[RHSA-2006:0197-01] Moderate: python security update

bugzilla at redhat.com bugzilla at redhat.com
Thu Mar 9 20:56:23 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: python security update
Advisory ID:       RHSA-2006:0197-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0197.html
Issue date:        2006-03-09
Updated on:        2006-03-09
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-2491
- ---------------------------------------------------------------------

1. Summary:

Updated Python packages are now available to correct a security issue.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Python is an interpreted, interactive, object-oriented programming language.

An integer overflow flaw was found in Python's PCRE library that could be
triggered by a maliciously crafted regular expression. On systems that
accept arbitrary regular expressions from untrusted users, this could be
exploited to execute arbitrary code with the privileges of the application
using the library.  The Common Vulnerabilities and Exposures project
assigned the name CVE-2005-2491 to this issue.

Users of Python should upgrade to these updated packages, which contain a
backported patch that is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166335 - CVE-2005-2491 PCRE heap overflow


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1  python-1.5.2-43.72.1.src.rpm

i386:
0f61c0e64c1c55ba51995f7d4cd2041a  python-1.5.2-43.72.1.i386.rpm
109bda6f553ab2f1f7744c0d7c08f7c7  python-devel-1.5.2-43.72.1.i386.rpm
5a0e085579668fc56f99d49ed9e24e27  python-docs-1.5.2-43.72.1.i386.rpm
89e44bb7cee5d62528314681187a727c  python-tools-1.5.2-43.72.1.i386.rpm
92a1bd1a87f2c3a06bf076407cc9efe5  tkinter-1.5.2-43.72.1.i386.rpm

ia64:
35440c0c7525d3538c9b85db25c85ba9  python-1.5.2-43.72.1.ia64.rpm
b2f0acf9206db13d53c9d6537ca38887  python-devel-1.5.2-43.72.1.ia64.rpm
044e2d59c10510eb14a76ec6eb595794  python-docs-1.5.2-43.72.1.ia64.rpm
36e36f4446cd8ee12e86ff1ff409c87b  python-tools-1.5.2-43.72.1.ia64.rpm
f22c83beb9c706d5ba84407a6a5d9e81  tkinter-1.5.2-43.72.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1  python-1.5.2-43.72.1.src.rpm

ia64:
35440c0c7525d3538c9b85db25c85ba9  python-1.5.2-43.72.1.ia64.rpm
b2f0acf9206db13d53c9d6537ca38887  python-devel-1.5.2-43.72.1.ia64.rpm
044e2d59c10510eb14a76ec6eb595794  python-docs-1.5.2-43.72.1.ia64.rpm
36e36f4446cd8ee12e86ff1ff409c87b  python-tools-1.5.2-43.72.1.ia64.rpm
f22c83beb9c706d5ba84407a6a5d9e81  tkinter-1.5.2-43.72.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1  python-1.5.2-43.72.1.src.rpm

i386:
0f61c0e64c1c55ba51995f7d4cd2041a  python-1.5.2-43.72.1.i386.rpm
109bda6f553ab2f1f7744c0d7c08f7c7  python-devel-1.5.2-43.72.1.i386.rpm
5a0e085579668fc56f99d49ed9e24e27  python-docs-1.5.2-43.72.1.i386.rpm
89e44bb7cee5d62528314681187a727c  python-tools-1.5.2-43.72.1.i386.rpm
92a1bd1a87f2c3a06bf076407cc9efe5  tkinter-1.5.2-43.72.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/python-1.5.2-43.72.1.src.rpm
73b95280ec62d80c3f008c279b48d8e1  python-1.5.2-43.72.1.src.rpm

i386:
0f61c0e64c1c55ba51995f7d4cd2041a  python-1.5.2-43.72.1.i386.rpm
109bda6f553ab2f1f7744c0d7c08f7c7  python-devel-1.5.2-43.72.1.i386.rpm
5a0e085579668fc56f99d49ed9e24e27  python-docs-1.5.2-43.72.1.i386.rpm
89e44bb7cee5d62528314681187a727c  python-tools-1.5.2-43.72.1.i386.rpm
92a1bd1a87f2c3a06bf076407cc9efe5  tkinter-1.5.2-43.72.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2  python-2.2.3-6.2.src.rpm

i386:
46d0d18e436bb2bf42c34fb0da65cdf6  python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2  python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80  python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597  tkinter-2.2.3-6.2.i386.rpm

ia64:
f2814a1da58066eb9560f7900fa6292a  python-2.2.3-6.2.ia64.rpm
88f6f071af2de3e2689e49db6b78bc34  python-devel-2.2.3-6.2.ia64.rpm
d5abbc27fabe7ea02a4a9a26431ec48e  python-tools-2.2.3-6.2.ia64.rpm
e8e347fda6ed101646699a878a2dc85e  tkinter-2.2.3-6.2.ia64.rpm

ppc:
a0d56e413962137c52c2d4567354b992  python-2.2.3-6.2.ppc.rpm
ddcd62cb48ef70bd72ec9b760beb6a4c  python-devel-2.2.3-6.2.ppc.rpm
4760085d9a3956ca198f15b7f60838c8  python-tools-2.2.3-6.2.ppc.rpm
975f6d98e087c877510c7f2ca3f579b2  tkinter-2.2.3-6.2.ppc.rpm

s390:
728864e38fdc365f3835c02059e36346  python-2.2.3-6.2.s390.rpm
3e7e29dbc7ecafa23e2c2a25aaecc2f9  python-devel-2.2.3-6.2.s390.rpm
21dfae7a7ed849b31304246e4a88b397  python-tools-2.2.3-6.2.s390.rpm
841f9571e4be7374dcc705b1fb4dba62  tkinter-2.2.3-6.2.s390.rpm

s390x:
057e717a9ad4b649cdc3c2fcd57168b7  python-2.2.3-6.2.s390x.rpm
12939bfd3893742f7f4fad01deb50c35  python-devel-2.2.3-6.2.s390x.rpm
8f30447cafdace1e9428b3939240303f  python-tools-2.2.3-6.2.s390x.rpm
1247bdca0ea840ba341ed7d997b7fb07  tkinter-2.2.3-6.2.s390x.rpm

x86_64:
46fa69fbcd41b500462ae09f25a13b1a  python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391  python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99  python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226  tkinter-2.2.3-6.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2  python-2.2.3-6.2.src.rpm

i386:
46d0d18e436bb2bf42c34fb0da65cdf6  python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2  python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80  python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597  tkinter-2.2.3-6.2.i386.rpm

x86_64:
46fa69fbcd41b500462ae09f25a13b1a  python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391  python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99  python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226  tkinter-2.2.3-6.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2  python-2.2.3-6.2.src.rpm

i386:
46d0d18e436bb2bf42c34fb0da65cdf6  python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2  python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80  python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597  tkinter-2.2.3-6.2.i386.rpm

ia64:
f2814a1da58066eb9560f7900fa6292a  python-2.2.3-6.2.ia64.rpm
88f6f071af2de3e2689e49db6b78bc34  python-devel-2.2.3-6.2.ia64.rpm
d5abbc27fabe7ea02a4a9a26431ec48e  python-tools-2.2.3-6.2.ia64.rpm
e8e347fda6ed101646699a878a2dc85e  tkinter-2.2.3-6.2.ia64.rpm

x86_64:
46fa69fbcd41b500462ae09f25a13b1a  python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391  python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99  python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226  tkinter-2.2.3-6.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/python-2.2.3-6.2.src.rpm
ea0a594a03ff35318f6a3d3bdd9a1ff2  python-2.2.3-6.2.src.rpm

i386:
46d0d18e436bb2bf42c34fb0da65cdf6  python-2.2.3-6.2.i386.rpm
40e37a5986f7f88186ca468bcd974ba2  python-devel-2.2.3-6.2.i386.rpm
dd7a9164c3f54865af36131cb38bce80  python-tools-2.2.3-6.2.i386.rpm
841a5da3cd4c7d8a2c7ec0b497f73597  tkinter-2.2.3-6.2.i386.rpm

ia64:
f2814a1da58066eb9560f7900fa6292a  python-2.2.3-6.2.ia64.rpm
88f6f071af2de3e2689e49db6b78bc34  python-devel-2.2.3-6.2.ia64.rpm
d5abbc27fabe7ea02a4a9a26431ec48e  python-tools-2.2.3-6.2.ia64.rpm
e8e347fda6ed101646699a878a2dc85e  tkinter-2.2.3-6.2.ia64.rpm

x86_64:
46fa69fbcd41b500462ae09f25a13b1a  python-2.2.3-6.2.x86_64.rpm
983cd05768622425281f641690a33391  python-devel-2.2.3-6.2.x86_64.rpm
4c7ff3fe321a79229c0e0dce72984d99  python-tools-2.2.3-6.2.x86_64.rpm
08deff0b89091c57f0144c5aaf927226  tkinter-2.2.3-6.2.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6  python-2.3.4-14.2.src.rpm

i386:
df466645c2b9d03c10142dd42300c683  python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e  python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143  python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3  python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6  tkinter-2.3.4-14.2.i386.rpm

ia64:
26c9831130c8626f38ae84e496f6cca9  python-2.3.4-14.2.ia64.rpm
2c5a9b6d51bce7e980169b709a1237da  python-devel-2.3.4-14.2.ia64.rpm
2777ec9136a5c1c0110cb2f392e3ffa1  python-docs-2.3.4-14.2.ia64.rpm
cb1232712381552d537f1c6083227b2a  python-tools-2.3.4-14.2.ia64.rpm
4863fdbc3a593680bd0d73b51b9c7087  tkinter-2.3.4-14.2.ia64.rpm

ppc:
5b394c4331164f44ca78e4765dcafa15  python-2.3.4-14.2.ppc.rpm
0b6dd3a7b075565c96311a0d1911b2f0  python-devel-2.3.4-14.2.ppc.rpm
7459f354f19a04d319782a2c36154f9e  python-docs-2.3.4-14.2.ppc.rpm
8c89c25c09351e3bf4f65413a0a69a1e  python-tools-2.3.4-14.2.ppc.rpm
b3df223f69f097ef61316196d17ddb89  tkinter-2.3.4-14.2.ppc.rpm

s390:
133dcaf2d283fd4b30edffff334f438a  python-2.3.4-14.2.s390.rpm
5e274bbe1038ef1e83685a73f7572db7  python-devel-2.3.4-14.2.s390.rpm
ca90dc87cd01cdde917db21af892e274  python-docs-2.3.4-14.2.s390.rpm
f253e43910631e1c52f34b3cde491b8c  python-tools-2.3.4-14.2.s390.rpm
31045fca98c7c5e43b13f6a1cfe3a1dc  tkinter-2.3.4-14.2.s390.rpm

s390x:
201785855ee123fb0acb668d01103569  python-2.3.4-14.2.s390x.rpm
800c98b7ad8d8de9ebe976acbf5f3a03  python-devel-2.3.4-14.2.s390x.rpm
585b25e9f5455b1d35844c45dead9a09  python-docs-2.3.4-14.2.s390x.rpm
eb16cb00ab306f57d44142694c366811  python-tools-2.3.4-14.2.s390x.rpm
16a1018ef58c4febe6df4992a81b5853  tkinter-2.3.4-14.2.s390x.rpm

x86_64:
6dc9edca56b561260f537627d46638e1  python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f  python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe  python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639  python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef  tkinter-2.3.4-14.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6  python-2.3.4-14.2.src.rpm

i386:
df466645c2b9d03c10142dd42300c683  python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e  python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143  python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3  python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6  tkinter-2.3.4-14.2.i386.rpm

x86_64:
6dc9edca56b561260f537627d46638e1  python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f  python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe  python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639  python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef  tkinter-2.3.4-14.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6  python-2.3.4-14.2.src.rpm

i386:
df466645c2b9d03c10142dd42300c683  python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e  python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143  python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3  python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6  tkinter-2.3.4-14.2.i386.rpm

ia64:
26c9831130c8626f38ae84e496f6cca9  python-2.3.4-14.2.ia64.rpm
2c5a9b6d51bce7e980169b709a1237da  python-devel-2.3.4-14.2.ia64.rpm
2777ec9136a5c1c0110cb2f392e3ffa1  python-docs-2.3.4-14.2.ia64.rpm
cb1232712381552d537f1c6083227b2a  python-tools-2.3.4-14.2.ia64.rpm
4863fdbc3a593680bd0d73b51b9c7087  tkinter-2.3.4-14.2.ia64.rpm

x86_64:
6dc9edca56b561260f537627d46638e1  python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f  python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe  python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639  python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef  tkinter-2.3.4-14.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/python-2.3.4-14.2.src.rpm
42246fb8585568f21ecf335026122cc6  python-2.3.4-14.2.src.rpm

i386:
df466645c2b9d03c10142dd42300c683  python-2.3.4-14.2.i386.rpm
ab486a34fb5153be5d8b6412ead9920e  python-devel-2.3.4-14.2.i386.rpm
811a706ed8c3cfb9a0f9cdf202853143  python-docs-2.3.4-14.2.i386.rpm
3a062588a56a13ca30654d8a67bb97a3  python-tools-2.3.4-14.2.i386.rpm
fcdfa8bbaeb5050c016001b3fefe7cd6  tkinter-2.3.4-14.2.i386.rpm

ia64:
26c9831130c8626f38ae84e496f6cca9  python-2.3.4-14.2.ia64.rpm
2c5a9b6d51bce7e980169b709a1237da  python-devel-2.3.4-14.2.ia64.rpm
2777ec9136a5c1c0110cb2f392e3ffa1  python-docs-2.3.4-14.2.ia64.rpm
cb1232712381552d537f1c6083227b2a  python-tools-2.3.4-14.2.ia64.rpm
4863fdbc3a593680bd0d73b51b9c7087  tkinter-2.3.4-14.2.ia64.rpm

x86_64:
6dc9edca56b561260f537627d46638e1  python-2.3.4-14.2.x86_64.rpm
3353ff1d1e4431840cd8494c3f5e1e1f  python-devel-2.3.4-14.2.x86_64.rpm
c7cf61a793b60840105b7e0cec85fbbe  python-docs-2.3.4-14.2.x86_64.rpm
0a37ac1cc547a04030cd7125618bc639  python-tools-2.3.4-14.2.x86_64.rpm
0356f53a411b0459c2aa84d9aadfcaef  tkinter-2.3.4-14.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEEJZoXlSAg2UNWIIRArFPAJ9g8H3NyovfS7y68eX2g3eVDCSdYgCeJ/fv
xMr2sd+uSyxGaKy3Eq+twfk=
=4Y2h
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list