LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

February 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA February 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Low: python on SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Thu, 17 Feb 2011 15:36:16 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (96 lines)

Synopsis:	Low: python security, bug fix, and enhancement update
Issue date:	2011-01-13
CVE Names:	CVE-2008-5983 CVE-2009-4134 CVE-2010-1449
                   CVE-2010-1450 CVE-2010-1634 CVE-2010-2089

It was found that many applications embedding the Python interpreter did
not specify a valid full path to the script or application when calling 
the PySys_SetArgv API function, which could result in the addition of 
the current working directory to the module search path (sys.path). A 
local attacker able to trick a victim into running such an application 
in an attacker-controlled directory could use this flaw to execute code 
with the victim's privileges. This update adds the PySys_SetArgvEx API. 
Developers can modify their applications to use this new API, which sets 
sys.argv without modifying sys.path. (CVE-2008-5983)

Multiple flaws were found in the Python rgbimg module. If an application
written in Python was using the rgbimg module and loaded a
specially-crafted SGI image file, it could cause the application to 
crash or, possibly, execute arbitrary code with the privileges of the 
user running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)

Multiple flaws were found in the Python audioop module. Supplying 
certain inputs could cause the audioop module to crash or, possibly, 
execute arbitrary code. (CVE-2010-1634, CVE-2010-2089)

This update also fixes the following bugs:

* When starting a child process from the subprocess module in Python 
2.4, the parent process could leak file descriptors if an error 
occurred. This update resolves the issue. (BZ#609017)

* Prior to Python 2.7, programs that used "ulimit -n" to enable
communication with large numbers of subprocesses could still monitor 
only 1024 file descriptors at a time, which caused an exception:

  ValueError: filedescriptor out of range in select()

This was due to the subprocess module using the "select" system call. 
The module now uses the "poll" system call, removing this limitation.
(BZ#609020)

* Prior to Python 2.5, the tarfile module failed to unpack tar files if 
the path was longer than 100 characters. This update backports the 
tarfile module from Python 2.5 and the issue no longer occurs. (BZ#263401)

* The email module incorrectly implemented the logic for obtaining
attachment file names: the get_filename() fallback for using the 
deprecated "name" parameter of the "Content-Type" header erroneously 
used the "Content-Disposition" header. This update backports a fix from 
Python 2.6, which resolves this issue. (BZ#644147)

* Prior to version 2.5, Python's optimized memory allocator never 
released memory back to the system. The memory usage of a long-running 
Python process would resemble a "high-water mark". This update backports 
a fix from Python 2.5a1, which frees unused arenas, and adds a 
non-standard sys._debugmallocstats() function, which prints diagnostic 
information to stderr. Finally, when running under Valgrind, the 
optimized allocator is deactivated, to allow more convenient debugging 
of Python memory usage issues. (BZ#569093)

* The urllib and urllib2 modules ignored the no_proxy variable, which 
could lead to programs such as "yum" erroneously accessing a proxy 
server for URLs covered by a "no_proxy" exclusion. This update backports 
fixes of urllib and urllib2, which respect the "no_proxy" variable, 
which fixes these issues. (BZ#549372)

As well, this update adds the following enhancements:

* This update introduces a new python-libs package, subsuming the 
majority of the content of the core python package. This makes both 
32-bit and 64-bit Python libraries available on PowerPC systems. (BZ#625372)

* The python-libs.i386 package is now available for 64-bit Itanium with 
the 32-bit Itanium compatibility mode. (BZ#644761)

SL 5.x

     SRPMS:
python-2.4.3-43.el5.src.rpm
     i386:
python-2.4.3-43.el5.i386.rpm
python-devel-2.4.3-43.el5.i386.rpm
python-libs-2.4.3-43.el5.i386.rpm
python-tools-2.4.3-43.el5.i386.rpm
tkinter-2.4.3-43.el5.i386.rpm
     x86_64:
python-2.4.3-43.el5.x86_64.rpm
python-devel-2.4.3-43.el5.i386.rpm
python-devel-2.4.3-43.el5.x86_64.rpm
python-libs-2.4.3-43.el5.x86_64.rpm
python-tools-2.4.3-43.el5.x86_64.rpm
tkinter-2.4.3-43.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV