[RHSA-2006:0713-01] Important: python security update

bugzilla at redhat.com bugzilla at redhat.com
Mon Oct 9 21:57:36 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: python security update
Advisory ID:       RHSA-2006:0713-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0713.html
Issue date:        2006-10-09
Updated on:        2006-10-09
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-4980 
- ---------------------------------------------------------------------

1. Summary:

Updated Python packages are now available to correct a security issue in
Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Python is an interpreted, interactive, object-oriented programming language.

A flaw was discovered in the way that the Python repr() function handled
UTF-32/UCS-4 strings.  If an application written in Python used the repr()
function on untrusted data, this could lead to a denial of service or
possibly allow the execution of arbitrary code with the privileges of the
Python application.  (CVE-2006-4980)

In addition, this errata fixes a regression in the SimpleXMLRPCServer
backport for Red Hat Enterprise Linux 3 that was introduced with RHSA-2005:109.

Users of Python should upgrade to these updated packages, which contain a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

160418 - Error in RHEL3-U4-errata python python-2.2-xmlfix.patch
208162 - CVE-2006-4980 repr unicode buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/python-2.2.3-6.5.src.rpm
7bd55e73c3a8afcf2190233bce2d3424  python-2.2.3-6.5.src.rpm

i386:
aa5c6ddaf74636f828d89565c440a84f  python-2.2.3-6.5.i386.rpm
91d2242eb5fdf234dc8cd8935e67864e  python-debuginfo-2.2.3-6.5.i386.rpm
7921f372dc7adb3b47b72ced396114cf  python-devel-2.2.3-6.5.i386.rpm
d1ff62856ebeb0b64c8e893d6d20686b  python-tools-2.2.3-6.5.i386.rpm
aa5a4072f9483e2d9127d2100787a1f1  tkinter-2.2.3-6.5.i386.rpm

ia64:
23e24399883628b9213e6bb2c1310384  python-2.2.3-6.5.ia64.rpm
0de3fb91fd40261e0434cdc7002391ec  python-debuginfo-2.2.3-6.5.ia64.rpm
6ad20da697f6f72b543a25394f831421  python-devel-2.2.3-6.5.ia64.rpm
ef9a9aa4f82ea2862f3233c63623c0b8  python-tools-2.2.3-6.5.ia64.rpm
36c74ec8d24b295d6574ecada425591b  tkinter-2.2.3-6.5.ia64.rpm

ppc:
513bc522e279569ca5ae609cc02a0901  python-2.2.3-6.5.ppc.rpm
3fbb1cb6de72bf7a098b19f6cafe8007  python-debuginfo-2.2.3-6.5.ppc.rpm
959ba7380d7f1830c0132ed570b55f8f  python-devel-2.2.3-6.5.ppc.rpm
3fcbd3b923c1a4534f96cd717e1d0cf0  python-tools-2.2.3-6.5.ppc.rpm
240da66aab0fdef51662566bd9be8acb  tkinter-2.2.3-6.5.ppc.rpm

s390:
95fbb55320dadfd9f9cad87038506695  python-2.2.3-6.5.s390.rpm
040ad1bf4c3bd0f4600958bb1ed0d231  python-debuginfo-2.2.3-6.5.s390.rpm
73137cda244d7ef351962d5e513e9ab6  python-devel-2.2.3-6.5.s390.rpm
71da560c7523b01b9c6e0d9c4a87c2c0  python-tools-2.2.3-6.5.s390.rpm
a93a8b2d9a7a2dc0dba6bc481e0dad1c  tkinter-2.2.3-6.5.s390.rpm

s390x:
01363b0b6d57f7c66419b32038020782  python-2.2.3-6.5.s390x.rpm
1b511b48bff4f6cb51b406cab0905bcd  python-debuginfo-2.2.3-6.5.s390x.rpm
9cdd24346a67eccf627d9e604d0775aa  python-devel-2.2.3-6.5.s390x.rpm
a902f110ed483432451663e9fc546706  python-tools-2.2.3-6.5.s390x.rpm
cf46eeccc6308d6598e5fd336bb3644e  tkinter-2.2.3-6.5.s390x.rpm

x86_64:
edb81dd6e870bcf318cd33ee97555c39  python-2.2.3-6.5.x86_64.rpm
1a903d13fa25c5e1cc556999f52d96c5  python-debuginfo-2.2.3-6.5.x86_64.rpm
c75ca79933b9ecbe82c711f8ed79e96b  python-devel-2.2.3-6.5.x86_64.rpm
0f4df04e3e60b21fe40992df711c61a7  python-tools-2.2.3-6.5.x86_64.rpm
7351fc8da36d14d3a74171948c5e3823  tkinter-2.2.3-6.5.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/python-2.2.3-6.5.src.rpm
7bd55e73c3a8afcf2190233bce2d3424  python-2.2.3-6.5.src.rpm

i386:
aa5c6ddaf74636f828d89565c440a84f  python-2.2.3-6.5.i386.rpm
91d2242eb5fdf234dc8cd8935e67864e  python-debuginfo-2.2.3-6.5.i386.rpm
7921f372dc7adb3b47b72ced396114cf  python-devel-2.2.3-6.5.i386.rpm
d1ff62856ebeb0b64c8e893d6d20686b  python-tools-2.2.3-6.5.i386.rpm
aa5a4072f9483e2d9127d2100787a1f1  tkinter-2.2.3-6.5.i386.rpm

x86_64:
edb81dd6e870bcf318cd33ee97555c39  python-2.2.3-6.5.x86_64.rpm
1a903d13fa25c5e1cc556999f52d96c5  python-debuginfo-2.2.3-6.5.x86_64.rpm
c75ca79933b9ecbe82c711f8ed79e96b  python-devel-2.2.3-6.5.x86_64.rpm
0f4df04e3e60b21fe40992df711c61a7  python-tools-2.2.3-6.5.x86_64.rpm
7351fc8da36d14d3a74171948c5e3823  tkinter-2.2.3-6.5.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/python-2.2.3-6.5.src.rpm
7bd55e73c3a8afcf2190233bce2d3424  python-2.2.3-6.5.src.rpm

i386:
aa5c6ddaf74636f828d89565c440a84f  python-2.2.3-6.5.i386.rpm
91d2242eb5fdf234dc8cd8935e67864e  python-debuginfo-2.2.3-6.5.i386.rpm
7921f372dc7adb3b47b72ced396114cf  python-devel-2.2.3-6.5.i386.rpm
d1ff62856ebeb0b64c8e893d6d20686b  python-tools-2.2.3-6.5.i386.rpm
aa5a4072f9483e2d9127d2100787a1f1  tkinter-2.2.3-6.5.i386.rpm

ia64:
23e24399883628b9213e6bb2c1310384  python-2.2.3-6.5.ia64.rpm
0de3fb91fd40261e0434cdc7002391ec  python-debuginfo-2.2.3-6.5.ia64.rpm
6ad20da697f6f72b543a25394f831421  python-devel-2.2.3-6.5.ia64.rpm
ef9a9aa4f82ea2862f3233c63623c0b8  python-tools-2.2.3-6.5.ia64.rpm
36c74ec8d24b295d6574ecada425591b  tkinter-2.2.3-6.5.ia64.rpm

x86_64:
edb81dd6e870bcf318cd33ee97555c39  python-2.2.3-6.5.x86_64.rpm
1a903d13fa25c5e1cc556999f52d96c5  python-debuginfo-2.2.3-6.5.x86_64.rpm
c75ca79933b9ecbe82c711f8ed79e96b  python-devel-2.2.3-6.5.x86_64.rpm
0f4df04e3e60b21fe40992df711c61a7  python-tools-2.2.3-6.5.x86_64.rpm
7351fc8da36d14d3a74171948c5e3823  tkinter-2.2.3-6.5.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/python-2.2.3-6.5.src.rpm
7bd55e73c3a8afcf2190233bce2d3424  python-2.2.3-6.5.src.rpm

i386:
aa5c6ddaf74636f828d89565c440a84f  python-2.2.3-6.5.i386.rpm
91d2242eb5fdf234dc8cd8935e67864e  python-debuginfo-2.2.3-6.5.i386.rpm
7921f372dc7adb3b47b72ced396114cf  python-devel-2.2.3-6.5.i386.rpm
d1ff62856ebeb0b64c8e893d6d20686b  python-tools-2.2.3-6.5.i386.rpm
aa5a4072f9483e2d9127d2100787a1f1  tkinter-2.2.3-6.5.i386.rpm

ia64:
23e24399883628b9213e6bb2c1310384  python-2.2.3-6.5.ia64.rpm
0de3fb91fd40261e0434cdc7002391ec  python-debuginfo-2.2.3-6.5.ia64.rpm
6ad20da697f6f72b543a25394f831421  python-devel-2.2.3-6.5.ia64.rpm
ef9a9aa4f82ea2862f3233c63623c0b8  python-tools-2.2.3-6.5.ia64.rpm
36c74ec8d24b295d6574ecada425591b  tkinter-2.2.3-6.5.ia64.rpm

x86_64:
edb81dd6e870bcf318cd33ee97555c39  python-2.2.3-6.5.x86_64.rpm
1a903d13fa25c5e1cc556999f52d96c5  python-debuginfo-2.2.3-6.5.x86_64.rpm
c75ca79933b9ecbe82c711f8ed79e96b  python-devel-2.2.3-6.5.x86_64.rpm
0f4df04e3e60b21fe40992df711c61a7  python-tools-2.2.3-6.5.x86_64.rpm
7351fc8da36d14d3a74171948c5e3823  tkinter-2.2.3-6.5.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/python-2.3.4-14.3.src.rpm
b77a2036a4496f91b19cf2bfc228ef9d  python-2.3.4-14.3.src.rpm

i386:
588b1be239522d3e55b89bbb21d6ceec  python-2.3.4-14.3.i386.rpm
f3db32a8d02225747ccd3a1e163644c6  python-debuginfo-2.3.4-14.3.i386.rpm
3431de9944ebcb847be132b64e87e513  python-devel-2.3.4-14.3.i386.rpm
c5b70323157c303f143db6d3ba369f58  python-docs-2.3.4-14.3.i386.rpm
06aab46ed671d94158d0d0b814b8427b  python-tools-2.3.4-14.3.i386.rpm
3e78a7ef509eb7d19ed6aac9fa6c6546  tkinter-2.3.4-14.3.i386.rpm

ia64:
54f132a54ad12115cd8f3289cfb19c3c  python-2.3.4-14.3.ia64.rpm
b58697dedc25b259f53b4a1c2600e9af  python-debuginfo-2.3.4-14.3.ia64.rpm
b926a960dd693a2c68f417cb709f8f72  python-devel-2.3.4-14.3.ia64.rpm
0cd0c817921b4acf6b3093017302497c  python-docs-2.3.4-14.3.ia64.rpm
3b618ab235a709c92a47d5b9c3c99a9c  python-tools-2.3.4-14.3.ia64.rpm
45bf62592d6ea608d3cde2843444f021  tkinter-2.3.4-14.3.ia64.rpm

ppc:
7da257f798eba9dd049681325b99a688  python-2.3.4-14.3.ppc.rpm
979f91ead60ad5a16134af1a1bab0673  python-debuginfo-2.3.4-14.3.ppc.rpm
fcca089e509abe70e99907a028ea5e54  python-devel-2.3.4-14.3.ppc.rpm
f79cda57f4daf646765d144256669c18  python-docs-2.3.4-14.3.ppc.rpm
6c4d7d3cc8318431808076953c72faf0  python-tools-2.3.4-14.3.ppc.rpm
3795d5229135336249a8f190ecf391b1  tkinter-2.3.4-14.3.ppc.rpm

s390:
75743f9134b65b15531fd54441bc2074  python-2.3.4-14.3.s390.rpm
63e55bfca293aa0bd0fc3a9698055297  python-debuginfo-2.3.4-14.3.s390.rpm
5fd3244000892911334f7010529d0b7e  python-devel-2.3.4-14.3.s390.rpm
fdda555ab73dbf88b399f9997cc1cd2f  python-docs-2.3.4-14.3.s390.rpm
e0784b78a875e072e52bf6e5b1289555  python-tools-2.3.4-14.3.s390.rpm
edbd15c9cd96d53581b2634cde714a18  tkinter-2.3.4-14.3.s390.rpm

s390x:
fbf37d4cc36b601c137e291fd760fc21  python-2.3.4-14.3.s390x.rpm
dd0473e9dfab38025035c6fa29d6ab92  python-debuginfo-2.3.4-14.3.s390x.rpm
3cac0c4e00681da4bdbb3e3ea3d34f5e  python-devel-2.3.4-14.3.s390x.rpm
94a85e10ef45b34ec2771007ed020a4a  python-docs-2.3.4-14.3.s390x.rpm
87362e01198a3e4e90a0363106446510  python-tools-2.3.4-14.3.s390x.rpm
9b6f208be55ef77e869be749343d7eef  tkinter-2.3.4-14.3.s390x.rpm

x86_64:
629204e2dfb213386bd616acf9c77f00  python-2.3.4-14.3.x86_64.rpm
0b4389017feedec4b372d215d7e30bd2  python-debuginfo-2.3.4-14.3.x86_64.rpm
f21880ce6f9bb3638fe221b9300200a7  python-devel-2.3.4-14.3.x86_64.rpm
ac59cfd06813a19a38f6771af45b1372  python-docs-2.3.4-14.3.x86_64.rpm
883f381cf0d71afb267782d0e7c0bf55  python-tools-2.3.4-14.3.x86_64.rpm
22ab34f9f5f8d46141e0e08b45cc3c62  tkinter-2.3.4-14.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/python-2.3.4-14.3.src.rpm
b77a2036a4496f91b19cf2bfc228ef9d  python-2.3.4-14.3.src.rpm

i386:
588b1be239522d3e55b89bbb21d6ceec  python-2.3.4-14.3.i386.rpm
f3db32a8d02225747ccd3a1e163644c6  python-debuginfo-2.3.4-14.3.i386.rpm
3431de9944ebcb847be132b64e87e513  python-devel-2.3.4-14.3.i386.rpm
c5b70323157c303f143db6d3ba369f58  python-docs-2.3.4-14.3.i386.rpm
06aab46ed671d94158d0d0b814b8427b  python-tools-2.3.4-14.3.i386.rpm
3e78a7ef509eb7d19ed6aac9fa6c6546  tkinter-2.3.4-14.3.i386.rpm

x86_64:
629204e2dfb213386bd616acf9c77f00  python-2.3.4-14.3.x86_64.rpm
0b4389017feedec4b372d215d7e30bd2  python-debuginfo-2.3.4-14.3.x86_64.rpm
f21880ce6f9bb3638fe221b9300200a7  python-devel-2.3.4-14.3.x86_64.rpm
ac59cfd06813a19a38f6771af45b1372  python-docs-2.3.4-14.3.x86_64.rpm
883f381cf0d71afb267782d0e7c0bf55  python-tools-2.3.4-14.3.x86_64.rpm
22ab34f9f5f8d46141e0e08b45cc3c62  tkinter-2.3.4-14.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/python-2.3.4-14.3.src.rpm
b77a2036a4496f91b19cf2bfc228ef9d  python-2.3.4-14.3.src.rpm

i386:
588b1be239522d3e55b89bbb21d6ceec  python-2.3.4-14.3.i386.rpm
f3db32a8d02225747ccd3a1e163644c6  python-debuginfo-2.3.4-14.3.i386.rpm
3431de9944ebcb847be132b64e87e513  python-devel-2.3.4-14.3.i386.rpm
c5b70323157c303f143db6d3ba369f58  python-docs-2.3.4-14.3.i386.rpm
06aab46ed671d94158d0d0b814b8427b  python-tools-2.3.4-14.3.i386.rpm
3e78a7ef509eb7d19ed6aac9fa6c6546  tkinter-2.3.4-14.3.i386.rpm

ia64:
54f132a54ad12115cd8f3289cfb19c3c  python-2.3.4-14.3.ia64.rpm
b58697dedc25b259f53b4a1c2600e9af  python-debuginfo-2.3.4-14.3.ia64.rpm
b926a960dd693a2c68f417cb709f8f72  python-devel-2.3.4-14.3.ia64.rpm
0cd0c817921b4acf6b3093017302497c  python-docs-2.3.4-14.3.ia64.rpm
3b618ab235a709c92a47d5b9c3c99a9c  python-tools-2.3.4-14.3.ia64.rpm
45bf62592d6ea608d3cde2843444f021  tkinter-2.3.4-14.3.ia64.rpm

x86_64:
629204e2dfb213386bd616acf9c77f00  python-2.3.4-14.3.x86_64.rpm
0b4389017feedec4b372d215d7e30bd2  python-debuginfo-2.3.4-14.3.x86_64.rpm
f21880ce6f9bb3638fe221b9300200a7  python-devel-2.3.4-14.3.x86_64.rpm
ac59cfd06813a19a38f6771af45b1372  python-docs-2.3.4-14.3.x86_64.rpm
883f381cf0d71afb267782d0e7c0bf55  python-tools-2.3.4-14.3.x86_64.rpm
22ab34f9f5f8d46141e0e08b45cc3c62  tkinter-2.3.4-14.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/python-2.3.4-14.3.src.rpm
b77a2036a4496f91b19cf2bfc228ef9d  python-2.3.4-14.3.src.rpm

i386:
588b1be239522d3e55b89bbb21d6ceec  python-2.3.4-14.3.i386.rpm
f3db32a8d02225747ccd3a1e163644c6  python-debuginfo-2.3.4-14.3.i386.rpm
3431de9944ebcb847be132b64e87e513  python-devel-2.3.4-14.3.i386.rpm
c5b70323157c303f143db6d3ba369f58  python-docs-2.3.4-14.3.i386.rpm
06aab46ed671d94158d0d0b814b8427b  python-tools-2.3.4-14.3.i386.rpm
3e78a7ef509eb7d19ed6aac9fa6c6546  tkinter-2.3.4-14.3.i386.rpm

ia64:
54f132a54ad12115cd8f3289cfb19c3c  python-2.3.4-14.3.ia64.rpm
b58697dedc25b259f53b4a1c2600e9af  python-debuginfo-2.3.4-14.3.ia64.rpm
b926a960dd693a2c68f417cb709f8f72  python-devel-2.3.4-14.3.ia64.rpm
0cd0c817921b4acf6b3093017302497c  python-docs-2.3.4-14.3.ia64.rpm
3b618ab235a709c92a47d5b9c3c99a9c  python-tools-2.3.4-14.3.ia64.rpm
45bf62592d6ea608d3cde2843444f021  tkinter-2.3.4-14.3.ia64.rpm

x86_64:
629204e2dfb213386bd616acf9c77f00  python-2.3.4-14.3.x86_64.rpm
0b4389017feedec4b372d215d7e30bd2  python-debuginfo-2.3.4-14.3.x86_64.rpm
f21880ce6f9bb3638fe221b9300200a7  python-devel-2.3.4-14.3.x86_64.rpm
ac59cfd06813a19a38f6771af45b1372  python-docs-2.3.4-14.3.x86_64.rpm
883f381cf0d71afb267782d0e7c0bf55  python-tools-2.3.4-14.3.x86_64.rpm
22ab34f9f5f8d46141e0e08b45cc3c62  tkinter-2.3.4-14.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFFKsWiXlSAg2UNWIIRAsMxAJsGg8xVk/q0TFW1599G55i5mb+CNQCgiXXG
CTCTXJtQNossU9qiyBvkz9U=
=4hbK
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list