Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Red Hat Linux 7.0 RHSA-2002:202-25 Critical: Python Temp File Risk

red hat
Calendar Grey January 21, 2003
Dist Redhat Esm H88
Red Hat has released upgraded Python libraries to mitigate a security flaw in the management of temporary files, which could permit unauthorized local code execution.
Zack Weinberg discovered that os._execvpe from os.py in Python <=2.2.1 creates temporary files with predictable names.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 6.2:

SRPMS:


i386:






Red Hat Linux 7.0:

SRPMS:


i386:






Red Hat Linux 7.1:

SRPMS:


i386:






Red Hat Linux 7.2:

SRPMS:



i386:








ia64:








Red Hat Linux 7.3:

SRPMS:



i386:












6. Verification:

MD5 sum Package Name ea2c7e1f03253f7abf020bd20501a9ed 6.2/en/os/SRPMS/python-1.5.2-42.62.src.rpm ae807f2515d48688feb63a7d1c36fd41 6.2/en/os/i386/python-1.5.2-42.62.i386.rpm 9e7ec6bea6aeac1f55d7268c17bd005e 6.2/en/os/i386/python-devel-1.5.2-42.62.i386.rpm 24989340e51d52302fed720a304da5fb 6.2/en/os/i386/python-docs-1.5.2-42.62.i386.rpm c32cfd08bd1b8c1485f9faf992ae4e47 6.2/en/os/i386/python-tools-1.5.2-42.62.i386.rpm 9e6ef79c21074cfd2ba6a9e8f82269fe 6.2/en/os/i386/tkinter-1.5.2-42.62.i386.rpm f284fbc3bffb9750628b854c66240884 7.0/en/os/SRPMS/python-1.5.2-42.71.src.rpm 67a8b9f482122c94e59be63fb35a6c09 7.0/en/os/i386/python-1.5.2-42.71.i386.rpm 6bb2441e4e774d4036e06470a37f2d05 7.0/en/os/i386/python-devel-1.5.2-42.71.i386.rpm 4bbbde224af5008bcde30363fc97146c 7.0/en/os/i386/python-docs-1.5.2-42.71.i386.rpm a2d3161c06c800c522da141baa5118b7 7.0/en/os/i386/python-tools-1.5.2-42.71.i386.rpm 55275a32efb84977fa93653fb9cbae2c 7.0/en/os/i386/tkinter-1.5.2-42.71.i386.rpm f284fbc3bffb9750628b854c66240884 7.1/en/os/SRPMS/python-1.5.2-42.71.src.rpm 67a8b9f482122c94e59be63fb35a6c09 7.1/en/os/i386/python-1.5.2-42.71.i386.rpm 6bb2441e4e774d4036e06470a37f2d05 7.1/en/os/i386/python-devel-1.5.2-42.71.i386.rpm 4bbbde224af5008bcde30363fc97146c 7.1/en/os/i386/python-docs-1.5.2-42.71.i386.rpm a2d3161c06c800c522da141baa5118b7 7.1/en/os/i386/python-tools-1.5.2-42.71.i386.rpm 55275a32efb84977fa93653fb9cbae2c 7.1/en/os/i386/tkinter-1.5.2-42.71.i386.rpm a47d3a73c49783e1cd5b83cbef60652f 7.2/en/os/SRPMS/python-1.5.2-42.72.src.rpm b4e68654b049c6af907f098afd29a4be 7.2/en/os/SRPMS/python2-2.1.1-2.72.src.rpm 389afc3097788a96b0835ebc46ac16d3 7.2/en/os/i386/python-1.5.2-42.72.i386.rpm a4fd8f4787c56603613e9f3e12d6aa27 7.2/en/os/i386/python-devel-1.5.2-42.72.i386.rpm 686d90f9f8462ebc2dc7f0c05bf1612e 7.2/en/os/i386/python-docs-1.5.2-42.72.i386.rpm ac3c101c4d388b2086412fa1ecae38c6 7.2/en/os/i386/python-tools-1.5.2-42.72.i386.rpm d1832d93442ddac585427b460b02c1c8 7.2/en/os/i386/python2-2.1.1-2.72.i386.rpm e1c3352394e1cd824e615742ca029298 7.2/en/os/i386/python2-devel-2.1.1-2.72.i386.rpm 9bee09c2165510ef87d5b1d6c5170760 7.2/en/os/i386/tkinter-1.5.2-42.72.i386.rpm a59c47d8d4d089f83b834105b9d22f69 7.2/en/os/ia64/python-1.5.2-42.72.ia64.rpm 1a2c0e209e264928d2f84154e182248d 7.2/en/os/ia64/python-devel-1.5.2-42.72.ia64.rpm 290383a0ec1a271e5f6a17b7bc821ed8 7.2/en/os/ia64/python-docs-1.5.2-42.72.ia64.rpm 694c91d88fbfd31a6408781431a5b7fe 7.2/en/os/ia64/python-tools-1.5.2-42.72.ia64.rpm c5e288bfb51f7cdb1fc7de5a0c900639 7.2/en/os/ia64/python2-2.1.1-2.72.ia64.rpm 729305369876da105810446e32a119bc 7.2/en/os/ia64/python2-devel-2.1.1-2.72.ia64.rpm 85ddf2fcb9679153dc179a3e41d76993 7.2/en/os/ia64/tkinter-1.5.2-42.72.ia64.rpm f2cf7600b4de21bcb7eaa2e73218cb7c 7.3/en/os/SRPMS/python-1.5.2-42.73.src.rpm 183717dbd2d209c4ab19162c21c41527 7.3/en/os/SRPMS/python2-2.2.2-3.7.3.src.rpm 3349177afa68f1bb3cdefacd2202edad 7.3/en/os/i386/python-1.5.2-42.73.i386.rpm 4d046510dd987f72e521f528d95db38b 7.3/en/os/i386/python-devel-1.5.2-42.73.i386.rpm ec0936c1821670d1ebb9639bc9f41d5f 7.3/en/os/i386/python-docs-1.5.2-42.73.i386.rpm b55c4b23cdf5779e244923e944ffdab0 7.3/en/os/i386/python-tools-1.5.2-42.73.i386.rpm cdd195d8cd81e8c6c42964b7efda4a53 7.3/en/os/i386/python2-2.2.2-3.7.3.i386.rpm 3804e8f39fe53ca69eb9b08e0847239e 7.3/en/os/i386/python2-devel-2.2.2-3.7.3.i386.rpm e15f24a15999724eb6aad307a3cda429 7.3/en/os/i386/python2-docs-2.2.2-3.7.3.i386.rpm 7e68369c396be300c8abb8334d4cae2d 7.3/en/os/i386/tkinter-1.5.2-42.73.i386.rpm c4fced6272839041ce9252d06079d43c 7.3/en/os/i386/tkinter2-2.2.2-3.7.3.i386.rpm


These packages are GPG signed by Red Hat, Inc. for security. Our key is available at About

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

md5sum


Summary

References

#156556 - python: os.execvpe vulnerability - Debian Bug report logs CVE -CVE-2002-1119

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2002:202-25
Issue date: 2003-01-21
Updated on: 2003-01-21
Product: Red Hat Linux
Keywords: symlink os.excvpe flaw:link
Cross references:
Obsoletes:

Topic

Relevant Releases Architectures

Red Hat Linux 6.2 - i386

Red Hat Linux 7.0 - i386

Red Hat Linux 7.1 - i386

Red Hat Linux 7.2 - i386, ia64

Red Hat Linux 7.3 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.