Skip to navigation

Security Advisory mod_python security update

Advisory: RHSA-2004:058-08
Type: Security Advisory
Severity: Low
Issued on: 2004-02-26
Last updated on: 2004-02-26
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2003-0973
CVE-2004-0096

Details

Updated mod_python packages that fix a denial of service vulnerability are
now available for Red Hat Enterprise Linux.

mod_python embeds the Python language interpreter within the Apache httpd
server.

A bug has been found in mod_python versions 2.7.10 and earlier that can
lead to a denial of service vulnerability. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0973 to
this issue.

Although Red Hat Enterprise Linux shipped with a version of mod_python that
contains this bug, our testing was unable to trigger the denial of service
vulnerability. However, mod_python users are advised to upgrade to these
errata packages, which contain a backported patch that corrects this bug.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
mod_python-2.7.8-2.src.rpm
File outdated by:  RHSA-2005:104
    MD5: e06203d2306cd30015c64e453c5e00f6
mod_python-2.7.8-2.src.rpm
File outdated by:  RHSA-2005:104
    MD5: e06203d2306cd30015c64e453c5e00f6
 
IA-32:
mod_python-2.7.8-2.i386.rpm
File outdated by:  RHSA-2005:104
    MD5: 7b2b03557bc408221c549f299101705c
 
IA-64:
mod_python-2.7.8-2.ia64.rpm
File outdated by:  RHSA-2005:104
    MD5: 8c7ece4e0c46d52afc5018ec8a252208
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
mod_python-3.0.3-3.ent.src.rpm
File outdated by:  RHSA-2005:104
    MD5: 3928d331fd4d3492581e09afb5198367
mod_python-3.0.3-3.ent.src.rpm
File outdated by:  RHSA-2005:104
    MD5: 3928d331fd4d3492581e09afb5198367
 
IA-32:
mod_python-3.0.3-3.ent.i386.rpm
File outdated by:  RHSA-2005:104
    MD5: d83256ed6c3f759f81511d5bbbe4bd30
 
IA-64:
mod_python-3.0.3-3.ent.ia64.rpm
File outdated by:  RHSA-2005:104
    MD5: f09c41ae2aff29fe7a79fcefadb21bef
 
PPC:
mod_python-3.0.3-3.ent.ppc.rpm
File outdated by:  RHSA-2005:104
    MD5: 261979c42795ece9537eebd75cd80070
 
s390:
mod_python-3.0.3-3.ent.s390.rpm
File outdated by:  RHSA-2005:104
    MD5: 5931e6fb80e4a04743b92438a32d3dbd
 
s390x:
mod_python-3.0.3-3.ent.s390x.rpm
File outdated by:  RHSA-2005:104
    MD5: 0731f48408089fc3374148f8af5351f4
 
x86_64:
mod_python-3.0.3-3.ent.x86_64.rpm
File outdated by:  RHSA-2005:104
    MD5: 5e1d9310db6075d08ca1346c0039593d
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
mod_python-2.7.8-2.src.rpm
File outdated by:  RHSA-2005:104
    MD5: e06203d2306cd30015c64e453c5e00f6
mod_python-2.7.8-2.src.rpm
File outdated by:  RHSA-2005:104
    MD5: e06203d2306cd30015c64e453c5e00f6
 
IA-32:
mod_python-2.7.8-2.i386.rpm
File outdated by:  RHSA-2005:104
    MD5: 7b2b03557bc408221c549f299101705c
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
mod_python-3.0.3-3.ent.src.rpm
File outdated by:  RHSA-2005:104
    MD5: 3928d331fd4d3492581e09afb5198367
mod_python-3.0.3-3.ent.src.rpm
File outdated by:  RHSA-2005:104
    MD5: 3928d331fd4d3492581e09afb5198367
 
IA-32:
mod_python-3.0.3-3.ent.i386.rpm
File outdated by:  RHSA-2005:104
    MD5: d83256ed6c3f759f81511d5bbbe4bd30
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
mod_python-2.7.8-2.src.rpm
File outdated by:  RHSA-2005:104
    MD5: e06203d2306cd30015c64e453c5e00f6
mod_python-2.7.8-2.src.rpm
File outdated by:  RHSA-2005:104
    MD5: e06203d2306cd30015c64e453c5e00f6
 
IA-32:
mod_python-2.7.8-2.i386.rpm
File outdated by:  RHSA-2005:104
    MD5: 7b2b03557bc408221c549f299101705c
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
mod_python-3.0.3-3.ent.src.rpm
File outdated by:  RHSA-2005:104
    MD5: 3928d331fd4d3492581e09afb5198367
mod_python-3.0.3-3.ent.src.rpm
File outdated by:  RHSA-2005:104
    MD5: 3928d331fd4d3492581e09afb5198367
 
IA-32:
mod_python-3.0.3-3.ent.i386.rpm
File outdated by:  RHSA-2005:104
    MD5: d83256ed6c3f759f81511d5bbbe4bd30
 
IA-64:
mod_python-3.0.3-3.ent.ia64.rpm
File outdated by:  RHSA-2005:104
    MD5: f09c41ae2aff29fe7a79fcefadb21bef
 
x86_64:
mod_python-3.0.3-3.ent.x86_64.rpm
File outdated by:  RHSA-2005:104
    MD5: 5e1d9310db6075d08ca1346c0039593d
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
mod_python-2.7.8-2.src.rpm
File outdated by:  RHSA-2005:104
    MD5: e06203d2306cd30015c64e453c5e00f6
mod_python-2.7.8-2.src.rpm
File outdated by:  RHSA-2005:104
    MD5: e06203d2306cd30015c64e453c5e00f6
 
IA-64:
mod_python-2.7.8-2.ia64.rpm
File outdated by:  RHSA-2005:104
    MD5: 8c7ece4e0c46d52afc5018ec8a252208
 

References


Keywords

DoS, mod_python


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/