From: Mandrakelinux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2005:035 - Updated python packages fix vulnerability
Message-Id: <E1CzOHj-0006FK-DS@updates.mandrakesoft.com.>
Date: Thu, 10 Feb 2005 17:03:47 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: python
Advisory ID: MDKSA-2005:035
Date: February 10th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A flaw in the python language was found by the development team. The
SimpleXMLRPCServer library module could permit remote attackers
unintended access to internals of the registered object or it's
module, or possibly even other modules. This only affects python
XML-RPC servers that use the register_instance() method to register an
object without a _dispatch() method. Servers that only use the
register_function() method are not affected.
The updated packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089http://www.python.org/security/PSF-2005-001/
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
8beb720d0eae578c43ca467f9a1af0f0 10.0/RPMS/libpython2.3-2.3.3-2.1.100mdk.i586.rpm
ef66feb9f7b7c165064fc9c7835cdb11 10.0/RPMS/libpython2.3-devel-2.3.3-2.1.100mdk.i586.rpm
87538481a96b416bacaf24ba8e3f1cd2 10.0/RPMS/python-2.3.3-2.1.100mdk.i586.rpm
8d1970207ff9e2476aafb904bc2358b8 10.0/RPMS/python-base-2.3.3-2.1.100mdk.i586.rpm
f00152d2ac6dbee6c49d804bcb1d4dcd 10.0/RPMS/python-docs-2.3.3-2.1.100mdk.i586.rpm
01b64afd5de30bd99df9e73da2f97ef9 10.0/RPMS/tkinter-2.3.3-2.1.100mdk.i586.rpm
d360151e4588581e7d47c273e8a28abe 10.0/SRPMS/python-2.3.3-2.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
9fdbab4d563592fe73e221d46d0088d8 amd64/10.0/RPMS/lib64python2.3-2.3.3-2.1.100mdk.amd64.rpm
0140b944f6f09185236c1e1026eb4edd amd64/10.0/RPMS/lib64python2.3-devel-2.3.3-2.1.100mdk.amd64.rpm
0214045b468514f641c912aed17184ff amd64/10.0/RPMS/python-2.3.3-2.1.100mdk.amd64.rpm
ed2373ac815649687a0775fe675a23f2 amd64/10.0/RPMS/python-base-2.3.3-2.1.100mdk.amd64.rpm
8078413cf31c8e248f41b2a1435cd172 amd64/10.0/RPMS/python-docs-2.3.3-2.1.100mdk.amd64.rpm
d60fc339f824778e9cdc4c4ad71e90de amd64/10.0/RPMS/tkinter-2.3.3-2.1.100mdk.amd64.rpm
d360151e4588581e7d47c273e8a28abe amd64/10.0/SRPMS/python-2.3.3-2.1.100mdk.src.rpm
Mandrakelinux 10.1:
f2b6b56ef68da39ece17679c19974f5a 10.1/RPMS/libpython2.3-2.3.4-6.1.101mdk.i586.rpm
5b5dfa7242a64c974cb9924258db0b7c 10.1/RPMS/libpython2.3-devel-2.3.4-6.1.101mdk.i586.rpm
fd96e90717ac3f12ca2547cd131ab647 10.1/RPMS/python-2.3.4-6.1.101mdk.i586.rpm
d1be4187307bcec359fce591a42cb735 10.1/RPMS/python-base-2.3.4-6.1.101mdk.i586.rpm
44317eba795d6080caa84dc5110e6b93 10.1/RPMS/python-docs-2.3.4-6.1.101mdk.i586.rpm
28997aa409843358d58fac301705d577 10.1/RPMS/tkinter-2.3.4-6.1.101mdk.i586.rpm
c5f72acab1469acca0c82d147a5f9d53 10.1/SRPMS/python-2.3.4-6.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
e01470376f25024cdba630bf0f262601 x86_64/10.1/RPMS/lib64python2.3-2.3.4-6.1.101mdk.x86_64.rpm
373bc691f9863209895a70d3fd6b3a0e x86_64/10.1/RPMS/lib64python2.3-devel-2.3.4-6.1.101mdk.x86_64.rpm
2f60f873c8ff1e4b263f31245dd552ec x86_64/10.1/RPMS/python-2.3.4-6.1.101mdk.x86_64.rpm
cba9bd7fedc1d0baa19e50d537630758 x86_64/10.1/RPMS/python-base-2.3.4-6.1.101mdk.x86_64.rpm
e075976730591898d3384407d2881a1b x86_64/10.1/RPMS/python-docs-2.3.4-6.1.101mdk.x86_64.rpm
5107f719c5019d6fb106e9b7994609ca x86_64/10.1/RPMS/tkinter-2.3.4-6.1.101mdk.x86_64.rpm
c5f72acab1469acca0c82d147a5f9d53 x86_64/10.1/SRPMS/python-2.3.4-6.1.101mdk.src.rpm
Corporate Server 2.1:
4d5f7f0b4afe43618dd0bc498ff8d3e0 corporate/2.1/RPMS/libpython2.2-2.2.1-14.5.C21mdk.i586.rpm
f8867fc6df620f53119e5615d2fa22f9 corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.5.C21mdk.i586.rpm
bf6059fdb24ea5d3dbe8dce8d072e455 corporate/2.1/RPMS/python-2.2.1-14.5.C21mdk.i586.rpm
da122b29af94b70fefd7925fc4609905 corporate/2.1/RPMS/python-base-2.2.1-14.5.C21mdk.i586.rpm
ae65a5f9311fc6bdb4cc3da19e3e6cb2 corporate/2.1/RPMS/python-docs-2.2.1-14.5.C21mdk.i586.rpm
1c3cf551abd546c49db7564e7a066494 corporate/2.1/RPMS/tkinter-2.2.1-14.5.C21mdk.i586.rpm
57971ed8b6aa2b2aa0ae008d6f98cdee corporate/2.1/SRPMS/python-2.2.1-14.5.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d0942542d1e4830db22e0328f92c75ee x86_64/corporate/2.1/RPMS/libpython2.2-2.2.1-14.5.C21mdk.x86_64.rpm
1da495831b1b25fe84fc30473b216669 x86_64/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.5.C21mdk.x86_64.rpm
a174a8cd8d0c63fa468816163cd97706 x86_64/corporate/2.1/RPMS/python-2.2.1-14.5.C21mdk.x86_64.rpm
8f8dcf92d7f0bebdb9866a2e92726344 x86_64/corporate/2.1/RPMS/python-base-2.2.1-14.5.C21mdk.x86_64.rpm
24fe305bc5de288af4b760f3e26dba5d x86_64/corporate/2.1/RPMS/python-docs-2.2.1-14.5.C21mdk.x86_64.rpm
a636d96a37886c29bc85bc1e0ddb9442 x86_64/corporate/2.1/RPMS/tkinter-2.2.1-14.5.C21mdk.x86_64.rpm
57971ed8b6aa2b2aa0ae008d6f98cdee x86_64/corporate/2.1/SRPMS/python-2.2.1-14.5.C21mdk.src.rpm
Corporate 3.0:
2aaeb1239ffaa4cad46f0d9c4265032b corporate/3.0/RPMS/libpython2.3-2.3.3-2.1.C30mdk.i586.rpm
6822876c43310eccf3a5a56c43a1c63a corporate/3.0/RPMS/libpython2.3-devel-2.3.3-2.1.C30mdk.i586.rpm
1e4e4af576af783b4cfea4c57f709ce4 corporate/3.0/RPMS/python-2.3.3-2.1.C30mdk.i586.rpm
2afaede9d73bd6eb6e05e0c21fb51582 corporate/3.0/RPMS/python-base-2.3.3-2.1.C30mdk.i586.rpm
8631fc6d9d7703a4505254072e53ec23 corporate/3.0/RPMS/python-docs-2.3.3-2.1.C30mdk.i586.rpm
3e521c99c2f3fecb08d0725e34124c31 corporate/3.0/RPMS/tkinter-2.3.3-2.1.C30mdk.i586.rpm
ab6ecb0920b653d919a1457b975885c0 corporate/3.0/SRPMS/python-2.3.3-2.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
2f4267d5c0daafa12985b1eb684982e6 x86_64/corporate/3.0/RPMS/lib64python2.3-2.3.3-2.1.C30mdk.x86_64.rpm
8b27c37138ea5f059fa5fb77b8139191 x86_64/corporate/3.0/RPMS/lib64python2.3-devel-2.3.3-2.1.C30mdk.x86_64.rpm
99b2278e72154e47e9daf66eeabf1277 x86_64/corporate/3.0/RPMS/python-2.3.3-2.1.C30mdk.x86_64.rpm
83e1a95c63a61187a6aa4b53cb30cbfa x86_64/corporate/3.0/RPMS/python-base-2.3.3-2.1.C30mdk.x86_64.rpm
770042e98bdbeb6549c45f7c1a20de03 x86_64/corporate/3.0/RPMS/python-docs-2.3.3-2.1.C30mdk.x86_64.rpm
5ab7162344890c5a86ce2993ae61e546 x86_64/corporate/3.0/RPMS/tkinter-2.3.3-2.1.C30mdk.x86_64.rpm
ab6ecb0920b653d919a1457b975885c0 x86_64/corporate/3.0/SRPMS/python-2.3.3-2.1.C30mdk.src.rpm
Mandrakelinux 9.2:
a892b22a7e1f89c019e1670d7cdd60f0 9.2/RPMS/libpython2.3-2.3-3.1.92mdk.i586.rpm
05871f84d666ea3ba9dcbfe1981b44ae 9.2/RPMS/libpython2.3-devel-2.3-3.1.92mdk.i586.rpm
e1c0e145784a9c28dbc8d4e0ce8f564f 9.2/RPMS/python-2.3-3.1.92mdk.i586.rpm
ecaececfba4689432bf40232ad82de34 9.2/RPMS/python-base-2.3-3.1.92mdk.i586.rpm
95c699992a960020a837c119ac349d75 9.2/RPMS/python-docs-2.3-3.1.92mdk.i586.rpm
b643ebf76e8283d533600179d9b64806 9.2/RPMS/tkinter-2.3-3.1.92mdk.i586.rpm
8b7b22bd98ee80fa30889f1de4500431 9.2/SRPMS/python-2.3-3.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
f4b9e7152e31dc1c199cbb137a1a1cf0 amd64/9.2/RPMS/lib64python2.3-2.3-3.1.92mdk.amd64.rpm
5da8eeff579d07a3a39730f962ac0360 amd64/9.2/RPMS/lib64python2.3-devel-2.3-3.1.92mdk.amd64.rpm
7d24517e15c9ef41a6cf5796982d4c93 amd64/9.2/RPMS/python-2.3-3.1.92mdk.amd64.rpm
dda09aea00c4688fef2baa171c64b94a amd64/9.2/RPMS/python-base-2.3-3.1.92mdk.amd64.rpm
7ecf9b85490cde267f81370dc41d918a amd64/9.2/RPMS/python-docs-2.3-3.1.92mdk.amd64.rpm
76ae48434564bc7522cbdf006d09ed27 amd64/9.2/RPMS/tkinter-2.3-3.1.92mdk.amd64.rpm
8b7b22bd98ee80fa30889f1de4500431 amd64/9.2/SRPMS/python-2.3-3.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCC/ZjmqjQ0CJFipgRAi95AJ4vpZrIjCr0ELcviVbHKq8Dkbt+jACgofT6
U2txH8XfADhe9WOXh1OFc1o=
=Xsxz
-----END PGP SIGNATURE-----