Skip to navigation

Security Advisory Moderate: python security update

Advisory: RHSA-2007:1077-5
Type: Security Advisory
Severity: Moderate
Issued on: 2007-12-10
Last updated on: 2007-12-10
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2006-7228
CVE-2007-2052

Details

Updated python packages that fix several security issues are now available
for Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Python is an interpreted, interactive, object-oriented programming
language.

An integer overflow flaw was discovered in the way Python's pcre module
handled certain regular expressions. If a Python application used the pcre
module to compile and execute untrusted regular expressions, it may be
possible to cause the application to crash, or allow arbitrary code
execution with the privileges of the Python interpreter. (CVE-2006-7228)

A flaw was discovered in the strxfrm() function of Python's locale module.
Strings generated by this function were not properly NULL-terminated, which
could possibly cause disclosure of data stored in the memory of a Python
application using this function. (CVE-2007-2052)

Users of Python are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
ftp://updates.redhat.com/rhn/public/NULL/python/1.5.2-43.72.2/i386/python-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: 2eedfdef76a114b2249a0d8aead905c8
ftp://updates.redhat.com/rhn/public/NULL/python-devel/1.5.2-43.72.2/i386/python-devel-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: d7bf8b0ceacec84d025fd4ea65f58c77
ftp://updates.redhat.com/rhn/public/NULL/python-docs/1.5.2-43.72.2/i386/python-docs-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: b9218c661a5efac21f011b48553e26f1
ftp://updates.redhat.com/rhn/public/NULL/python-tools/1.5.2-43.72.2/i386/python-tools-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: 865e1d43ac445880137638a8574f8e6f
ftp://updates.redhat.com/rhn/public/NULL/tkinter/1.5.2-43.72.2/i386/tkinter-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: 057a0423a93e1bc9d4c01917628aa3af
 
IA-64:
ftp://updates.redhat.com/rhn/public/NULL/python/1.5.2-43.72.2/ia64/python-1.5.2-43.72.2.ia64.rpm
Missing file
    MD5: b81ce154379e65cd37e8cb559eb2ae1d
ftp://updates.redhat.com/rhn/public/NULL/python-devel/1.5.2-43.72.2/ia64/python-devel-1.5.2-43.72.2.ia64.rpm
Missing file
    MD5: 9f4af6774469976ecc55bcd106aab7eb
ftp://updates.redhat.com/rhn/public/NULL/python-docs/1.5.2-43.72.2/ia64/python-docs-1.5.2-43.72.2.ia64.rpm
Missing file
    MD5: 7c5b50475dfc7d6874cd79ecca36c706
ftp://updates.redhat.com/rhn/public/NULL/python-tools/1.5.2-43.72.2/ia64/python-tools-1.5.2-43.72.2.ia64.rpm
Missing file
    MD5: 484c39c1e535e79d5d36bbe75ff0f9d9
ftp://updates.redhat.com/rhn/public/NULL/tkinter/1.5.2-43.72.2/ia64/tkinter-1.5.2-43.72.2.ia64.rpm
Missing file
    MD5: 7f95d845167e93fd722e53ca35e28776
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
ftp://updates.redhat.com/rhn/public/NULL/python/1.5.2-43.72.2/i386/python-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: 2eedfdef76a114b2249a0d8aead905c8
ftp://updates.redhat.com/rhn/public/NULL/python-devel/1.5.2-43.72.2/i386/python-devel-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: d7bf8b0ceacec84d025fd4ea65f58c77
ftp://updates.redhat.com/rhn/public/NULL/python-docs/1.5.2-43.72.2/i386/python-docs-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: b9218c661a5efac21f011b48553e26f1
ftp://updates.redhat.com/rhn/public/NULL/python-tools/1.5.2-43.72.2/i386/python-tools-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: 865e1d43ac445880137638a8574f8e6f
ftp://updates.redhat.com/rhn/public/NULL/tkinter/1.5.2-43.72.2/i386/tkinter-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: 057a0423a93e1bc9d4c01917628aa3af
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
ftp://updates.redhat.com/rhn/public/NULL/python/1.5.2-43.72.2/i386/python-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: 2eedfdef76a114b2249a0d8aead905c8
ftp://updates.redhat.com/rhn/public/NULL/python-devel/1.5.2-43.72.2/i386/python-devel-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: d7bf8b0ceacec84d025fd4ea65f58c77
ftp://updates.redhat.com/rhn/public/NULL/python-docs/1.5.2-43.72.2/i386/python-docs-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: b9218c661a5efac21f011b48553e26f1
ftp://updates.redhat.com/rhn/public/NULL/python-tools/1.5.2-43.72.2/i386/python-tools-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: 865e1d43ac445880137638a8574f8e6f
ftp://updates.redhat.com/rhn/public/NULL/tkinter/1.5.2-43.72.2/i386/tkinter-1.5.2-43.72.2.i386.rpm
Missing file
    MD5: 057a0423a93e1bc9d4c01917628aa3af
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
ftp://updates.redhat.com/rhn/public/NULL/python/1.5.2-43.72.2/ia64/python-1.5.2-43.72.2.ia64.rpm
Missing file
    MD5: b81ce154379e65cd37e8cb559eb2ae1d
ftp://updates.redhat.com/rhn/public/NULL/python-devel/1.5.2-43.72.2/ia64/python-devel-1.5.2-43.72.2.ia64.rpm
Missing file
    MD5: 9f4af6774469976ecc55bcd106aab7eb
ftp://updates.redhat.com/rhn/public/NULL/python-docs/1.5.2-43.72.2/ia64/python-docs-1.5.2-43.72.2.ia64.rpm
Missing file
    MD5: 7c5b50475dfc7d6874cd79ecca36c706
ftp://updates.redhat.com/rhn/public/NULL/python-tools/1.5.2-43.72.2/ia64/python-tools-1.5.2-43.72.2.ia64.rpm
Missing file
    MD5: 484c39c1e535e79d5d36bbe75ff0f9d9
ftp://updates.redhat.com/rhn/public/NULL/tkinter/1.5.2-43.72.2/ia64/tkinter-1.5.2-43.72.2.ia64.rpm
Missing file
    MD5: 7f95d845167e93fd722e53ca35e28776
 

Bugs fixed (see bugzilla for more information)

235093 - CVE-2007-2052 Off-by-one in python's locale.strxfrm()
383371 - CVE-2006-7228 pcre integer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/