Hi Jason, it seems these not pushed out to 4.9 yet? Regards, Stephan On May 6, 2011, at 22:58, Jason Harrington wrote: > Synopsis: Moderate: python security update > Issue date: 2011-05-05 > CVE Names: CVE-2009-3720 > CVE-2010-1634 > CVE-2010-2089 > CVE-2010-3493 > CVE-2011-1015 > CVE-2011-1521 > > A flaw was found in the Python urllib and urllib2 libraries where they > would not differentiate between different target URLs when handling > automatic redirects. This caused Python applications using these modules to > follow any new URL that they understood, including the "file://" URL type. > This could allow a remote server to force a local Python application to > read a local file instead of the remote one, possibly exposing local files > that were not meant to be exposed. (CVE-2011-1521) > > Multiple flaws were found in the Python audioop module. Supplying certain > inputs could cause the audioop module to crash or, possibly, execute > arbitrary code. (CVE-2010-1634, CVE-2010-2089) > > A race condition was found in the way the Python smtpd module handled new > connections. A remote user could use this flaw to cause a Python script > using the smtpd module to terminate. (CVE-2010-3493) > > An information disclosure flaw was found in the way the Python > CGIHTTPServer module processed certain HTTP GET requests. A remote attacker > could use a specially-crafted request to obtain the CGI script's source > code. (CVE-2011-1015) > > A buffer over-read flaw was found in the way the Python Expat parser > handled malformed UTF-8 sequences when processing XML files. A > specially-crafted XML file could cause Python applications using the Python > Expat parser to crash while parsing the file. (CVE-2009-3720) > > SL 4.x > SRPMS: > python-2.3.4-14.10.el4.src.rpm > > i386: > python-2.3.4-14.10.el4.i386.rpm > python-devel-2.3.4-14.10.el4.i386.rpm > python-docs-2.3.4-14.10.el4.i386.rpm > python-tools-2.3.4-14.10.el4.i386.rpm > tkinter-2.3.4-14.10.el4.i386.rpm > > x86_64: > python-2.3.4-14.10.el4.x86_64.rpm > python-devel-2.3.4-14.10.el4.x86_64.rpm > python-docs-2.3.4-14.10.el4.x86_64.rpm > python-tools-2.3.4-14.10.el4.x86_64.rpm > tkinter-2.3.4-14.10.el4.x86_64.rpm > > SL 5.x > SRPMS: > python-2.4.3-44.el5.src.rpm > > i386: > python-2.4.3-44.el5.i386.rpm > python-devel-2.4.3-44.el5.i386.rpm > python-libs-2.4.3-44.el5.i386.rpm > python-tools-2.4.3-44.el5.i386.rpm > tkinter-2.4.3-44.el5.i386.rpm > > x86_64: > python-2.4.3-44.el5.x86_64.rpm > python-devel-2.4.3-44.el5.i386.rpm > python-devel-2.4.3-44.el5.x86_64.rpm > python-libs-2.4.3-44.el5.x86_64.rpm > python-tools-2.4.3-44.el5.x86_64.rpm > tkinter-2.4.3-44.el5.x86_64.rpm > > - Scientific Linux Development Team -- Stephan Wiesand DESY -DV- Platanenallee 6 15738 Zeuthen, Germany