python-2.6.6-29.AXS4.2

エラータID: AXSA:2012-663:02

Release date: 
Tuesday, August 14, 2012 - 19:49
Subject: 
python-2.6.6-29.AXS4.2
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).

Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM.

Note that documentation for Python is provided in the python-docs package.

Security issues fixed with this release:

CVE-2011-4940
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

CVE-2011-4944
CVE-2012-0845
CVE-2012-1150

No description available at the time of writing, please use the CVE links below.

Solution: 

Update packages.

CVEs: 
CVE-2011-4940
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
CVE-2011-4944
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
CVE-2012-0845
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.
CVE-2012-1150
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.


Additional Info: 

N/A

Download: 

SRPMS
  1. python-2.6.6-29.AXS4.2.src.rpm
    MD5: 220f90f4694ca3b7c8ff6ff25da0135a
    SHA-256: e416edfba591d8b14ff85c6335d7312da6422b22d2fe21fc9797871d8e163b6a
    Size: 10.69 MB

Asianux Server 4 for x86
  1. python-2.6.6-29.AXS4.2.i686.rpm
    MD5: cc90b94ac7f2dbe99a8ebf5ce5821868
    SHA-256: 902bc90fd2fe1c8502b99d395f90fe5084b08d3df01344398d72c1507060bee9
    Size: 4.78 MB
  2. python-devel-2.6.6-29.AXS4.2.i686.rpm
    MD5: 8cc0ef50379771e1c851091d6f37411a
    SHA-256: a814eda7cfa76772ca38c9a09b4a92653da5178fa05c0d621fa11c08863024e5
    Size: 166.17 kB
  3. python-libs-2.6.6-29.AXS4.2.i686.rpm
    MD5: 5985439bc157265d8a11a859cd1706dc
    SHA-256: 9f5c03f323655c0623021b4b818076ea3ba35ccb649ac2f2eaa8e1541c4d1df1
    Size: 607.14 kB
  4. tkinter-2.6.6-29.AXS4.2.i686.rpm
    MD5: a62711327fb580b2aa68fe7ad5ef6eb3
    SHA-256: a5c55aac1d92597a3ab6d0e47f29d6d5ffe0693a5f4790ddecfacf7a7aa279fb
    Size: 250.49 kB

Asianux Server 4 for x86_64
  1. python-2.6.6-29.AXS4.2.x86_64.rpm
    MD5: 35bde585db16e5f78d8a875563eb5398
    SHA-256: 66322f538363fd7535352a7a255a9a92ff10de29779bf90476bb63b94a10064a
    Size: 4.81 MB
  2. python-devel-2.6.6-29.AXS4.2.x86_64.rpm
    MD5: cc98f7f6ae709f4d96d2d9d276d2f234
    SHA-256: d6af7c93c490bcd7ef76a115fb0ccf89be30fe22e8c485eb2b06c9369c6f6514
    Size: 165.60 kB
  3. python-libs-2.6.6-29.AXS4.2.x86_64.rpm
    MD5: 22175480bd841985e90ad90fd7f2f059
    SHA-256: 070ff76fa6689a3e776a604a382cf2f86eaefa0544ea932bb97dd4cea6fb5eec
    Size: 622.09 kB
  4. tkinter-2.6.6-29.AXS4.2.x86_64.rpm
    MD5: 0f8dceb5d90ebd9fccde655de8c22543
    SHA-256: 9fbd536ab49b92cbaeebd5e7473c5d3a54bb20ae1f18749f2e555cb3eb5b9d2f
    Size: 251.15 kB