Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2005:035 - Updated python packages fix vulnerability
From: Mandrakelinux Security Team <security () linux-mandrake com>
Date: Thu, 10 Feb 2005 17:03:47 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           python
 Advisory ID:            MDKSA-2005:035
 Date:                   February 10th, 2005

 Affected versions:      10.0, 10.1, 9.2, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A flaw in the python language was found by the development team.  The
 SimpleXMLRPCServer library module could permit remote attackers
 unintended access to internals of the registered object or it's
 module, or possibly even other modules.  This only affects python
 XML-RPC servers that use the register_instance() method to register an
 object without a _dispatch() method.  Servers that only use the
 register_function() method are not affected.
 
 The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089
  http://www.python.org/security/PSF-2005-001/
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 8beb720d0eae578c43ca467f9a1af0f0  10.0/RPMS/libpython2.3-2.3.3-2.1.100mdk.i586.rpm
 ef66feb9f7b7c165064fc9c7835cdb11  10.0/RPMS/libpython2.3-devel-2.3.3-2.1.100mdk.i586.rpm
 87538481a96b416bacaf24ba8e3f1cd2  10.0/RPMS/python-2.3.3-2.1.100mdk.i586.rpm
 8d1970207ff9e2476aafb904bc2358b8  10.0/RPMS/python-base-2.3.3-2.1.100mdk.i586.rpm
 f00152d2ac6dbee6c49d804bcb1d4dcd  10.0/RPMS/python-docs-2.3.3-2.1.100mdk.i586.rpm
 01b64afd5de30bd99df9e73da2f97ef9  10.0/RPMS/tkinter-2.3.3-2.1.100mdk.i586.rpm
 d360151e4588581e7d47c273e8a28abe  10.0/SRPMS/python-2.3.3-2.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 9fdbab4d563592fe73e221d46d0088d8  amd64/10.0/RPMS/lib64python2.3-2.3.3-2.1.100mdk.amd64.rpm
 0140b944f6f09185236c1e1026eb4edd  amd64/10.0/RPMS/lib64python2.3-devel-2.3.3-2.1.100mdk.amd64.rpm
 0214045b468514f641c912aed17184ff  amd64/10.0/RPMS/python-2.3.3-2.1.100mdk.amd64.rpm
 ed2373ac815649687a0775fe675a23f2  amd64/10.0/RPMS/python-base-2.3.3-2.1.100mdk.amd64.rpm
 8078413cf31c8e248f41b2a1435cd172  amd64/10.0/RPMS/python-docs-2.3.3-2.1.100mdk.amd64.rpm
 d60fc339f824778e9cdc4c4ad71e90de  amd64/10.0/RPMS/tkinter-2.3.3-2.1.100mdk.amd64.rpm
 d360151e4588581e7d47c273e8a28abe  amd64/10.0/SRPMS/python-2.3.3-2.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 f2b6b56ef68da39ece17679c19974f5a  10.1/RPMS/libpython2.3-2.3.4-6.1.101mdk.i586.rpm
 5b5dfa7242a64c974cb9924258db0b7c  10.1/RPMS/libpython2.3-devel-2.3.4-6.1.101mdk.i586.rpm
 fd96e90717ac3f12ca2547cd131ab647  10.1/RPMS/python-2.3.4-6.1.101mdk.i586.rpm
 d1be4187307bcec359fce591a42cb735  10.1/RPMS/python-base-2.3.4-6.1.101mdk.i586.rpm
 44317eba795d6080caa84dc5110e6b93  10.1/RPMS/python-docs-2.3.4-6.1.101mdk.i586.rpm
 28997aa409843358d58fac301705d577  10.1/RPMS/tkinter-2.3.4-6.1.101mdk.i586.rpm
 c5f72acab1469acca0c82d147a5f9d53  10.1/SRPMS/python-2.3.4-6.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 e01470376f25024cdba630bf0f262601  x86_64/10.1/RPMS/lib64python2.3-2.3.4-6.1.101mdk.x86_64.rpm
 373bc691f9863209895a70d3fd6b3a0e  x86_64/10.1/RPMS/lib64python2.3-devel-2.3.4-6.1.101mdk.x86_64.rpm
 2f60f873c8ff1e4b263f31245dd552ec  x86_64/10.1/RPMS/python-2.3.4-6.1.101mdk.x86_64.rpm
 cba9bd7fedc1d0baa19e50d537630758  x86_64/10.1/RPMS/python-base-2.3.4-6.1.101mdk.x86_64.rpm
 e075976730591898d3384407d2881a1b  x86_64/10.1/RPMS/python-docs-2.3.4-6.1.101mdk.x86_64.rpm
 5107f719c5019d6fb106e9b7994609ca  x86_64/10.1/RPMS/tkinter-2.3.4-6.1.101mdk.x86_64.rpm
 c5f72acab1469acca0c82d147a5f9d53  x86_64/10.1/SRPMS/python-2.3.4-6.1.101mdk.src.rpm

 Corporate Server 2.1:
 4d5f7f0b4afe43618dd0bc498ff8d3e0  corporate/2.1/RPMS/libpython2.2-2.2.1-14.5.C21mdk.i586.rpm
 f8867fc6df620f53119e5615d2fa22f9  corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.5.C21mdk.i586.rpm
 bf6059fdb24ea5d3dbe8dce8d072e455  corporate/2.1/RPMS/python-2.2.1-14.5.C21mdk.i586.rpm
 da122b29af94b70fefd7925fc4609905  corporate/2.1/RPMS/python-base-2.2.1-14.5.C21mdk.i586.rpm
 ae65a5f9311fc6bdb4cc3da19e3e6cb2  corporate/2.1/RPMS/python-docs-2.2.1-14.5.C21mdk.i586.rpm
 1c3cf551abd546c49db7564e7a066494  corporate/2.1/RPMS/tkinter-2.2.1-14.5.C21mdk.i586.rpm
 57971ed8b6aa2b2aa0ae008d6f98cdee  corporate/2.1/SRPMS/python-2.2.1-14.5.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d0942542d1e4830db22e0328f92c75ee  x86_64/corporate/2.1/RPMS/libpython2.2-2.2.1-14.5.C21mdk.x86_64.rpm
 1da495831b1b25fe84fc30473b216669  x86_64/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.5.C21mdk.x86_64.rpm
 a174a8cd8d0c63fa468816163cd97706  x86_64/corporate/2.1/RPMS/python-2.2.1-14.5.C21mdk.x86_64.rpm
 8f8dcf92d7f0bebdb9866a2e92726344  x86_64/corporate/2.1/RPMS/python-base-2.2.1-14.5.C21mdk.x86_64.rpm
 24fe305bc5de288af4b760f3e26dba5d  x86_64/corporate/2.1/RPMS/python-docs-2.2.1-14.5.C21mdk.x86_64.rpm
 a636d96a37886c29bc85bc1e0ddb9442  x86_64/corporate/2.1/RPMS/tkinter-2.2.1-14.5.C21mdk.x86_64.rpm
 57971ed8b6aa2b2aa0ae008d6f98cdee  x86_64/corporate/2.1/SRPMS/python-2.2.1-14.5.C21mdk.src.rpm

 Corporate 3.0:
 2aaeb1239ffaa4cad46f0d9c4265032b  corporate/3.0/RPMS/libpython2.3-2.3.3-2.1.C30mdk.i586.rpm
 6822876c43310eccf3a5a56c43a1c63a  corporate/3.0/RPMS/libpython2.3-devel-2.3.3-2.1.C30mdk.i586.rpm
 1e4e4af576af783b4cfea4c57f709ce4  corporate/3.0/RPMS/python-2.3.3-2.1.C30mdk.i586.rpm
 2afaede9d73bd6eb6e05e0c21fb51582  corporate/3.0/RPMS/python-base-2.3.3-2.1.C30mdk.i586.rpm
 8631fc6d9d7703a4505254072e53ec23  corporate/3.0/RPMS/python-docs-2.3.3-2.1.C30mdk.i586.rpm
 3e521c99c2f3fecb08d0725e34124c31  corporate/3.0/RPMS/tkinter-2.3.3-2.1.C30mdk.i586.rpm
 ab6ecb0920b653d919a1457b975885c0  corporate/3.0/SRPMS/python-2.3.3-2.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 2f4267d5c0daafa12985b1eb684982e6  x86_64/corporate/3.0/RPMS/lib64python2.3-2.3.3-2.1.C30mdk.x86_64.rpm
 8b27c37138ea5f059fa5fb77b8139191  x86_64/corporate/3.0/RPMS/lib64python2.3-devel-2.3.3-2.1.C30mdk.x86_64.rpm
 99b2278e72154e47e9daf66eeabf1277  x86_64/corporate/3.0/RPMS/python-2.3.3-2.1.C30mdk.x86_64.rpm
 83e1a95c63a61187a6aa4b53cb30cbfa  x86_64/corporate/3.0/RPMS/python-base-2.3.3-2.1.C30mdk.x86_64.rpm
 770042e98bdbeb6549c45f7c1a20de03  x86_64/corporate/3.0/RPMS/python-docs-2.3.3-2.1.C30mdk.x86_64.rpm
 5ab7162344890c5a86ce2993ae61e546  x86_64/corporate/3.0/RPMS/tkinter-2.3.3-2.1.C30mdk.x86_64.rpm
 ab6ecb0920b653d919a1457b975885c0  x86_64/corporate/3.0/SRPMS/python-2.3.3-2.1.C30mdk.src.rpm

 Mandrakelinux 9.2:
 a892b22a7e1f89c019e1670d7cdd60f0  9.2/RPMS/libpython2.3-2.3-3.1.92mdk.i586.rpm
 05871f84d666ea3ba9dcbfe1981b44ae  9.2/RPMS/libpython2.3-devel-2.3-3.1.92mdk.i586.rpm
 e1c0e145784a9c28dbc8d4e0ce8f564f  9.2/RPMS/python-2.3-3.1.92mdk.i586.rpm
 ecaececfba4689432bf40232ad82de34  9.2/RPMS/python-base-2.3-3.1.92mdk.i586.rpm
 95c699992a960020a837c119ac349d75  9.2/RPMS/python-docs-2.3-3.1.92mdk.i586.rpm
 b643ebf76e8283d533600179d9b64806  9.2/RPMS/tkinter-2.3-3.1.92mdk.i586.rpm
 8b7b22bd98ee80fa30889f1de4500431  9.2/SRPMS/python-2.3-3.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 f4b9e7152e31dc1c199cbb137a1a1cf0  amd64/9.2/RPMS/lib64python2.3-2.3-3.1.92mdk.amd64.rpm
 5da8eeff579d07a3a39730f962ac0360  amd64/9.2/RPMS/lib64python2.3-devel-2.3-3.1.92mdk.amd64.rpm
 7d24517e15c9ef41a6cf5796982d4c93  amd64/9.2/RPMS/python-2.3-3.1.92mdk.amd64.rpm
 dda09aea00c4688fef2baa171c64b94a  amd64/9.2/RPMS/python-base-2.3-3.1.92mdk.amd64.rpm
 7ecf9b85490cde267f81370dc41d918a  amd64/9.2/RPMS/python-docs-2.3-3.1.92mdk.amd64.rpm
 76ae48434564bc7522cbdf006d09ed27  amd64/9.2/RPMS/tkinter-2.3-3.1.92mdk.amd64.rpm
 8b7b22bd98ee80fa30889f1de4500431  amd64/9.2/SRPMS/python-2.3-3.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCC/ZjmqjQ0CJFipgRAi95AJ4vpZrIjCr0ELcviVbHKq8Dkbt+jACgofT6
U2txH8XfADhe9WOXh1OFc1o=
=Xsxz
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2005:035 - Updated python packages fix vulnerability Mandrakelinux Security Team (Feb 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault