Uočena su tri nova sigurnosna nedostatka kod programskog paketa python. Napadači ih mogu iskoristiti za napad uskraćivanjem usluge (eng. Denial of Service, DoS) i otkrivanje osjetljivih informacija.
Paket:
python 2.x
Operacijski sustavi:
Fedora 17
Kritičnost:
5
Problem:
pogreška u programskoj funkciji, pogreška u programskoj komponenti
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-5892
2012-04-14 01:41:11
--------------------------------------------------------------------------------
Name : python
Product : Fedora 17
Version : 2.7.3
Release : 3.fc17
URL : http://www.python.org/
Summary : An interpreted, interactive, object-oriented programming language
Description :
Python is an interpreted, interactive, object-oriented programming
language often compared to Tcl, Perl, Scheme or Java. Python includes
modules, classes, exceptions, very high level dynamic data types and
dynamic typing. Python supports interfaces to many system calls and
libraries, as well as to various windowing systems (X11, Motif, Tk,
Mac and MFC).
Programmers can write new built-in modules for Python in C or C++.
Python can be used as an extension language for applications that need
a programmable interface.
Note that documentation for Python is provided in the python-docs
package.
This package provides the "python" executable; most of the actual
implementation is within the "python-libs" package.
--------------------------------------------------------------------------------
Update Information:
Rebase of Python 2 ("python") from 2.7.2 to 2.7.3, bringing in security fixes,
along with numerous other bugfixes.
See http://python.org/download/releases/2.7.3/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #750555 - CVE-2012-1150 python: hash table collisions CPU usage DoS
(oCERT-2011-003)
https://bugzilla.redhat.com/show_bug.cgi?id=750555
[ 2 ] Bug #789790 - CVE-2012-0845 python: SimpleXMLRPCServer CPU usage DoS via
malformed XML-RPC request
https://bugzilla.redhat.com/show_bug.cgi?id=789790
[ 3 ] Bug #812068 - python: SSL CBC IV vulnerability (CVE-2011-3389, BEAST)
https://bugzilla.redhat.com/show_bug.cgi?id=812068
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke