python-2.4.3-46.2.0.1.AXS3

エラータID: AXSA:2012-569:02

リリース日: 
2012/07/24 Tuesday - 11:24
題名: 
python-2.4.3-46.2.0.1.AXS3
影響のあるチャネル: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Python の SimpleHTTPServer の list_directory 関数は,Content-Type HTTP ヘッダに charset パラメータを置いておらず,UTF-7 エンコーディングによってリモートの攻撃者が Internet Explorer 7 に対してクロスサイトスクリプティング (XSS) 攻撃を行う脆弱性があります。 (CVE-2011-4940)

- 現時点では CVE-2011-4944, CVE-2012-1150 の情報が公開されておりません。
CVEの情報が公開され次第情報をアップデートいたします。

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2011-4940
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
CVE-2011-4944
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
CVE-2012-1150
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.




追加情報: 

N/A

ダウンロード: 

SRPMS
  1. python-2.4.3-46.2.0.1.AXS3.src.rpm
    MD5: 679795d58aed05a2e71eadcb0c3d8731
    SHA-256: 0774ad4e0b9ec73d1397552aeb8a7b912bb7bf94b6ac42361c5637a95b8492ea
    Size: 8.05 MB

Asianux Server 3 for x86
  1. python-2.4.3-46.2.0.1.AXS3.i386.rpm
    MD5: 54abb1acfb6fe4acadd77883c482f765
    SHA-256: 17656bffa60812cf97ee0647ffd8ddaf792a375694657b77ba018a0a7777ae49
    Size: 59.21 kB
  2. python-devel-2.4.3-46.2.0.1.AXS3.i386.rpm
    MD5: 31e2cd009bfd1e1ed6783b81fa0c266e
    SHA-256: 9abe2f83fe5a7a5959ab751295fff87d23146c7b103a2165aae2b595aca89b3a
    Size: 3.00 MB
  3. python-libs-2.4.3-46.2.0.1.AXS3.i386.rpm
    MD5: 10a51ff63ff7882624b14dbccab51599
    SHA-256: 51888425c4f3c47587c6bcc4126cc86ac1a4216fd46c96454d513b9eec7232ba
    Size: 5.88 MB
  4. python-tools-2.4.3-46.2.0.1.AXS3.i386.rpm
    MD5: 6102713b17013564cf5c9a428b577d6d
    SHA-256: 39c7327def95004a8b55894608e6925260f8f6b4467bac2159fbd47913951b3c
    Size: 969.28 kB
  5. tkinter-2.4.3-46.2.0.1.AXS3.i386.rpm
    MD5: 9aa66ff896e3baaff9a3cd43f51d4533
    SHA-256: 551689ffc3c0cb245bd721f7d142a156ff838dbfce7b531b9cce85e364edf295
    Size: 280.90 kB

Asianux Server 3 for x86_64
  1. python-2.4.3-46.2.0.1.AXS3.x86_64.rpm
    MD5: 306399d3998c3d285e409ce8634990d9
    SHA-256: 0afbf93030a262d85ff05748e3795ca4e456a27d1ca8a6adc4524de7d6c57596
    Size: 59.28 kB
  2. python-devel-2.4.3-46.2.0.1.AXS3.x86_64.rpm
    MD5: 32deb85b4efb1238cd2a3a2c452e5b9b
    SHA-256: 616d6815e2b92269d986dfd0e021d6e2142fb047b75909d8052c62efded9cf6c
    Size: 3.02 MB
  3. python-libs-2.4.3-46.2.0.1.AXS3.x86_64.rpm
    MD5: 6158d408d2165af29167e98e14ee89af
    SHA-256: 4ad8ba175e318c5f2f4cb2287e22ad7e69cf1f2c95ee87e0b988582598f03787
    Size: 5.94 MB
  4. python-tools-2.4.3-46.2.0.1.AXS3.x86_64.rpm
    MD5: 3cf9e3e6834ec85df9e92a2897510d35
    SHA-256: 77cddc040c0abae0cacb9f08e0d32ecc15f9f40157a7ec840147de97bb7d24b5
    Size: 969.51 kB
  5. tkinter-2.4.3-46.2.0.1.AXS3.x86_64.rpm
    MD5: b7fabb483b69707f437d6e68b3d9d95c
    SHA-256: 583a43c88d94927e72e3eb21bfa83055947d6af3c95bf4c0954b013fa6bc70c2
    Size: 282.33 kB