- Vulnerability/
- RHSA-2011:0027
RHSA-2011:0027: Low: python security, bug fix, and enhancement update
First published: Thu Jan 13 2011(Updated: )
Python is an interpreted, interactive, object-oriented programming<br>language.<br>It was found that many applications embedding the Python interpreter did<br>not specify a valid full path to the script or application when calling the<br>PySys_SetArgv API function, which could result in the addition of the<br>current working directory to the module search path (sys.path). A local<br>attacker able to trick a victim into running such an application in an<br>attacker-controlled directory could use this flaw to execute code with the<br>victim's privileges. This update adds the PySys_SetArgvEx API. Developers<br>can modify their applications to use this new API, which sets sys.argv<br>without modifying sys.path. (CVE-2008-5983)<br>Multiple flaws were found in the Python rgbimg module. If an application<br>written in Python was using the rgbimg module and loaded a<br>specially-crafted SGI image file, it could cause the application to crash<br>or, possibly, execute arbitrary code with the privileges of the user<br>running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)<br>Multiple flaws were found in the Python audioop module. Supplying certain<br>inputs could cause the audioop module to crash or, possibly, execute<br>arbitrary code. (CVE-2010-1634, CVE-2010-2089)<br>This update also fixes the following bugs:<br><li> When starting a child process from the subprocess module in Python 2.4,</li> the parent process could leak file descriptors if an error occurred. This<br>update resolves the issue. (BZ#609017)<br><li> Prior to Python 2.7, programs that used "ulimit -n" to enable</li> communication with large numbers of subprocesses could still monitor only<br>1024 file descriptors at a time, which caused an exception:<br>ValueError: filedescriptor out of range in select()<br>This was due to the subprocess module using the "select" system call. The<br>module now uses the "poll" system call, removing this limitation.<br>(BZ#609020)<br><li> Prior to Python 2.5, the tarfile module failed to unpack tar files if the</li> path was longer than 100 characters. This update backports the tarfile<br>module from Python 2.5 and the issue no longer occurs. (BZ#263401)<br><li> The email module incorrectly implemented the logic for obtaining</li> attachment file names: the get_filename() fallback for using the deprecated<br>"name" parameter of the "Content-Type" header erroneously used the<br>"Content-Disposition" header. This update backports a fix from Python 2.6,<br>which resolves this issue. (BZ#644147)<br><li> Prior to version 2.5, Python's optimized memory allocator never released</li> memory back to the system. The memory usage of a long-running Python<br>process would resemble a "high-water mark". This update backports a fix<br>from Python 2.5a1, which frees unused arenas, and adds a non-standard<br>sys._debugmallocstats() function, which prints diagnostic information to<br>stderr. Finally, when running under Valgrind, the optimized allocator is<br>deactivated, to allow more convenient debugging of Python memory usage<br>issues. (BZ#569093)<br><li> The urllib and urllib2 modules ignored the no_proxy variable, which could</li> lead to programs such as "yum" erroneously accessing a proxy server for<br>URLs covered by a "no_proxy" exclusion. This update backports fixes of<br>urllib and urllib2, which respect the "no_proxy" variable, which fixes<br>these issues. (BZ#549372)<br>As well, this update adds the following enhancements:<br><li> This update introduces a new python-libs package, subsuming the majority</li> of the content of the core python package. This makes both 32-bit and<br>64-bit Python libraries available on PowerPC systems. (BZ#625372)<br><li> The python-libs.i386 package is now available for 64-bit Itanium with the</li> 32-bit Itanium compatibility mode. (BZ#644761)<br>All Python users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues and add these<br>enhancements.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/python | <2.4.3-43.el5 | 2.4.3-43.el5 |
| redhat/python | <2.4.3-43.el5 | 2.4.3-43.el5 |
| redhat/python-devel | <2.4.3-43.el5 | 2.4.3-43.el5 |
| redhat/python-devel | <2.4.3-43.el5 | 2.4.3-43.el5 |
| redhat/python-libs | <2.4.3-43.el5 | 2.4.3-43.el5 |
| redhat/python-tools | <2.4.3-43.el5 | 2.4.3-43.el5 |
| redhat/tkinter | <2.4.3-43.el5 | 2.4.3-43.el5 |
| redhat/python-libs | <2.4.3-43.el5 | 2.4.3-43.el5 |
| redhat/python-tools | <2.4.3-43.el5 | 2.4.3-43.el5 |
| redhat/tkinter | <2.4.3-43.el5 | 2.4.3-43.el5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=482814
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=541698
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=569093
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=590690
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=598197
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=609017
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=609020
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=625372
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=644147
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=644761
- https://access.redhat.com/security/updates/classification/#low
- https://access.redhat.com/errata/RHSA-2011:0027 (Advisory)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2011:0027
- agent/software-canonical-lookup
- package-manager/redhat