Subject: | |
From: | |
Reply To: | |
Date: | Mon, 9 May 2011 13:14:18 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hi,
We forgot to update the push out scripts to include 49. The scripts
have been updated, and they are now pushed out to 49.
Troy
On 05/09/2011 02:56 AM, Stephan Wiesand wrote:
> Hi Jason,
>
> it seems these not pushed out to 4.9 yet?
>
> Regards,
> Stephan
>
> On May 6, 2011, at 22:58, Jason Harrington wrote:
>
>> Synopsis: Moderate: python security update
>> Issue date: 2011-05-05
>> CVE Names: CVE-2009-3720
>> CVE-2010-1634
>> CVE-2010-2089
>> CVE-2010-3493
>> CVE-2011-1015
>> CVE-2011-1521
>>
>> A flaw was found in the Python urllib and urllib2 libraries where they
>> would not differentiate between different target URLs when handling
>> automatic redirects. This caused Python applications using these modules to
>> follow any new URL that they understood, including the "file://" URL type.
>> This could allow a remote server to force a local Python application to
>> read a local file instead of the remote one, possibly exposing local files
>> that were not meant to be exposed. (CVE-2011-1521)
>>
>> Multiple flaws were found in the Python audioop module. Supplying certain
>> inputs could cause the audioop module to crash or, possibly, execute
>> arbitrary code. (CVE-2010-1634, CVE-2010-2089)
>>
>> A race condition was found in the way the Python smtpd module handled new
>> connections. A remote user could use this flaw to cause a Python script
>> using the smtpd module to terminate. (CVE-2010-3493)
>>
>> An information disclosure flaw was found in the way the Python
>> CGIHTTPServer module processed certain HTTP GET requests. A remote attacker
>> could use a specially-crafted request to obtain the CGI script's source
>> code. (CVE-2011-1015)
>>
>> A buffer over-read flaw was found in the way the Python Expat parser
>> handled malformed UTF-8 sequences when processing XML files. A
>> specially-crafted XML file could cause Python applications using the Python
>> Expat parser to crash while parsing the file. (CVE-2009-3720)
>>
>> SL 4.x
>> SRPMS:
>> python-2.3.4-14.10.el4.src.rpm
>>
>> i386:
>> python-2.3.4-14.10.el4.i386.rpm
>> python-devel-2.3.4-14.10.el4.i386.rpm
>> python-docs-2.3.4-14.10.el4.i386.rpm
>> python-tools-2.3.4-14.10.el4.i386.rpm
>> tkinter-2.3.4-14.10.el4.i386.rpm
>>
>> x86_64:
>> python-2.3.4-14.10.el4.x86_64.rpm
>> python-devel-2.3.4-14.10.el4.x86_64.rpm
>> python-docs-2.3.4-14.10.el4.x86_64.rpm
>> python-tools-2.3.4-14.10.el4.x86_64.rpm
>> tkinter-2.3.4-14.10.el4.x86_64.rpm
>>
>> SL 5.x
>> SRPMS:
>> python-2.4.3-44.el5.src.rpm
>>
>> i386:
>> python-2.4.3-44.el5.i386.rpm
>> python-devel-2.4.3-44.el5.i386.rpm
>> python-libs-2.4.3-44.el5.i386.rpm
>> python-tools-2.4.3-44.el5.i386.rpm
>> tkinter-2.4.3-44.el5.i386.rpm
>>
>> x86_64:
>> python-2.4.3-44.el5.x86_64.rpm
>> python-devel-2.4.3-44.el5.i386.rpm
>> python-devel-2.4.3-44.el5.x86_64.rpm
>> python-libs-2.4.3-44.el5.x86_64.rpm
>> python-tools-2.4.3-44.el5.x86_64.rpm
>> tkinter-2.4.3-44.el5.x86_64.rpm
>>
>> - Scientific Linux Development Team
>
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/SCF/FEF/SLSMS Group
__________________________________________________
|
|
|