RHSA-2011:0260: Low: python security and bug fix update

First published: Wed Feb 16 2011(Updated: )

Python is an interpreted, interactive, object-oriented programming<br>language.<br>Multiple flaws were found in the Python rgbimg module. If an application<br>written in Python was using the rgbimg module and loaded a<br>specially-crafted SGI image file, it could cause the application to crash<br>or, possibly, execute arbitrary code with the privileges of the user<br>running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)<br>This update also fixes the following bugs:<br><li> Python 2.3.4's time.strptime() function did not correctly handle the "%W"</li> week number format string. This update backports the _strptime<br>implementation from Python 2.3.6, fixing this issue. (BZ#436001)<br><li> Python 2.3.4's socket.htons() function returned partially-uninitialized</li> data on IBM System z, generally leading to incorrect results. (BZ#513341)<br><li> Python 2.3.4's pwd.getpwuid() and grp.getgrgid() functions did not</li> support the full range of user and group IDs on 64-bit architectures,<br>leading to "OverflowError" exceptions for large input values. This update<br>adds support for the full range of user and group IDs on 64-bit<br>architectures. (BZ#497540)<br>Users of Python should upgrade to these updated packages, which contain<br>backported patches to correct these issues.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2011:0260
• agent/software-canonical-lookup
• package-manager/redhat