MDKSA-2005:035 - Updated python packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: python
Advisory ID: MDKSA-2005:035
Date: February 10th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A flaw in the python language was found by the development team. The
SimpleXMLRPCServer library module could permit remote attackers
unintended access to internals of the registered object or it's
module, or possibly even other modules. This only affects python
XML-RPC servers that use the register_instance() method to register an
object without a _dispatch() method. Servers that only use the
register_function() method are not affected.
The updated packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089
http://www.python.org/security/PSF-2005-001/
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
8beb720d0eae578c43ca467f9a1af0f0
10.0/RPMS/libpython2.3-2.3.3-2.1.100mdk.i586.rpm
ef66feb9f7b7c165064fc9c7835cdb11
10.0/RPMS/libpython2.3-devel-2.3.3-2.1.100mdk.i586.rpm
87538481a96b416bacaf24ba8e3f1cd2 10.0/RPMS/python-2.3.3-2.1.100mdk.i586.rpm
8d1970207ff9e2476aafb904bc2358b8
10.0/RPMS/python-base-2.3.3-2.1.100mdk.i586.rpm
f00152d2ac6dbee6c49d804bcb1d4dcd
10.0/RPMS/python-docs-2.3.3-2.1.100mdk.i586.rpm
01b64afd5de30bd99df9e73da2f97ef9 10.0/RPMS/tkinter-2.3.3-2.1.100mdk.i586.rpm
d360151e4588581e7d47c273e8a28abe 10.0/SRPMS/python-2.3.3-2.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
9fdbab4d563592fe73e221d46d0088d8
amd64/10.0/RPMS/lib64python2.3-2.3.3-2.1.100mdk.amd64.rpm
0140b944f6f09185236c1e1026eb4edd
amd64/10.0/RPMS/lib64python2.3-devel-2.3.3-2.1.100mdk.amd64.rpm
0214045b468514f641c912aed17184ff
amd64/10.0/RPMS/python-2.3.3-2.1.100mdk.amd64.rpm
ed2373ac815649687a0775fe675a23f2
amd64/10.0/RPMS/python-base-2.3.3-2.1.100mdk.amd64.rpm
8078413cf31c8e248f41b2a1435cd172
amd64/10.0/RPMS/python-docs-2.3.3-2.1.100mdk.amd64.rpm
d60fc339f824778e9cdc4c4ad71e90de
amd64/10.0/RPMS/tkinter-2.3.3-2.1.100mdk.amd64.rpm
d360151e4588581e7d47c273e8a28abe
amd64/10.0/SRPMS/python-2.3.3-2.1.100mdk.src.rpm
Mandrakelinux 10.1:
f2b6b56ef68da39ece17679c19974f5a
10.1/RPMS/libpython2.3-2.3.4-6.1.101mdk.i586.rpm
5b5dfa7242a64c974cb9924258db0b7c
10.1/RPMS/libpython2.3-devel-2.3.4-6.1.101mdk.i586.rpm
fd96e90717ac3f12ca2547cd131ab647 10.1/RPMS/python-2.3.4-6.1.101mdk.i586.rpm
d1be4187307bcec359fce591a42cb735
10.1/RPMS/python-base-2.3.4-6.1.101mdk.i586.rpm
44317eba795d6080caa84dc5110e6b93
10.1/RPMS/python-docs-2.3.4-6.1.101mdk.i586.rpm
28997aa409843358d58fac301705d577 10.1/RPMS/tkinter-2.3.4-6.1.101mdk.i586.rpm
c5f72acab1469acca0c82d147a5f9d53 10.1/SRPMS/python-2.3.4-6.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
e01470376f25024cdba630bf0f262601
x86_64/10.1/RPMS/lib64python2.3-2.3.4-6.1.101mdk.x86_64.rpm
373bc691f9863209895a70d3fd6b3a0e
x86_64/10.1/RPMS/lib64python2.3-devel-2.3.4-6.1.101mdk.x86_64.rpm
2f60f873c8ff1e4b263f31245dd552ec
x86_64/10.1/RPMS/python-2.3.4-6.1.101mdk.x86_64.rpm
cba9bd7fedc1d0baa19e50d537630758
x86_64/10.1/RPMS/python-base-2.3.4-6.1.101mdk.x86_64.rpm
e075976730591898d3384407d2881a1b
x86_64/10.1/RPMS/python-docs-2.3.4-6.1.101mdk.x86_64.rpm
5107f719c5019d6fb106e9b7994609ca
x86_64/10.1/RPMS/tkinter-2.3.4-6.1.101mdk.x86_64.rpm
c5f72acab1469acca0c82d147a5f9d53
x86_64/10.1/SRPMS/python-2.3.4-6.1.101mdk.src.rpm
Corporate Server 2.1:
4d5f7f0b4afe43618dd0bc498ff8d3e0
corporate/2.1/RPMS/libpython2.2-2.2.1-14.5.C21mdk.i586.rpm
f8867fc6df620f53119e5615d2fa22f9
corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.5.C21mdk.i586.rpm
bf6059fdb24ea5d3dbe8dce8d072e455
corporate/2.1/RPMS/python-2.2.1-14.5.C21mdk.i586.rpm
da122b29af94b70fefd7925fc4609905
corporate/2.1/RPMS/python-base-2.2.1-14.5.C21mdk.i586.rpm
ae65a5f9311fc6bdb4cc3da19e3e6cb2
corporate/2.1/RPMS/python-docs-2.2.1-14.5.C21mdk.i586.rpm
1c3cf551abd546c49db7564e7a066494
corporate/2.1/RPMS/tkinter-2.2.1-14.5.C21mdk.i586.rpm
57971ed8b6aa2b2aa0ae008d6f98cdee
corporate/2.1/SRPMS/python-2.2.1-14.5.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d0942542d1e4830db22e0328f92c75ee
x86_64/corporate/2.1/RPMS/libpython2.2-2.2.1-14.5.C21mdk.x86_64.rpm
1da495831b1b25fe84fc30473b216669
x86_64/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.5.C21mdk.x86_64.rpm
a174a8cd8d0c63fa468816163cd97706
x86_64/corporate/2.1/RPMS/python-2.2.1-14.5.C21mdk.x86_64.rpm
8f8dcf92d7f0bebdb9866a2e92726344
x86_64/corporate/2.1/RPMS/python-base-2.2.1-14.5.C21mdk.x86_64.rpm
24fe305bc5de288af4b760f3e26dba5d
x86_64/corporate/2.1/RPMS/python-docs-2.2.1-14.5.C21mdk.x86_64.rpm
a636d96a37886c29bc85bc1e0ddb9442
x86_64/corporate/2.1/RPMS/tkinter-2.2.1-14.5.C21mdk.x86_64.rpm
57971ed8b6aa2b2aa0ae008d6f98cdee
x86_64/corporate/2.1/SRPMS/python-2.2.1-14.5.C21mdk.src.rpm
Corporate 3.0:
2aaeb1239ffaa4cad46f0d9c4265032b
corporate/3.0/RPMS/libpython2.3-2.3.3-2.1.C30mdk.i586.rpm
6822876c43310eccf3a5a56c43a1c63a
corporate/3.0/RPMS/libpython2.3-devel-2.3.3-2.1.C30mdk.i586.rpm
1e4e4af576af783b4cfea4c57f709ce4
corporate/3.0/RPMS/python-2.3.3-2.1.C30mdk.i586.rpm
2afaede9d73bd6eb6e05e0c21fb51582
corporate/3.0/RPMS/python-base-2.3.3-2.1.C30mdk.i586.rpm
8631fc6d9d7703a4505254072e53ec23
corporate/3.0/RPMS/python-docs-2.3.3-2.1.C30mdk.i586.rpm
3e521c99c2f3fecb08d0725e34124c31
corporate/3.0/RPMS/tkinter-2.3.3-2.1.C30mdk.i586.rpm
ab6ecb0920b653d919a1457b975885c0
corporate/3.0/SRPMS/python-2.3.3-2.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
2f4267d5c0daafa12985b1eb684982e6
x86_64/corporate/3.0/RPMS/lib64python2.3-2.3.3-2.1.C30mdk.x86_64.rpm
8b27c37138ea5f059fa5fb77b8139191
x86_64/corporate/3.0/RPMS/lib64python2.3-devel-2.3.3-2.1.C30mdk.x86_64.rpm
99b2278e72154e47e9daf66eeabf1277
x86_64/corporate/3.0/RPMS/python-2.3.3-2.1.C30mdk.x86_64.rpm
83e1a95c63a61187a6aa4b53cb30cbfa
x86_64/corporate/3.0/RPMS/python-base-2.3.3-2.1.C30mdk.x86_64.rpm
770042e98bdbeb6549c45f7c1a20de03
x86_64/corporate/3.0/RPMS/python-docs-2.3.3-2.1.C30mdk.x86_64.rpm
5ab7162344890c5a86ce2993ae61e546
x86_64/corporate/3.0/RPMS/tkinter-2.3.3-2.1.C30mdk.x86_64.rpm
ab6ecb0920b653d919a1457b975885c0
x86_64/corporate/3.0/SRPMS/python-2.3.3-2.1.C30mdk.src.rpm
Mandrakelinux 9.2:
a892b22a7e1f89c019e1670d7cdd60f0 9.2/RPMS/libpython2.3-2.3-3.1.92mdk.i586.rpm
05871f84d666ea3ba9dcbfe1981b44ae
9.2/RPMS/libpython2.3-devel-2.3-3.1.92mdk.i586.rpm
e1c0e145784a9c28dbc8d4e0ce8f564f 9.2/RPMS/python-2.3-3.1.92mdk.i586.rpm
ecaececfba4689432bf40232ad82de34 9.2/RPMS/python-base-2.3-3.1.92mdk.i586.rpm
95c699992a960020a837c119ac349d75 9.2/RPMS/python-docs-2.3-3.1.92mdk.i586.rpm
b643ebf76e8283d533600179d9b64806 9.2/RPMS/tkinter-2.3-3.1.92mdk.i586.rpm
8b7b22bd98ee80fa30889f1de4500431 9.2/SRPMS/python-2.3-3.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
f4b9e7152e31dc1c199cbb137a1a1cf0
amd64/9.2/RPMS/lib64python2.3-2.3-3.1.92mdk.amd64.rpm
5da8eeff579d07a3a39730f962ac0360
amd64/9.2/RPMS/lib64python2.3-devel-2.3-3.1.92mdk.amd64.rpm
7d24517e15c9ef41a6cf5796982d4c93 amd64/9.2/RPMS/python-2.3-3.1.92mdk.amd64.rpm
dda09aea00c4688fef2baa171c64b94a
amd64/9.2/RPMS/python-base-2.3-3.1.92mdk.amd64.rpm
7ecf9b85490cde267f81370dc41d918a
amd64/9.2/RPMS/python-docs-2.3-3.1.92mdk.amd64.rpm
76ae48434564bc7522cbdf006d09ed27
amd64/9.2/RPMS/tkinter-2.3-3.1.92mdk.amd64.rpm
8b7b22bd98ee80fa30889f1de4500431 amd64/9.2/SRPMS/python-2.3-3.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCC/ZjmqjQ0CJFipgRAi95AJ4vpZrIjCr0ELcviVbHKq8Dkbt+jACgofT6
U2txH8XfADhe9WOXh1OFc1o=
=Xsxz
-----END PGP SIGNATURE-----