python-2.7.5-34.0.1.el7.AXS7
エラータID: AXSA:2015-803:01
リリース日:
2015/11/26 Thursday - 20:28
題名:
python-2.7.5-34.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Python の bufferobject.c の整数オーバーフローが存在し,"buffer" 関数
の大きいサイズとオフセットによって,攻撃者が機密情報をプロセスメモリから
得る脆弱性があります。(CVE-2014-7185)
- 現時点では CVE-2013-1752, CVE-2013-1753, CVE-2014-4616, CVE-2014-4650
の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-1752
** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions.
** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions.
CVE-2013-1753
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2014-4616
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
CVE-2014-4650
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
追加情報:
N/A
ダウンロード:
SRPMS
- python-2.7.5-34.0.1.el7.AXS7.src.rpm
MD5: a9300cdd7532c935db2e2f8e2e768fa8
SHA-256: ff453f7c981cdc2dfd6ec82d2e2a7b20252b8b9297b44b4d86a2bc05b5ecae3f
Size: 10.14 MB
Asianux Server 7 for x86_64
- python-2.7.5-34.0.1.el7.AXS7.x86_64.rpm
MD5: 89ca3847312120381f017faaeeb00284
SHA-256: 37f1a63c205bb9e32a2d25c98a0394ec4f5bff9842b490dbdaa6436e94662aaf
Size: 87.16 kB - python-devel-2.7.5-34.0.1.el7.AXS7.x86_64.rpm
MD5: 2d2cf44c8138fc52e2bb84368d2e4cd3
SHA-256: 667f778dda89c45a7871f3d114ecd3a408fbf2556d7e2c7941279024ebbdff4a
Size: 389.93 kB - python-libs-2.7.5-34.0.1.el7.AXS7.x86_64.rpm
MD5: 43b01931dc78ec11da907efb9b44f4d0
SHA-256: 6b2d7eeb4e00b20dfebc3ec96e84521541c71bd6b589cc7ae46a423f166d8210
Size: 5.63 MB - python-libs-2.7.5-34.0.1.el7.AXS7.i686.rpm
MD5: 94ca1c507d8a81885decc30aad1fa0a0
SHA-256: 56561f3c019a27e72fba8be6325c86607c3c82c3332838070f9493cd42012e6e
Size: 5.58 MB
English