a2588346ef5950ae83b76f140cd029  python-tools-2.3.4-14.1.i386.rpm
689f7fc46cf2e5e2107653f5f338f471  tkinter-2.3.4-14.1.i386.rpm

ia64:
6ba1f92092692ce7dc000f2396444430  python-2.3.4-14.1.ia64.rpm
f45375f74a80c5a541c5c6f8c511c6ed  python-devel-2.3.4-14.1.ia64.rpm
aea178005376626a739f9e9deb46d85e  python-docs-2.3.4-14.1.ia64.rpm
68884aa4b76210190f984b0a644b7bcc  python-tools-2.3.4-14.1.ia64.rpm
1182fdc4661ee0aaa6187a4adcf88309  tkinter-2.3.4-14.1.ia64.rpm

x86_64:
ba4668c9e17ec0a36950f84a6e4d6ed9  python-2.3.4-14.1.x86_64.rpm
51c6c2801c10e1ab406303446b2b2f11  python-devel-2.3.4-14.1.x86_64.rpm
5f32fc6f75760f31ca259534af097eb2  python-docs-2.3.4-14.1.x86_64.rpm
fdabec76f02d3616b5a540f0402c5237  python-tools-2.3.4-14.1.x86_64.rpm
26bb9a58781a462848dc632bfd08eb81  tkinter-2.3.4-14.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.python.org/blogs/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

RedHat: Important: python security update RHSA-2005:108-01

Updated Python packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the R...

Summary



Summary

Python is an interpreted, interactive, object-oriented programming language. An object traversal bug was found in the Python SimpleXMLRPCServer. This bug could allow a remote untrusted user to do unrestricted object traversal and allow them to access or change function internals using the im_* and func_* attributes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0089 to this issue. Users of Python are advised to upgrade to these updated packages, which contain backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
146649 - CAN-2005-0089 python SimpleXMLRPCServer security issue
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm
i386: 2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm 20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm 05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm 689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm
ia64: 6ba1f92092692ce7dc000f2396444430 python-2.3.4-14.1.ia64.rpm f45375f74a80c5a541c5c6f8c511c6ed python-devel-2.3.4-14.1.ia64.rpm aea178005376626a739f9e9deb46d85e python-docs-2.3.4-14.1.ia64.rpm 68884aa4b76210190f984b0a644b7bcc python-tools-2.3.4-14.1.ia64.rpm 1182fdc4661ee0aaa6187a4adcf88309 tkinter-2.3.4-14.1.ia64.rpm
ppc: ef9131d7daa839fb8b80051c0a248ec8 python-2.3.4-14.1.ppc.rpm 974938aea5959d3b9d7dfe17bee28bc8 python-devel-2.3.4-14.1.ppc.rpm 29b6d4fc9a8e46a5dd4ea76eb0262ec5 python-docs-2.3.4-14.1.ppc.rpm ad59f7d118c70b89c522a28054df5abd python-tools-2.3.4-14.1.ppc.rpm 85e2c0aec90cd30f2b6a0bb4f711f06e tkinter-2.3.4-14.1.ppc.rpm
s390: c2c5d0e3a66dcfd17ebaffdadbb84d8a python-2.3.4-14.1.s390.rpm 1192f7711e7296bd55e407afe275dea2 python-devel-2.3.4-14.1.s390.rpm baaccfd176d523a9019befc6ca3e4546 python-docs-2.3.4-14.1.s390.rpm 757b1117779443567ae9f9ba5470397d python-tools-2.3.4-14.1.s390.rpm 8ab54fcc6429685ca89a004255da2302 tkinter-2.3.4-14.1.s390.rpm
s390x: 7364a75ad005e960d90c68c26db1b9d6 python-2.3.4-14.1.s390x.rpm 57ed41904fd90af8020cb2a12c6b9efa python-devel-2.3.4-14.1.s390x.rpm 5c001929d0620a477310cfcc611b57bf python-docs-2.3.4-14.1.s390x.rpm 4ec4346b001bd2b2568ac7b3d2fc18ba python-tools-2.3.4-14.1.s390x.rpm cd2d59c73aa0dee5c8140b653b74792c tkinter-2.3.4-14.1.s390x.rpm
x86_64: ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm 51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm 5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm 26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm
i386: 2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm 20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm 05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm 689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm
x86_64: ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm 51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm 5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm 26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm
i386: 2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm 20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm 05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm 689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm
ia64: 6ba1f92092692ce7dc000f2396444430 python-2.3.4-14.1.ia64.rpm f45375f74a80c5a541c5c6f8c511c6ed python-devel-2.3.4-14.1.ia64.rpm aea178005376626a739f9e9deb46d85e python-docs-2.3.4-14.1.ia64.rpm 68884aa4b76210190f984b0a644b7bcc python-tools-2.3.4-14.1.ia64.rpm 1182fdc4661ee0aaa6187a4adcf88309 tkinter-2.3.4-14.1.ia64.rpm
x86_64: ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm 51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm 5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm 26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm
i386: 2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm 20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm 05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm 689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm
ia64: 6ba1f92092692ce7dc000f2396444430 python-2.3.4-14.1.ia64.rpm f45375f74a80c5a541c5c6f8c511c6ed python-devel-2.3.4-14.1.ia64.rpm aea178005376626a739f9e9deb46d85e python-docs-2.3.4-14.1.ia64.rpm 68884aa4b76210190f984b0a644b7bcc python-tools-2.3.4-14.1.ia64.rpm 1182fdc4661ee0aaa6187a4adcf88309 tkinter-2.3.4-14.1.ia64.rpm
x86_64: ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm 51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm 5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm 26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

https://www.python.org/blogs/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089

Package List


Severity
Advisory ID: RHSA-2005:108-01
Advisory URL: https://access.redhat.com/errata/RHSA-2005:108.html
Issued Date: : 2005-02-15
Updated on: 2005-02-15
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0089 Updated Python packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved