Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2012-0745

Опубликовано: 18 июн. 2012
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2012-0745: python security update (MODERATE)

[2.4.3-46.el5_8.2]

  • if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876

[2.4.3-46.el5_8.1]

  • distutils.commands.register: create ~/.pypirc securely Resolves: CVE-2011-4944
  • send encoding in SimpleHTTPServer.list_directory to protect IE7 against potential XSS attacks Resolves: CVE-2011-4940
  • oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types Resolves: CVE-2012-1150

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

python

2.4.3-46.el5_8.2

python-devel

2.4.3-46.el5_8.2

python-libs

2.4.3-46.el5_8.2

python-tools

2.4.3-46.el5_8.2

tkinter

2.4.3-46.el5_8.2

Oracle Linux x86_64

python

2.4.3-46.el5_8.2

python-devel

2.4.3-46.el5_8.2

python-libs

2.4.3-46.el5_8.2

python-tools

2.4.3-46.el5_8.2

tkinter

2.4.3-46.el5_8.2

Oracle Linux i386

python

2.4.3-46.el5_8.2

python-devel

2.4.3-46.el5_8.2

python-libs

2.4.3-46.el5_8.2

python-tools

2.4.3-46.el5_8.2

tkinter

2.4.3-46.el5_8.2

Связанные CVE

CVE-2011-4940
CVE-2012-1150
CVE-2011-4944

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2012-0744

oracle-oval
около 13 лет назад

ELSA-2012-0744: python security update (MODERATE)

ubuntu логотип

CVE-2011-4940

ubuntu
почти 13 лет назад

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

redhat логотип

CVE-2011-4940

redhat
больше 14 лет назад

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

nvd логотип

CVE-2011-4940

nvd
почти 13 лет назад

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

debian логотип

CVE-2011-4940

debian
почти 13 лет назад

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPSe ...