Описание
ELSA-2011-0027: python security, bug fix, and enhancement update (LOW)
[2.4.3-43]
- add missing patch 206 Related: rhbz#549372
[2.4.3-42]
- fix test_pyclbr to match the urllib change in patch 204 (patch 206)
- allow the 'no_proxy' environment variable to override 'ftp_proxy' in urllib2 (patch 207)
- fix typos in names of patches 204 and 205 Related: rhbz#549372
[2.4.3-41]
- backport support for the 'no_proxy' environment variable to the urllib and urllib2 modules (patches 204 and 205, respectively) Resolves: rhbz#549372
[2.4.3-40]
- backport fixes for arena allocator from 2.5a1
- disable arena allocator when run under valgrind on x86, x86_64, ppc, ppc64 (patch 203)
- add patch to add sys._debugmallocstats() hook (patch 202) Resolves: rhbz#569093
[2.4.3-39]
- fix various flaws in the 'audioop' module
- Resolves: CVE-2010-1634 CVE-2010-2089
- backport the new PySys_SetArgvEx libpython entrypoint from 2.6
- Related: CVE-2008-5983
- restrict creation of the .relocation-tag files to i386 builds
- Related: rhbz#644761
- move the python-optik metadata from the core subpackage to the python-libs subpackage
- Related: rhbz#625372
[2.4.3-38]
- add metadata to ensure that 'yum install python-libs' works
- Related: rhbz#625372
[2.4.3-37]
- create dummy ELF file '.relocation-tag' to force RPM directory coloring, fixing i386 on ia64 compat
- Resolves: rhbz#644761
[2.4.3-36]
- Backport fix for http://bugs.python.org/issue7082 to 2.4.3
- Resolves: rhbz#644147
[2.4.3-35]
- Rework rgbimgmodule fix for CVE-2008-3143
- Resolves: rhbz#644425 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450
[2.4.3-34]
- fix stray 'touch' command
- Related: rhbz#625372
[2.4.3-33]
- Preserve timestamps when fixing shebangs (patch 104) and when installing, to minimize .pyc/.pyo differences across architectures (due to the embedded mtime in .pyc/.pyo headers)
- Related: rhbz#625372
[2.4.3-32]
- introduce libs subpackage as a dependency of the core package, moving the shared libraries and python standard libraries there
- Resolves: rhbz#625372
[2.4.3-31]
- dont use -b when applying patch 103
- Related: rhbz#263401
[2.4.3-30]
- add missing patch
- Resolves: rhbz#263401
[2.4.3-29]
- Backport Python 2.5s tarfile module (0.8.0) to 2.4.3
- Resolves: rhbz#263401
[2.4.3-28]
- Backport fix for leaking filedescriptors in subprocess error-handling path from Python 2.6
- Resolves: rhbz#609017
- Backport usage of 'poll' within the subprocess module to 2.4.3
- Resolves: rhbz#609020
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
python
2.4.3-43.el5
python-devel
2.4.3-43.el5
python-libs
2.4.3-43.el5
python-tools
2.4.3-43.el5
tkinter
2.4.3-43.el5
Oracle Linux x86_64
python
2.4.3-43.el5
python-devel
2.4.3-43.el5
python-libs
2.4.3-43.el5
python-tools
2.4.3-43.el5
tkinter
2.4.3-43.el5
Oracle Linux i386
python
2.4.3-43.el5
python-devel
2.4.3-43.el5
python-libs
2.4.3-43.el5
python-tools
2.4.3-43.el5
tkinter
2.4.3-43.el5
Ссылки на источники
Связанные уязвимости
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
Untrusted search path vulnerability in the PySys_SetArgv API function ...
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.