- Issued:
- 2006-10-09
- Updated:
- 2006-10-09
RHSA-2006:0713 - python security update
Synopsis
python security update
Type/Severity
Security Advisory Important
Topic
Updated Python packages are now available to correct a security issue in Red Hat Enterprise Linux 3 and 4.
This update has been rated as having important security impact by the Red Hat Security Response Team.
Description
Python is an interpreted, interactive, object-oriented programming language.
A flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. (CVE-2006-4980)
In addition, this errata fixes a regression in the SimpleXMLRPCServer backport for Red Hat Enterprise Linux 3 that was introduced with RHSA-2005:109.
Users of Python should upgrade to these updated packages, which contain a backported patch to correct this issue.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 4 | ppc |
| Red Hat Enterprise Linux for Power, big endian | 3 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 4 | s390x |
| Red Hat Enterprise Linux for IBM z Systems | 4 | s390 |
| Red Hat Enterprise Linux for IBM z Systems | 3 | s390x |
| Red Hat Enterprise Linux for IBM z Systems | 3 | s390 |
| Red Hat Enterprise Linux Workstation | 4 | x86_64 |
| Red Hat Enterprise Linux Workstation | 4 | ia64 |
| Red Hat Enterprise Linux Workstation | 4 | i386 |
| Red Hat Enterprise Linux Workstation | 3 | x86_64 |
| Red Hat Enterprise Linux Workstation | 3 | ia64 |
| Red Hat Enterprise Linux Workstation | 3 | i386 |
| Red Hat Enterprise Linux Server | 4 | x86_64 |
| Red Hat Enterprise Linux Server | 4 | ia64 |
| Red Hat Enterprise Linux Server | 4 | i386 |
| Red Hat Enterprise Linux Server | 3 | x86_64 |
| Red Hat Enterprise Linux Server | 3 | ia64 |
| Red Hat Enterprise Linux Server | 3 | i386 |
| Red Hat Enterprise Linux Desktop | 4 | x86_64 |
| Red Hat Enterprise Linux Desktop | 4 | i386 |
| Red Hat Enterprise Linux Desktop | 3 | x86_64 |
| Red Hat Enterprise Linux Desktop | 3 | i386 |
Updated Packages
- python-devel-2.3.4-14.3.s390x.rpm
- python-tools-2.3.4-14.3.ia64.rpm
- python-docs-2.3.4-14.3.s390.rpm
- tkinter-2.3.4-14.3.s390.rpm
- python-tools-2.3.4-14.3.i386.rpm
- python-tools-2.3.4-14.3.ppc.rpm
- tkinter-2.3.4-14.3.ia64.rpm
- python-2.3.4-14.3.s390.rpm
- python-docs-2.3.4-14.3.x86_64.rpm
- python-docs-2.3.4-14.3.i386.rpm
- python-devel-2.3.4-14.3.x86_64.rpm
- python-devel-2.3.4-14.3.i386.rpm
- tkinter-2.3.4-14.3.i386.rpm
- python-2.3.4-14.3.src.rpm
- python-2.3.4-14.3.ppc.rpm
- python-docs-2.3.4-14.3.s390x.rpm
- tkinter-2.3.4-14.3.ppc.rpm
- python-2.3.4-14.3.ia64.rpm
- python-docs-2.3.4-14.3.ia64.rpm
- python-devel-2.3.4-14.3.s390.rpm
- python-tools-2.3.4-14.3.s390x.rpm
- python-devel-2.3.4-14.3.ppc.rpm
- tkinter-2.3.4-14.3.x86_64.rpm
- python-devel-2.3.4-14.3.ia64.rpm
- python-2.3.4-14.3.s390x.rpm
- tkinter-2.3.4-14.3.s390x.rpm
- python-docs-2.3.4-14.3.ppc.rpm
- python-tools-2.3.4-14.3.x86_64.rpm
- python-2.3.4-14.3.i386.rpm
- python-tools-2.3.4-14.3.s390.rpm
- python-2.3.4-14.3.x86_64.rpm
Fixes
CVEs
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.