Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Slackware: 2005-111-02 Moderate Risk: Python SimpleXMLRPCServer Access

slackware
Calendar Grey April 22, 2005
Dist Slackware Esm H88
A security vulnerability has been discovered in the Python SimpleXMLRPCServer module, requiring immediate action. Updated packages for Slackware are now available.
New Python packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue in the SimpleXMLRPCServer library module

Summary

Here are the details from the Slackware 10.1 ChangeLog: patches/packages/python-2.4.1-i486-1.tgz: Upgraded to python-2.4.1. From the python.org site: "The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method. Servers using only register_function() are not affected." For more details, see: https://www.python.org/blogs/ (* Security fix *) patches/packages/python-demo-2.4.1-noarch-1.tgz: Upgraded to python-2.4.1 demos. patches/packages/python-tools-2.4.1-noarch-1.tgz: Upgraded to python-2.4.1 tools.

Topics%20covered

Topics Covered

security advisory moderate security issue update Slackware SimpleXMLRPCServer Python package

Where Find New Packages

Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/python-2.2.3-i386-1.tgz
Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/python-2.2.3-i386-1.tgz
Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-2.3.5-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-demo-2.3.5-noarch-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-tools-2.3.5-noarch-1.tgz
Updated packages for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/python-2.3.5-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/python-demo-2.3.5-noarch-1.tgz
Updated packages for Slackware 10.1:
Updated packages for Slackware -current:

MD5 Signatures

Slackware 8.1 package: b90d20f1c90a39407fae3346e17befd0 python-2.2.3-i386-1.tgz
Slackware 9.0 package: fb39a3367b130440b5f8a64c3468eec2 python-2.2.3-i386-1.tgz
Slackware 9.1 packages: 897fe07abe99fc1f1a4095cacecd697f python-2.3.5-i486-1.tgz 34a3cd2b3fe85810964a13fce7c5d9fc python-demo-2.3.5-noarch-1.tgz c48b074dcf6a76818e181764ce7e41ee python-tools-2.3.5-noarch-1.tgz
Slackware 10.0 packages: 11c483e44089d7aae954c62eada1108c python-2.3.5-i486-1.tgz b1dbd8eeca44c048dd83f505b2c69fdb python-demo-2.3.5-noarch-1.tgz 554e9cc2cb5c3f9d02cb57ee07025681 python-tools-2.3.5-noarch-1.tgz
Slackware 10.1 packages: b78837244ef3c145cb9c354729d2954f python-2.4.1-i486-1.tgz 83b8a735c638a64f0f348a95fd58847a python-demo-2.4.1-noarch-1.tgz 83f0b4a65b44de14e475faa4087e5268 python-tools-2.4.1-noarch-1.tgz
Slackware -current packages: 7b2695497611d592ca756a074084bcbc python-2.4.1-i486-1.tgz 81f77f0063c79aa9cb78c7d03c2a762b python-demo-2.4.1-noarch-1.tgz 4008585cd345feb544de5ffae574a449 python-tools-2.4.1-noarch-1.tgz

Topics%20covered

Topics Covered

security advisory moderate security issue update Slackware SimpleXMLRPCServer Python package

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg python-2.4.1-i486-1.tgz python-demo-2.4.1-noarch-1.tgz python-tools-2.4.1-noarch-1.tgz

Related News

Your message here