Hi, We forgot to update the push out scripts to include 49. The scripts have been updated, and they are now pushed out to 49. Troy On 05/09/2011 02:56 AM, Stephan Wiesand wrote: > Hi Jason, > > it seems these not pushed out to 4.9 yet? > > Regards, > Stephan > > On May 6, 2011, at 22:58, Jason Harrington wrote: > >> Synopsis: Moderate: python security update >> Issue date: 2011-05-05 >> CVE Names: CVE-2009-3720 >> CVE-2010-1634 >> CVE-2010-2089 >> CVE-2010-3493 >> CVE-2011-1015 >> CVE-2011-1521 >> >> A flaw was found in the Python urllib and urllib2 libraries where they >> would not differentiate between different target URLs when handling >> automatic redirects. This caused Python applications using these modules to >> follow any new URL that they understood, including the "file://" URL type. >> This could allow a remote server to force a local Python application to >> read a local file instead of the remote one, possibly exposing local files >> that were not meant to be exposed. (CVE-2011-1521) >> >> Multiple flaws were found in the Python audioop module. Supplying certain >> inputs could cause the audioop module to crash or, possibly, execute >> arbitrary code. (CVE-2010-1634, CVE-2010-2089) >> >> A race condition was found in the way the Python smtpd module handled new >> connections. A remote user could use this flaw to cause a Python script >> using the smtpd module to terminate. (CVE-2010-3493) >> >> An information disclosure flaw was found in the way the Python >> CGIHTTPServer module processed certain HTTP GET requests. A remote attacker >> could use a specially-crafted request to obtain the CGI script's source >> code. (CVE-2011-1015) >> >> A buffer over-read flaw was found in the way the Python Expat parser >> handled malformed UTF-8 sequences when processing XML files. A >> specially-crafted XML file could cause Python applications using the Python >> Expat parser to crash while parsing the file. (CVE-2009-3720) >> >> SL 4.x >> SRPMS: >> python-2.3.4-14.10.el4.src.rpm >> >> i386: >> python-2.3.4-14.10.el4.i386.rpm >> python-devel-2.3.4-14.10.el4.i386.rpm >> python-docs-2.3.4-14.10.el4.i386.rpm >> python-tools-2.3.4-14.10.el4.i386.rpm >> tkinter-2.3.4-14.10.el4.i386.rpm >> >> x86_64: >> python-2.3.4-14.10.el4.x86_64.rpm >> python-devel-2.3.4-14.10.el4.x86_64.rpm >> python-docs-2.3.4-14.10.el4.x86_64.rpm >> python-tools-2.3.4-14.10.el4.x86_64.rpm >> tkinter-2.3.4-14.10.el4.x86_64.rpm >> >> SL 5.x >> SRPMS: >> python-2.4.3-44.el5.src.rpm >> >> i386: >> python-2.4.3-44.el5.i386.rpm >> python-devel-2.4.3-44.el5.i386.rpm >> python-libs-2.4.3-44.el5.i386.rpm >> python-tools-2.4.3-44.el5.i386.rpm >> tkinter-2.4.3-44.el5.i386.rpm >> >> x86_64: >> python-2.4.3-44.el5.x86_64.rpm >> python-devel-2.4.3-44.el5.i386.rpm >> python-devel-2.4.3-44.el5.x86_64.rpm >> python-libs-2.4.3-44.el5.x86_64.rpm >> python-tools-2.4.3-44.el5.x86_64.rpm >> tkinter-2.4.3-44.el5.x86_64.rpm >> >> - Scientific Linux Development Team > -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/SCF/FEF/SLSMS Group __________________________________________________