python-2.4.3-46.2.0.1.AXS3

エラータID: AXSA:2012-569:02

Release date: 
Tuesday, July 24, 2012 - 11:24
Subject: 
python-2.4.3-46.2.0.1.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).

Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM.

Note that documentation for Python is provided in the python-docs package.

Security issues fixed with this release:

CVE-2011-4940
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

CVE-2011-4944
CVE-2012-1150
No description available at the time of writing, please use the CVE links below.

Solution: 

Update packages.

CVEs: 
CVE-2011-4940
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
CVE-2011-4944
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
CVE-2012-1150
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.




Additional Info: 

N/A

Download: 

SRPMS
  1. python-2.4.3-46.2.0.1.AXS3.src.rpm
    MD5: 679795d58aed05a2e71eadcb0c3d8731
    SHA-256: 0774ad4e0b9ec73d1397552aeb8a7b912bb7bf94b6ac42361c5637a95b8492ea
    Size: 8.05 MB

Asianux Server 3 for x86
  1. python-2.4.3-46.2.0.1.AXS3.i386.rpm
    MD5: 54abb1acfb6fe4acadd77883c482f765
    SHA-256: 17656bffa60812cf97ee0647ffd8ddaf792a375694657b77ba018a0a7777ae49
    Size: 59.21 kB
  2. python-devel-2.4.3-46.2.0.1.AXS3.i386.rpm
    MD5: 31e2cd009bfd1e1ed6783b81fa0c266e
    SHA-256: 9abe2f83fe5a7a5959ab751295fff87d23146c7b103a2165aae2b595aca89b3a
    Size: 3.00 MB
  3. python-libs-2.4.3-46.2.0.1.AXS3.i386.rpm
    MD5: 10a51ff63ff7882624b14dbccab51599
    SHA-256: 51888425c4f3c47587c6bcc4126cc86ac1a4216fd46c96454d513b9eec7232ba
    Size: 5.88 MB
  4. python-tools-2.4.3-46.2.0.1.AXS3.i386.rpm
    MD5: 6102713b17013564cf5c9a428b577d6d
    SHA-256: 39c7327def95004a8b55894608e6925260f8f6b4467bac2159fbd47913951b3c
    Size: 969.28 kB
  5. tkinter-2.4.3-46.2.0.1.AXS3.i386.rpm
    MD5: 9aa66ff896e3baaff9a3cd43f51d4533
    SHA-256: 551689ffc3c0cb245bd721f7d142a156ff838dbfce7b531b9cce85e364edf295
    Size: 280.90 kB

Asianux Server 3 for x86_64
  1. python-2.4.3-46.2.0.1.AXS3.x86_64.rpm
    MD5: 306399d3998c3d285e409ce8634990d9
    SHA-256: 0afbf93030a262d85ff05748e3795ca4e456a27d1ca8a6adc4524de7d6c57596
    Size: 59.28 kB
  2. python-devel-2.4.3-46.2.0.1.AXS3.x86_64.rpm
    MD5: 32deb85b4efb1238cd2a3a2c452e5b9b
    SHA-256: 616d6815e2b92269d986dfd0e021d6e2142fb047b75909d8052c62efded9cf6c
    Size: 3.02 MB
  3. python-libs-2.4.3-46.2.0.1.AXS3.x86_64.rpm
    MD5: 6158d408d2165af29167e98e14ee89af
    SHA-256: 4ad8ba175e318c5f2f4cb2287e22ad7e69cf1f2c95ee87e0b988582598f03787
    Size: 5.94 MB
  4. python-tools-2.4.3-46.2.0.1.AXS3.x86_64.rpm
    MD5: 3cf9e3e6834ec85df9e92a2897510d35
    SHA-256: 77cddc040c0abae0cacb9f08e0d32ecc15f9f40157a7ec840147de97bb7d24b5
    Size: 969.51 kB
  5. tkinter-2.4.3-46.2.0.1.AXS3.x86_64.rpm
    MD5: b7fabb483b69707f437d6e68b3d9d95c
    SHA-256: 583a43c88d94927e72e3eb21bfa83055947d6af3c95bf4c0954b013fa6bc70c2
    Size: 282.33 kB