Описание
ELSA-2012-0744: python security update (MODERATE)
[2.6.6-29.el6_2.2]
- if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876
[2.6.6-29.el6_2.1]
- distutils.config: create ~/.pypirc securely Resolves: CVE-2011-4944
- fix endless loop in SimpleXMLRPCServer upon malformed POST request Resolves: CVE-2012-0845
- send encoding in SimpleHTTPServer.list_directory to protect IE7 against potential XSS attacks Resolves: CVE-2011-4940
- oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types Resolves: CVE-2012-1150
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
python
2.6.6-29.el6_2.2
python-devel
2.6.6-29.el6_2.2
python-libs
2.6.6-29.el6_2.2
python-test
2.6.6-29.el6_2.2
python-tools
2.6.6-29.el6_2.2
tkinter
2.6.6-29.el6_2.2
Oracle Linux i686
python
2.6.6-29.el6_2.2
python-devel
2.6.6-29.el6_2.2
python-libs
2.6.6-29.el6_2.2
python-test
2.6.6-29.el6_2.2
python-tools
2.6.6-29.el6_2.2
tkinter
2.6.6-29.el6_2.2
Связанные CVE
Связанные уязвимости
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissio ...