Skip to navigation

Security Advisory Low: python security and bug fix update

Advisory: RHSA-2011:0260-1
Type: Security Advisory
Severity: Low
Issued on: 2011-02-16
Last updated on: 2011-02-16
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2009-4134
CVE-2010-1449
CVE-2010-1450

Details

Updated python packages that fix multiple security issues and three bugs
are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Python is an interpreted, interactive, object-oriented programming
language.

Multiple flaws were found in the Python rgbimg module. If an application
written in Python was using the rgbimg module and loaded a
specially-crafted SGI image file, it could cause the application to crash
or, possibly, execute arbitrary code with the privileges of the user
running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)

This update also fixes the following bugs:

* Python 2.3.4's time.strptime() function did not correctly handle the "%W"
week number format string. This update backports the _strptime
implementation from Python 2.3.6, fixing this issue. (BZ#436001)

* Python 2.3.4's socket.htons() function returned partially-uninitialized
data on IBM System z, generally leading to incorrect results. (BZ#513341)

* Python 2.3.4's pwd.getpwuid() and grp.getgrgid() functions did not
support the full range of user and group IDs on 64-bit architectures,
leading to "OverflowError" exceptions for large input values. This update
adds support for the full range of user and group IDs on 64-bit
architectures. (BZ#497540)

Users of Python should upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
python-2.3.4-14.9.el4.src.rpm
File outdated by:  RHSA-2011:0491
    MD5: a0b2b7d9022fb2efadb1918c6bcde67c
SHA-256: 3064520c5f5c1e9d19e22fbfff6ba980fd0513a7b693d9c3da789a80425ee878
 
IA-32:
python-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: e9e62a94d560ebfebfddbc95e9ef1de1
SHA-256: 51f942d3660ceda13fd3886e2b50207a95ce4e69e6f58025253d71ea96136c60
python-devel-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: a16cd9822db5c22e40b6677111f36471
SHA-256: a847bf1128677d30564d5871b8793adfe2c0ecea3b4ba9340efcdd3959f2554a
python-docs-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: e0a994b8ba72d6e642bcf69ad3396d82
SHA-256: b9b551b881be9227af889513cb78be8d34064787ca853b9158f860066d24b4a0
python-tools-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: 9f0afd2662f8e307506f040c91593d13
SHA-256: 22e4078ce0d0164dc13e6a66fd0ead00d44d2d4bfc2ea7e255085ba22b3bdac4
tkinter-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: 26b3fe1669e0e0575be55563e10eff19
SHA-256: 9678c07737e91e71c56c309e2e04455b6539b1b9be75fbb3f834d0d3019b0125
 
x86_64:
python-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 5b428cdf0dc9db2f9416c930b60ac677
SHA-256: edad95b8eea63f3826331efdda2e193090b89e8ee5bd98e710ac3c101bc2df4d
python-devel-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: e097324c24e9a6402895d2030cf7d004
SHA-256: 673965c2f9f6854e41e4e415dfba123e8d7a62f54e707b9470147792afb06255
python-docs-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 95425a9fc45220ed14a42884aaa796d4
SHA-256: c1bcb49e78469dc9e6581344e285a6e00eeb6292069584c131167466e2da4f43
python-tools-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 55b21633511813469da29ca2fdf9e82a
SHA-256: dab27cef5f77cc4143f8d266e29df40fa5b93ecaf08e44814e0f290ccf92db48
tkinter-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: bd29234c09bad6dfa0fa69cf0392b4b3
SHA-256: 67e5121866d8092a0b02c8df366f527e57c33c67970ebd863a835a1c8530d665
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
python-2.3.4-14.9.el4.src.rpm
File outdated by:  RHSA-2011:0491
    MD5: a0b2b7d9022fb2efadb1918c6bcde67c
SHA-256: 3064520c5f5c1e9d19e22fbfff6ba980fd0513a7b693d9c3da789a80425ee878
 
IA-32:
python-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: e9e62a94d560ebfebfddbc95e9ef1de1
SHA-256: 51f942d3660ceda13fd3886e2b50207a95ce4e69e6f58025253d71ea96136c60
python-devel-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: a16cd9822db5c22e40b6677111f36471
SHA-256: a847bf1128677d30564d5871b8793adfe2c0ecea3b4ba9340efcdd3959f2554a
python-docs-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: e0a994b8ba72d6e642bcf69ad3396d82
SHA-256: b9b551b881be9227af889513cb78be8d34064787ca853b9158f860066d24b4a0
python-tools-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: 9f0afd2662f8e307506f040c91593d13
SHA-256: 22e4078ce0d0164dc13e6a66fd0ead00d44d2d4bfc2ea7e255085ba22b3bdac4
tkinter-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: 26b3fe1669e0e0575be55563e10eff19
SHA-256: 9678c07737e91e71c56c309e2e04455b6539b1b9be75fbb3f834d0d3019b0125
 
IA-64:
python-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: b716ceb89690edf8d7a1238ade77db35
SHA-256: dd611cad9ea74462c36541945a4f7773f144e765d9c91a5a16cac467931a71c4
python-devel-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 3dbe411f72b4d4a53777fc576fbfd7c4
SHA-256: fa23718db3fd9d167447b42d4d7d0cf0f9e27c6f42f1bebdaf643e8795615986
python-docs-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 15ee217f29b8bbb7fd907a1326053d9b
SHA-256: a6028f4196eca8bb07d6a3cba6aeed8faee90bf0f4ad1296f055defaf0cec644
python-tools-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: fa7266680710bb6151ddce99a2ee1d82
SHA-256: f1d2daf5a25b68bef4a480f1352388ea4e08ae5b5768b5548a0a953d116f95b5
tkinter-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: cc872868b9489a0e4836ad6b13cc2b0b
SHA-256: 73b14fcb0fd8c6078f47e40bf26543db37962913c3e6d1e03bcf9aca91df7b12
 
PPC:
python-2.3.4-14.9.el4.ppc.rpm
File outdated by:  RHSA-2011:0491
    MD5: b08bea9adfc0d575c57470df61d770ab
SHA-256: 7be4497165a04afa7b3a8b2a20c9e78a497707fb0a064a36bc6d12e4d71c6bf5
python-devel-2.3.4-14.9.el4.ppc.rpm
File outdated by:  RHSA-2011:0491
    MD5: 29958b63af4bb1cba7a164a24487068f
SHA-256: 45e2361b250ee552d3dbd2738923bde5cae32ae1c479010da4eeccf27cc7faea
python-docs-2.3.4-14.9.el4.ppc.rpm
File outdated by:  RHSA-2011:0491
    MD5: 9ad7d56782ef5927fcdea1e0324a38a5
SHA-256: d51037d98e38300f32355234474bfb4ec40c5d92494c6b5a0d7584d1dfd78021
python-tools-2.3.4-14.9.el4.ppc.rpm
File outdated by:  RHSA-2011:0491
    MD5: adfd25394d76cece16b81f2db80229f9
SHA-256: d5093edde12292474fcb28fa6b7bcb9c897dec690ef3e841d758cce75a1d17d5
tkinter-2.3.4-14.9.el4.ppc.rpm
File outdated by:  RHSA-2011:0491
    MD5: 74b28704b71ebeb06ab8ce7602ad846c
SHA-256: a0555e011493e790dad5393b815ae0712cf1caea4fcdbbe74045dc5fee77385b
 
s390:
python-2.3.4-14.9.el4.s390.rpm
File outdated by:  RHSA-2011:0491
    MD5: 2a6fad2b7ec3b0a926d5528605ccfcb2
SHA-256: 8a5012a5b9e2fd3802cf114d0a3401f6cd536bf21963392a226b882508d5ce10
python-devel-2.3.4-14.9.el4.s390.rpm
File outdated by:  RHSA-2011:0491
    MD5: b22a0b7bc714ae0da7add2ee0624cbb2
SHA-256: 88f99bbe68f0d29f418d4b02452a42b24fe18921647db04d2ac516caea401094
python-docs-2.3.4-14.9.el4.s390.rpm
File outdated by:  RHSA-2011:0491
    MD5: 9b5787ba87f2992da65536f26fe02133
SHA-256: 9fa017ecc1482a30712b696cd8a4d36f24ca69c2e32658c3ce05f0ed98581169
python-tools-2.3.4-14.9.el4.s390.rpm
File outdated by:  RHSA-2011:0491
    MD5: aa652a9adb59e7e9a608235e5d5d1b1b
SHA-256: d1bdba98841fbe20cd2676092b8c5cb400fc40a51cb790e1af5542a09ee746a4
tkinter-2.3.4-14.9.el4.s390.rpm
File outdated by:  RHSA-2011:0491
    MD5: 71bffdc0f9eac6876a97abf3bea8d4d7
SHA-256: 89d21cf8a64d0cd66ea02d7e593c1fee4e45223efb57b2bf851d0a95b9a2a987
 
s390x:
python-2.3.4-14.9.el4.s390x.rpm
File outdated by:  RHSA-2011:0491
    MD5: 4630544461c870a41997e42f68f871c4
SHA-256: b384ec3e03a9f96073ad02e25b4d60c5c48d67b06d8b9457e728fa072a8236c3
python-devel-2.3.4-14.9.el4.s390x.rpm
File outdated by:  RHSA-2011:0491
    MD5: 33cdd9579e5e13529afc8251486c1bfc
SHA-256: b2179a50ec3fbf010ecf31b9355299d0a484aec00af5bfc8170c5a647dcb9987
python-docs-2.3.4-14.9.el4.s390x.rpm
File outdated by:  RHSA-2011:0491
    MD5: 40e53286f6d4fbd2c60efeadd3d1c291
SHA-256: db122dc96a0662c952431cbae17ac0eebed61c644c1b69af36dea69db7ad2c69
python-tools-2.3.4-14.9.el4.s390x.rpm
File outdated by:  RHSA-2011:0491
    MD5: 2e7c3d5051e28941a5806a66cba3326d
SHA-256: 96e6330f1415a93b26f31ee08eee85f9713312528c654bdbf03465844918517f
tkinter-2.3.4-14.9.el4.s390x.rpm
File outdated by:  RHSA-2011:0491
    MD5: 832e468c0a65e6cb9b70c7f8a15dc4f8
SHA-256: afd4efc5e8b90d854cea5c803ccb05510986561ec79e9a5af48f146a04676dee
 
x86_64:
python-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 5b428cdf0dc9db2f9416c930b60ac677
SHA-256: edad95b8eea63f3826331efdda2e193090b89e8ee5bd98e710ac3c101bc2df4d
python-devel-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: e097324c24e9a6402895d2030cf7d004
SHA-256: 673965c2f9f6854e41e4e415dfba123e8d7a62f54e707b9470147792afb06255
python-docs-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 95425a9fc45220ed14a42884aaa796d4
SHA-256: c1bcb49e78469dc9e6581344e285a6e00eeb6292069584c131167466e2da4f43
python-tools-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 55b21633511813469da29ca2fdf9e82a
SHA-256: dab27cef5f77cc4143f8d266e29df40fa5b93ecaf08e44814e0f290ccf92db48
tkinter-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: bd29234c09bad6dfa0fa69cf0392b4b3
SHA-256: 67e5121866d8092a0b02c8df366f527e57c33c67970ebd863a835a1c8530d665
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
python-2.3.4-14.9.el4.src.rpm
File outdated by:  RHSA-2011:0491
    MD5: a0b2b7d9022fb2efadb1918c6bcde67c
SHA-256: 3064520c5f5c1e9d19e22fbfff6ba980fd0513a7b693d9c3da789a80425ee878
 
IA-32:
python-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: e9e62a94d560ebfebfddbc95e9ef1de1
SHA-256: 51f942d3660ceda13fd3886e2b50207a95ce4e69e6f58025253d71ea96136c60
python-devel-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: a16cd9822db5c22e40b6677111f36471
SHA-256: a847bf1128677d30564d5871b8793adfe2c0ecea3b4ba9340efcdd3959f2554a
python-docs-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: e0a994b8ba72d6e642bcf69ad3396d82
SHA-256: b9b551b881be9227af889513cb78be8d34064787ca853b9158f860066d24b4a0
python-tools-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: 9f0afd2662f8e307506f040c91593d13
SHA-256: 22e4078ce0d0164dc13e6a66fd0ead00d44d2d4bfc2ea7e255085ba22b3bdac4
tkinter-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: 26b3fe1669e0e0575be55563e10eff19
SHA-256: 9678c07737e91e71c56c309e2e04455b6539b1b9be75fbb3f834d0d3019b0125
 
IA-64:
python-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: b716ceb89690edf8d7a1238ade77db35
SHA-256: dd611cad9ea74462c36541945a4f7773f144e765d9c91a5a16cac467931a71c4
python-devel-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 3dbe411f72b4d4a53777fc576fbfd7c4
SHA-256: fa23718db3fd9d167447b42d4d7d0cf0f9e27c6f42f1bebdaf643e8795615986
python-docs-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 15ee217f29b8bbb7fd907a1326053d9b
SHA-256: a6028f4196eca8bb07d6a3cba6aeed8faee90bf0f4ad1296f055defaf0cec644
python-tools-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: fa7266680710bb6151ddce99a2ee1d82
SHA-256: f1d2daf5a25b68bef4a480f1352388ea4e08ae5b5768b5548a0a953d116f95b5
tkinter-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: cc872868b9489a0e4836ad6b13cc2b0b
SHA-256: 73b14fcb0fd8c6078f47e40bf26543db37962913c3e6d1e03bcf9aca91df7b12
 
x86_64:
python-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 5b428cdf0dc9db2f9416c930b60ac677
SHA-256: edad95b8eea63f3826331efdda2e193090b89e8ee5bd98e710ac3c101bc2df4d
python-devel-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: e097324c24e9a6402895d2030cf7d004
SHA-256: 673965c2f9f6854e41e4e415dfba123e8d7a62f54e707b9470147792afb06255
python-docs-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 95425a9fc45220ed14a42884aaa796d4
SHA-256: c1bcb49e78469dc9e6581344e285a6e00eeb6292069584c131167466e2da4f43
python-tools-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 55b21633511813469da29ca2fdf9e82a
SHA-256: dab27cef5f77cc4143f8d266e29df40fa5b93ecaf08e44814e0f290ccf92db48
tkinter-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: bd29234c09bad6dfa0fa69cf0392b4b3
SHA-256: 67e5121866d8092a0b02c8df366f527e57c33c67970ebd863a835a1c8530d665
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
python-2.3.4-14.9.el4.src.rpm
File outdated by:  RHSA-2011:0491
    MD5: a0b2b7d9022fb2efadb1918c6bcde67c
SHA-256: 3064520c5f5c1e9d19e22fbfff6ba980fd0513a7b693d9c3da789a80425ee878
 
IA-32:
python-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: e9e62a94d560ebfebfddbc95e9ef1de1
SHA-256: 51f942d3660ceda13fd3886e2b50207a95ce4e69e6f58025253d71ea96136c60
python-devel-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: a16cd9822db5c22e40b6677111f36471
SHA-256: a847bf1128677d30564d5871b8793adfe2c0ecea3b4ba9340efcdd3959f2554a
python-docs-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: e0a994b8ba72d6e642bcf69ad3396d82
SHA-256: b9b551b881be9227af889513cb78be8d34064787ca853b9158f860066d24b4a0
python-tools-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: 9f0afd2662f8e307506f040c91593d13
SHA-256: 22e4078ce0d0164dc13e6a66fd0ead00d44d2d4bfc2ea7e255085ba22b3bdac4
tkinter-2.3.4-14.9.el4.i386.rpm
File outdated by:  RHSA-2011:0491
    MD5: 26b3fe1669e0e0575be55563e10eff19
SHA-256: 9678c07737e91e71c56c309e2e04455b6539b1b9be75fbb3f834d0d3019b0125
 
IA-64:
python-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: b716ceb89690edf8d7a1238ade77db35
SHA-256: dd611cad9ea74462c36541945a4f7773f144e765d9c91a5a16cac467931a71c4
python-devel-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 3dbe411f72b4d4a53777fc576fbfd7c4
SHA-256: fa23718db3fd9d167447b42d4d7d0cf0f9e27c6f42f1bebdaf643e8795615986
python-docs-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 15ee217f29b8bbb7fd907a1326053d9b
SHA-256: a6028f4196eca8bb07d6a3cba6aeed8faee90bf0f4ad1296f055defaf0cec644
python-tools-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: fa7266680710bb6151ddce99a2ee1d82
SHA-256: f1d2daf5a25b68bef4a480f1352388ea4e08ae5b5768b5548a0a953d116f95b5
tkinter-2.3.4-14.9.el4.ia64.rpm
File outdated by:  RHSA-2011:0491
    MD5: cc872868b9489a0e4836ad6b13cc2b0b
SHA-256: 73b14fcb0fd8c6078f47e40bf26543db37962913c3e6d1e03bcf9aca91df7b12
 
x86_64:
python-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 5b428cdf0dc9db2f9416c930b60ac677
SHA-256: edad95b8eea63f3826331efdda2e193090b89e8ee5bd98e710ac3c101bc2df4d
python-devel-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: e097324c24e9a6402895d2030cf7d004
SHA-256: 673965c2f9f6854e41e4e415dfba123e8d7a62f54e707b9470147792afb06255
python-docs-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 95425a9fc45220ed14a42884aaa796d4
SHA-256: c1bcb49e78469dc9e6581344e285a6e00eeb6292069584c131167466e2da4f43
python-tools-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: 55b21633511813469da29ca2fdf9e82a
SHA-256: dab27cef5f77cc4143f8d266e29df40fa5b93ecaf08e44814e0f290ccf92db48
tkinter-2.3.4-14.9.el4.x86_64.rpm
File outdated by:  RHSA-2011:0491
    MD5: bd29234c09bad6dfa0fa69cf0392b4b3
SHA-256: 67e5121866d8092a0b02c8df366f527e57c33c67970ebd863a835a1c8530d665
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

497540 - grp module does not support whole uid/gid range
541698 - CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 python: rgbimg: multiple security issues


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/