__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Python Security Update [RHSA-2006:0713-6] October 10, 2006 16:00 GMT Number R-006 [REVISED 27 Oct 2006] ______________________________________________________________________________ PROBLEM: A flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. PLATFORM: Red Hat Desktop, AS, ES, WS (v. 3) Red Hat Desktop, AS, ES, WS (v. 4) DAMAGE: If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. SOLUTION: Apply current patches. ______________________________________________________________________________ VULNERABILITY The risk is LOW. Could allow the execution of arbitrary code ASSESSMENT: with the privileges of the Python application. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-006.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2006-0713.html ADDITIONAL LINKS: Debian Security Advisory 1198-1 http://www.debian.org/security/2006/dsa-1198 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980 ______________________________________________________________________________ REVISION HISTORY: 10/27/06 - added a link to Debian Security Advisory 1198-1 [***** Start RHSA-2006:0713-6 *****] Important: python security update Advisory: RHSA-2006:0713-6 Type: Security Advisory Issued on: 2006-10-09 Last updated on: 2006-10-09 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) CVEs (cve.mitre.org): CVE-2006-4980 Details Updated Python packages are now available to correct a security issue in Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. A flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. (CVE-2006-4980) In addition, this errata fixes a regression in the SimpleXMLRPCServer backport for Red Hat Enterprise Linux 3 that was introduced with RHSA-2005:109. Users of Python should upgrade to these updated packages, which contain a backported patch to correct this issue. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) SRPMS: python-2.2.3-6.5.src.rpm 7bd55e73c3a8afcf2190233bce2d3424 IA-32: python-2.2.3-6.5.i386.rpm aa5c6ddaf74636f828d89565c440a84f python-devel-2.2.3-6.5.i386.rpm 7921f372dc7adb3b47b72ced396114cf python-tools-2.2.3-6.5.i386.rpm d1ff62856ebeb0b64c8e893d6d20686b tkinter-2.2.3-6.5.i386.rpm aa5a4072f9483e2d9127d2100787a1f1 x86_64: python-2.2.3-6.5.x86_64.rpm edb81dd6e870bcf318cd33ee97555c39 python-devel-2.2.3-6.5.x86_64.rpm c75ca79933b9ecbe82c711f8ed79e96b python-tools-2.2.3-6.5.x86_64.rpm 0f4df04e3e60b21fe40992df711c61a7 tkinter-2.2.3-6.5.x86_64.rpm 7351fc8da36d14d3a74171948c5e3823 Red Hat Desktop (v. 4) SRPMS: python-2.3.4-14.3.src.rpm b77a2036a4496f91b19cf2bfc228ef9d IA-32: python-2.3.4-14.3.i386.rpm 588b1be239522d3e55b89bbb21d6ceec python-devel-2.3.4-14.3.i386.rpm 3431de9944ebcb847be132b64e87e513 python-docs-2.3.4-14.3.i386.rpm c5b70323157c303f143db6d3ba369f58 python-tools-2.3.4-14.3.i386.rpm 06aab46ed671d94158d0d0b814b8427b tkinter-2.3.4-14.3.i386.rpm 3e78a7ef509eb7d19ed6aac9fa6c6546 x86_64: python-2.3.4-14.3.x86_64.rpm 629204e2dfb213386bd616acf9c77f00 python-devel-2.3.4-14.3.x86_64.rpm f21880ce6f9bb3638fe221b9300200a7 python-docs-2.3.4-14.3.x86_64.rpm ac59cfd06813a19a38f6771af45b1372 python-tools-2.3.4-14.3.x86_64.rpm 883f381cf0d71afb267782d0e7c0bf55 tkinter-2.3.4-14.3.x86_64.rpm 22ab34f9f5f8d46141e0e08b45cc3c62 Red Hat Enterprise Linux AS (v. 3) SRPMS: python-2.2.3-6.5.src.rpm 7bd55e73c3a8afcf2190233bce2d3424 IA-32: python-2.2.3-6.5.i386.rpm aa5c6ddaf74636f828d89565c440a84f python-devel-2.2.3-6.5.i386.rpm 7921f372dc7adb3b47b72ced396114cf python-tools-2.2.3-6.5.i386.rpm d1ff62856ebeb0b64c8e893d6d20686b tkinter-2.2.3-6.5.i386.rpm aa5a4072f9483e2d9127d2100787a1f1 IA-64: python-2.2.3-6.5.ia64.rpm 23e24399883628b9213e6bb2c1310384 python-devel-2.2.3-6.5.ia64.rpm 6ad20da697f6f72b543a25394f831421 python-tools-2.2.3-6.5.ia64.rpm ef9a9aa4f82ea2862f3233c63623c0b8 tkinter-2.2.3-6.5.ia64.rpm 36c74ec8d24b295d6574ecada425591b PPC: python-2.2.3-6.5.ppc.rpm 513bc522e279569ca5ae609cc02a0901 python-devel-2.2.3-6.5.ppc.rpm 959ba7380d7f1830c0132ed570b55f8f python-tools-2.2.3-6.5.ppc.rpm 3fcbd3b923c1a4534f96cd717e1d0cf0 tkinter-2.2.3-6.5.ppc.rpm 240da66aab0fdef51662566bd9be8acb s390: python-2.2.3-6.5.s390.rpm 95fbb55320dadfd9f9cad87038506695 python-devel-2.2.3-6.5.s390.rpm 73137cda244d7ef351962d5e513e9ab6 python-tools-2.2.3-6.5.s390.rpm 71da560c7523b01b9c6e0d9c4a87c2c0 tkinter-2.2.3-6.5.s390.rpm a93a8b2d9a7a2dc0dba6bc481e0dad1c s390x: python-2.2.3-6.5.s390x.rpm 01363b0b6d57f7c66419b32038020782 python-devel-2.2.3-6.5.s390x.rpm 9cdd24346a67eccf627d9e604d0775aa python-tools-2.2.3-6.5.s390x.rpm a902f110ed483432451663e9fc546706 tkinter-2.2.3-6.5.s390x.rpm cf46eeccc6308d6598e5fd336bb3644e x86_64: python-2.2.3-6.5.x86_64.rpm edb81dd6e870bcf318cd33ee97555c39 python-devel-2.2.3-6.5.x86_64.rpm c75ca79933b9ecbe82c711f8ed79e96b python-tools-2.2.3-6.5.x86_64.rpm 0f4df04e3e60b21fe40992df711c61a7 tkinter-2.2.3-6.5.x86_64.rpm 7351fc8da36d14d3a74171948c5e3823 Red Hat Enterprise Linux AS (v. 4) SRPMS: python-2.3.4-14.3.src.rpm b77a2036a4496f91b19cf2bfc228ef9d IA-32: python-2.3.4-14.3.i386.rpm 588b1be239522d3e55b89bbb21d6ceec python-devel-2.3.4-14.3.i386.rpm 3431de9944ebcb847be132b64e87e513 python-docs-2.3.4-14.3.i386.rpm c5b70323157c303f143db6d3ba369f58 python-tools-2.3.4-14.3.i386.rpm 06aab46ed671d94158d0d0b814b8427b tkinter-2.3.4-14.3.i386.rpm 3e78a7ef509eb7d19ed6aac9fa6c6546 IA-64: python-2.3.4-14.3.ia64.rpm 54f132a54ad12115cd8f3289cfb19c3c python-devel-2.3.4-14.3.ia64.rpm b926a960dd693a2c68f417cb709f8f72 python-docs-2.3.4-14.3.ia64.rpm 0cd0c817921b4acf6b3093017302497c python-tools-2.3.4-14.3.ia64.rpm 3b618ab235a709c92a47d5b9c3c99a9c tkinter-2.3.4-14.3.ia64.rpm 45bf62592d6ea608d3cde2843444f021 PPC: python-2.3.4-14.3.ppc.rpm 7da257f798eba9dd049681325b99a688 python-devel-2.3.4-14.3.ppc.rpm fcca089e509abe70e99907a028ea5e54 python-docs-2.3.4-14.3.ppc.rpm f79cda57f4daf646765d144256669c18 python-tools-2.3.4-14.3.ppc.rpm 6c4d7d3cc8318431808076953c72faf0 tkinter-2.3.4-14.3.ppc.rpm 3795d5229135336249a8f190ecf391b1 s390: python-2.3.4-14.3.s390.rpm 75743f9134b65b15531fd54441bc2074 python-devel-2.3.4-14.3.s390.rpm 5fd3244000892911334f7010529d0b7e python-docs-2.3.4-14.3.s390.rpm fdda555ab73dbf88b399f9997cc1cd2f python-tools-2.3.4-14.3.s390.rpm e0784b78a875e072e52bf6e5b1289555 tkinter-2.3.4-14.3.s390.rpm edbd15c9cd96d53581b2634cde714a18 s390x: python-2.3.4-14.3.s390x.rpm fbf37d4cc36b601c137e291fd760fc21 python-devel-2.3.4-14.3.s390x.rpm 3cac0c4e00681da4bdbb3e3ea3d34f5e python-docs-2.3.4-14.3.s390x.rpm 94a85e10ef45b34ec2771007ed020a4a python-tools-2.3.4-14.3.s390x.rpm 87362e01198a3e4e90a0363106446510 tkinter-2.3.4-14.3.s390x.rpm 9b6f208be55ef77e869be749343d7eef x86_64: python-2.3.4-14.3.x86_64.rpm 629204e2dfb213386bd616acf9c77f00 python-devel-2.3.4-14.3.x86_64.rpm f21880ce6f9bb3638fe221b9300200a7 python-docs-2.3.4-14.3.x86_64.rpm ac59cfd06813a19a38f6771af45b1372 python-tools-2.3.4-14.3.x86_64.rpm 883f381cf0d71afb267782d0e7c0bf55 tkinter-2.3.4-14.3.x86_64.rpm 22ab34f9f5f8d46141e0e08b45cc3c62 Red Hat Enterprise Linux ES (v. 3) SRPMS: python-2.2.3-6.5.src.rpm 7bd55e73c3a8afcf2190233bce2d3424 IA-32: python-2.2.3-6.5.i386.rpm aa5c6ddaf74636f828d89565c440a84f python-devel-2.2.3-6.5.i386.rpm 7921f372dc7adb3b47b72ced396114cf python-tools-2.2.3-6.5.i386.rpm d1ff62856ebeb0b64c8e893d6d20686b tkinter-2.2.3-6.5.i386.rpm aa5a4072f9483e2d9127d2100787a1f1 IA-64: python-2.2.3-6.5.ia64.rpm 23e24399883628b9213e6bb2c1310384 python-devel-2.2.3-6.5.ia64.rpm 6ad20da697f6f72b543a25394f831421 python-tools-2.2.3-6.5.ia64.rpm ef9a9aa4f82ea2862f3233c63623c0b8 tkinter-2.2.3-6.5.ia64.rpm 36c74ec8d24b295d6574ecada425591b x86_64: python-2.2.3-6.5.x86_64.rpm edb81dd6e870bcf318cd33ee97555c39 python-devel-2.2.3-6.5.x86_64.rpm c75ca79933b9ecbe82c711f8ed79e96b python-tools-2.2.3-6.5.x86_64.rpm 0f4df04e3e60b21fe40992df711c61a7 tkinter-2.2.3-6.5.x86_64.rpm 7351fc8da36d14d3a74171948c5e3823 Red Hat Enterprise Linux ES (v. 4) SRPMS: python-2.3.4-14.3.src.rpm b77a2036a4496f91b19cf2bfc228ef9d IA-32: python-2.3.4-14.3.i386.rpm 588b1be239522d3e55b89bbb21d6ceec python-devel-2.3.4-14.3.i386.rpm 3431de9944ebcb847be132b64e87e513 python-docs-2.3.4-14.3.i386.rpm c5b70323157c303f143db6d3ba369f58 python-tools-2.3.4-14.3.i386.rpm 06aab46ed671d94158d0d0b814b8427b tkinter-2.3.4-14.3.i386.rpm 3e78a7ef509eb7d19ed6aac9fa6c6546 IA-64: python-2.3.4-14.3.ia64.rpm 54f132a54ad12115cd8f3289cfb19c3c python-devel-2.3.4-14.3.ia64.rpm b926a960dd693a2c68f417cb709f8f72 python-docs-2.3.4-14.3.ia64.rpm 0cd0c817921b4acf6b3093017302497c python-tools-2.3.4-14.3.ia64.rpm 3b618ab235a709c92a47d5b9c3c99a9c tkinter-2.3.4-14.3.ia64.rpm 45bf62592d6ea608d3cde2843444f021 x86_64: python-2.3.4-14.3.x86_64.rpm 629204e2dfb213386bd616acf9c77f00 python-devel-2.3.4-14.3.x86_64.rpm f21880ce6f9bb3638fe221b9300200a7 python-docs-2.3.4-14.3.x86_64.rpm ac59cfd06813a19a38f6771af45b1372 python-tools-2.3.4-14.3.x86_64.rpm 883f381cf0d71afb267782d0e7c0bf55 tkinter-2.3.4-14.3.x86_64.rpm 22ab34f9f5f8d46141e0e08b45cc3c62 Red Hat Enterprise Linux WS (v. 3) SRPMS: python-2.2.3-6.5.src.rpm 7bd55e73c3a8afcf2190233bce2d3424 IA-32: python-2.2.3-6.5.i386.rpm aa5c6ddaf74636f828d89565c440a84f python-devel-2.2.3-6.5.i386.rpm 7921f372dc7adb3b47b72ced396114cf python-tools-2.2.3-6.5.i386.rpm d1ff62856ebeb0b64c8e893d6d20686b tkinter-2.2.3-6.5.i386.rpm aa5a4072f9483e2d9127d2100787a1f1 IA-64: python-2.2.3-6.5.ia64.rpm 23e24399883628b9213e6bb2c1310384 python-devel-2.2.3-6.5.ia64.rpm 6ad20da697f6f72b543a25394f831421 python-tools-2.2.3-6.5.ia64.rpm ef9a9aa4f82ea2862f3233c63623c0b8 tkinter-2.2.3-6.5.ia64.rpm 36c74ec8d24b295d6574ecada425591b x86_64: python-2.2.3-6.5.x86_64.rpm edb81dd6e870bcf318cd33ee97555c39 python-devel-2.2.3-6.5.x86_64.rpm c75ca79933b9ecbe82c711f8ed79e96b python-tools-2.2.3-6.5.x86_64.rpm 0f4df04e3e60b21fe40992df711c61a7 tkinter-2.2.3-6.5.x86_64.rpm 7351fc8da36d14d3a74171948c5e3823 Red Hat Enterprise Linux WS (v. 4) SRPMS: python-2.3.4-14.3.src.rpm b77a2036a4496f91b19cf2bfc228ef9d IA-32: python-2.3.4-14.3.i386.rpm 588b1be239522d3e55b89bbb21d6ceec python-devel-2.3.4-14.3.i386.rpm 3431de9944ebcb847be132b64e87e513 python-docs-2.3.4-14.3.i386.rpm c5b70323157c303f143db6d3ba369f58 python-tools-2.3.4-14.3.i386.rpm 06aab46ed671d94158d0d0b814b8427b tkinter-2.3.4-14.3.i386.rpm 3e78a7ef509eb7d19ed6aac9fa6c6546 IA-64: python-2.3.4-14.3.ia64.rpm 54f132a54ad12115cd8f3289cfb19c3c python-devel-2.3.4-14.3.ia64.rpm b926a960dd693a2c68f417cb709f8f72 python-docs-2.3.4-14.3.ia64.rpm 0cd0c817921b4acf6b3093017302497c python-tools-2.3.4-14.3.ia64.rpm 3b618ab235a709c92a47d5b9c3c99a9c tkinter-2.3.4-14.3.ia64.rpm 45bf62592d6ea608d3cde2843444f021 x86_64: python-2.3.4-14.3.x86_64.rpm 629204e2dfb213386bd616acf9c77f00 python-devel-2.3.4-14.3.x86_64.rpm f21880ce6f9bb3638fe221b9300200a7 python-docs-2.3.4-14.3.x86_64.rpm ac59cfd06813a19a38f6771af45b1372 python-tools-2.3.4-14.3.x86_64.rpm 883f381cf0d71afb267782d0e7c0bf55 tkinter-2.3.4-14.3.x86_64.rpm 22ab34f9f5f8d46141e0e08b45cc3c62 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 160418 - Error in RHEL3-U4-errata python python-2.2-xmlfix.patch 208162 - CVE-2006-4980 repr unicode buffer overflow References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980 http://www.redhat.com/security/updates/classification/#important These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End RHSA-2006:0713-6 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-323: AirPort Update 2006-001 and Apple Security Update 2006-005 Q-324: Cisco Guard Enables Cross Site Scripting Q-325: gnutls11 Cryptographic Weakness Q-326: Vulnerability in Vector Markup Language Q-327: Exploits of MDAC (MS06-014) Vulnerability in the Wild R-001: OpenSSL Security Advisory R-002: HP-UX running SLP, Remote Unauthorized Access R-003: HP-UX Running Ignite-UX Server R-004: Mac OS X 10.4.8 Security Update R-005: xfree86 Several Vulnerabilities