<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:035 - Updated python packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           python
 Advisory ID:            MDKSA-2005:035
 Date:                   February 10th, 2005

 Affected versions:      10.0, 10.1, 9.2, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A flaw in the python language was found by the development team.  The
 SimpleXMLRPCServer library module could permit remote attackers
 unintended access to internals of the registered object or it's
 module, or possibly even other modules.  This only affects python
 XML-RPC servers that use the register_instance() method to register an
 object without a _dispatch() method.  Servers that only use the
 register_function() method are not affected.
 
 The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089
  http://www.python.org/security/PSF-2005-001/
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 8beb720d0eae578c43ca467f9a1af0f0  
10.0/RPMS/libpython2.3-2.3.3-2.1.100mdk.i586.rpm
 ef66feb9f7b7c165064fc9c7835cdb11  
10.0/RPMS/libpython2.3-devel-2.3.3-2.1.100mdk.i586.rpm
 87538481a96b416bacaf24ba8e3f1cd2  10.0/RPMS/python-2.3.3-2.1.100mdk.i586.rpm
 8d1970207ff9e2476aafb904bc2358b8  
10.0/RPMS/python-base-2.3.3-2.1.100mdk.i586.rpm
 f00152d2ac6dbee6c49d804bcb1d4dcd  
10.0/RPMS/python-docs-2.3.3-2.1.100mdk.i586.rpm
 01b64afd5de30bd99df9e73da2f97ef9  10.0/RPMS/tkinter-2.3.3-2.1.100mdk.i586.rpm
 d360151e4588581e7d47c273e8a28abe  10.0/SRPMS/python-2.3.3-2.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 9fdbab4d563592fe73e221d46d0088d8  
amd64/10.0/RPMS/lib64python2.3-2.3.3-2.1.100mdk.amd64.rpm
 0140b944f6f09185236c1e1026eb4edd  
amd64/10.0/RPMS/lib64python2.3-devel-2.3.3-2.1.100mdk.amd64.rpm
 0214045b468514f641c912aed17184ff  
amd64/10.0/RPMS/python-2.3.3-2.1.100mdk.amd64.rpm
 ed2373ac815649687a0775fe675a23f2  
amd64/10.0/RPMS/python-base-2.3.3-2.1.100mdk.amd64.rpm
 8078413cf31c8e248f41b2a1435cd172  
amd64/10.0/RPMS/python-docs-2.3.3-2.1.100mdk.amd64.rpm
 d60fc339f824778e9cdc4c4ad71e90de  
amd64/10.0/RPMS/tkinter-2.3.3-2.1.100mdk.amd64.rpm
 d360151e4588581e7d47c273e8a28abe  
amd64/10.0/SRPMS/python-2.3.3-2.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 f2b6b56ef68da39ece17679c19974f5a  
10.1/RPMS/libpython2.3-2.3.4-6.1.101mdk.i586.rpm
 5b5dfa7242a64c974cb9924258db0b7c  
10.1/RPMS/libpython2.3-devel-2.3.4-6.1.101mdk.i586.rpm
 fd96e90717ac3f12ca2547cd131ab647  10.1/RPMS/python-2.3.4-6.1.101mdk.i586.rpm
 d1be4187307bcec359fce591a42cb735  
10.1/RPMS/python-base-2.3.4-6.1.101mdk.i586.rpm
 44317eba795d6080caa84dc5110e6b93  
10.1/RPMS/python-docs-2.3.4-6.1.101mdk.i586.rpm
 28997aa409843358d58fac301705d577  10.1/RPMS/tkinter-2.3.4-6.1.101mdk.i586.rpm
 c5f72acab1469acca0c82d147a5f9d53  10.1/SRPMS/python-2.3.4-6.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 e01470376f25024cdba630bf0f262601  
x86_64/10.1/RPMS/lib64python2.3-2.3.4-6.1.101mdk.x86_64.rpm
 373bc691f9863209895a70d3fd6b3a0e  
x86_64/10.1/RPMS/lib64python2.3-devel-2.3.4-6.1.101mdk.x86_64.rpm
 2f60f873c8ff1e4b263f31245dd552ec  
x86_64/10.1/RPMS/python-2.3.4-6.1.101mdk.x86_64.rpm
 cba9bd7fedc1d0baa19e50d537630758  
x86_64/10.1/RPMS/python-base-2.3.4-6.1.101mdk.x86_64.rpm
 e075976730591898d3384407d2881a1b  
x86_64/10.1/RPMS/python-docs-2.3.4-6.1.101mdk.x86_64.rpm
 5107f719c5019d6fb106e9b7994609ca  
x86_64/10.1/RPMS/tkinter-2.3.4-6.1.101mdk.x86_64.rpm
 c5f72acab1469acca0c82d147a5f9d53  
x86_64/10.1/SRPMS/python-2.3.4-6.1.101mdk.src.rpm

 Corporate Server 2.1:
 4d5f7f0b4afe43618dd0bc498ff8d3e0  
corporate/2.1/RPMS/libpython2.2-2.2.1-14.5.C21mdk.i586.rpm
 f8867fc6df620f53119e5615d2fa22f9  
corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.5.C21mdk.i586.rpm
 bf6059fdb24ea5d3dbe8dce8d072e455  
corporate/2.1/RPMS/python-2.2.1-14.5.C21mdk.i586.rpm
 da122b29af94b70fefd7925fc4609905  
corporate/2.1/RPMS/python-base-2.2.1-14.5.C21mdk.i586.rpm
 ae65a5f9311fc6bdb4cc3da19e3e6cb2  
corporate/2.1/RPMS/python-docs-2.2.1-14.5.C21mdk.i586.rpm
 1c3cf551abd546c49db7564e7a066494  
corporate/2.1/RPMS/tkinter-2.2.1-14.5.C21mdk.i586.rpm
 57971ed8b6aa2b2aa0ae008d6f98cdee  
corporate/2.1/SRPMS/python-2.2.1-14.5.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d0942542d1e4830db22e0328f92c75ee  
x86_64/corporate/2.1/RPMS/libpython2.2-2.2.1-14.5.C21mdk.x86_64.rpm
 1da495831b1b25fe84fc30473b216669  
x86_64/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.5.C21mdk.x86_64.rpm
 a174a8cd8d0c63fa468816163cd97706  
x86_64/corporate/2.1/RPMS/python-2.2.1-14.5.C21mdk.x86_64.rpm
 8f8dcf92d7f0bebdb9866a2e92726344  
x86_64/corporate/2.1/RPMS/python-base-2.2.1-14.5.C21mdk.x86_64.rpm
 24fe305bc5de288af4b760f3e26dba5d  
x86_64/corporate/2.1/RPMS/python-docs-2.2.1-14.5.C21mdk.x86_64.rpm
 a636d96a37886c29bc85bc1e0ddb9442  
x86_64/corporate/2.1/RPMS/tkinter-2.2.1-14.5.C21mdk.x86_64.rpm
 57971ed8b6aa2b2aa0ae008d6f98cdee  
x86_64/corporate/2.1/SRPMS/python-2.2.1-14.5.C21mdk.src.rpm

 Corporate 3.0:
 2aaeb1239ffaa4cad46f0d9c4265032b  
corporate/3.0/RPMS/libpython2.3-2.3.3-2.1.C30mdk.i586.rpm
 6822876c43310eccf3a5a56c43a1c63a  
corporate/3.0/RPMS/libpython2.3-devel-2.3.3-2.1.C30mdk.i586.rpm
 1e4e4af576af783b4cfea4c57f709ce4  
corporate/3.0/RPMS/python-2.3.3-2.1.C30mdk.i586.rpm
 2afaede9d73bd6eb6e05e0c21fb51582  
corporate/3.0/RPMS/python-base-2.3.3-2.1.C30mdk.i586.rpm
 8631fc6d9d7703a4505254072e53ec23  
corporate/3.0/RPMS/python-docs-2.3.3-2.1.C30mdk.i586.rpm
 3e521c99c2f3fecb08d0725e34124c31  
corporate/3.0/RPMS/tkinter-2.3.3-2.1.C30mdk.i586.rpm
 ab6ecb0920b653d919a1457b975885c0  
corporate/3.0/SRPMS/python-2.3.3-2.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 2f4267d5c0daafa12985b1eb684982e6  
x86_64/corporate/3.0/RPMS/lib64python2.3-2.3.3-2.1.C30mdk.x86_64.rpm
 8b27c37138ea5f059fa5fb77b8139191  
x86_64/corporate/3.0/RPMS/lib64python2.3-devel-2.3.3-2.1.C30mdk.x86_64.rpm
 99b2278e72154e47e9daf66eeabf1277  
x86_64/corporate/3.0/RPMS/python-2.3.3-2.1.C30mdk.x86_64.rpm
 83e1a95c63a61187a6aa4b53cb30cbfa  
x86_64/corporate/3.0/RPMS/python-base-2.3.3-2.1.C30mdk.x86_64.rpm
 770042e98bdbeb6549c45f7c1a20de03  
x86_64/corporate/3.0/RPMS/python-docs-2.3.3-2.1.C30mdk.x86_64.rpm
 5ab7162344890c5a86ce2993ae61e546  
x86_64/corporate/3.0/RPMS/tkinter-2.3.3-2.1.C30mdk.x86_64.rpm
 ab6ecb0920b653d919a1457b975885c0  
x86_64/corporate/3.0/SRPMS/python-2.3.3-2.1.C30mdk.src.rpm

 Mandrakelinux 9.2:
 a892b22a7e1f89c019e1670d7cdd60f0  9.2/RPMS/libpython2.3-2.3-3.1.92mdk.i586.rpm
 05871f84d666ea3ba9dcbfe1981b44ae  
9.2/RPMS/libpython2.3-devel-2.3-3.1.92mdk.i586.rpm
 e1c0e145784a9c28dbc8d4e0ce8f564f  9.2/RPMS/python-2.3-3.1.92mdk.i586.rpm
 ecaececfba4689432bf40232ad82de34  9.2/RPMS/python-base-2.3-3.1.92mdk.i586.rpm
 95c699992a960020a837c119ac349d75  9.2/RPMS/python-docs-2.3-3.1.92mdk.i586.rpm
 b643ebf76e8283d533600179d9b64806  9.2/RPMS/tkinter-2.3-3.1.92mdk.i586.rpm
 8b7b22bd98ee80fa30889f1de4500431  9.2/SRPMS/python-2.3-3.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 f4b9e7152e31dc1c199cbb137a1a1cf0  
amd64/9.2/RPMS/lib64python2.3-2.3-3.1.92mdk.amd64.rpm
 5da8eeff579d07a3a39730f962ac0360  
amd64/9.2/RPMS/lib64python2.3-devel-2.3-3.1.92mdk.amd64.rpm
 7d24517e15c9ef41a6cf5796982d4c93  amd64/9.2/RPMS/python-2.3-3.1.92mdk.amd64.rpm
 dda09aea00c4688fef2baa171c64b94a  
amd64/9.2/RPMS/python-base-2.3-3.1.92mdk.amd64.rpm
 7ecf9b85490cde267f81370dc41d918a  
amd64/9.2/RPMS/python-docs-2.3-3.1.92mdk.amd64.rpm
 76ae48434564bc7522cbdf006d09ed27  
amd64/9.2/RPMS/tkinter-2.3-3.1.92mdk.amd64.rpm
 8b7b22bd98ee80fa30889f1de4500431  amd64/9.2/SRPMS/python-2.3-3.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCC/ZjmqjQ0CJFipgRAi95AJ4vpZrIjCr0ELcviVbHKq8Dkbt+jACgofT6
U2txH8XfADhe9WOXh1OFc1o=
=Xsxz
-----END PGP SIGNATURE-----