- Issued:
- 2009-09-02
- Updated:
- 2009-09-02
RHBA-2009:1351 - Bug Fix Advisory
Synopsis
m2crypto bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An updated m2crypto package that fixes various bugs is now available.
Description
The m2crypto package contains a Python module that makes it possible to
call OpenSSL functions from Python scripts.
Bugs fixed in this updated package include:
- closing a file object returned by m2urllib2 did not immediately close the
underlying network connection. This could cause a process to run out of
file handles. Closing a file object now closes the sockets associated with
it and avoids leaking file descriptors. (BZ#460692)
- the Python global interpreter lock was not released by blocking m2crypto
functions, making it impossible to use m2crypto concurrently in a
multi-threaded program. M2Crypto now uses the thread support in SWIG for
functions that are likely to block. M2Crypto can now accept additional
connections even when a different thread is still waiting for incoming
data. (BZ#472690)
- m2urllib2 used absolute URIs in HTTP requests instead of using only the
selector part of the URI, which is not supported by some HTTP servers. Now,
m2urllib2 makes requests with only the selector part of the URI, ensuring
that the request is understood even by HTTP servers that do not support
requests made with the absolute URI. (BZ#491674)
- the M2Crypto SSL certificate checker incorrectly rejected
certificates with a subjectAltName extension that did not contain a host
name. M2Crypto now uses the certificate subject field instead of
subjectAltName if subjectAltName does not contain a host name. (BZ#504060)
- the OpenSSL locking callback in M2Crypto did not block on a lock when the
lock was held by another thread. This could cause data corruption in
multi-threaded applications. The locking callback now functions correctly,
regardless of which thread holds the lock. (BZ#507903)
Users are advised to upgrade to this updated m2crypto package, which
resolves these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 460692 - m2crypto leaks fds into GC
- BZ - 472690 - m2crypto blocks python thread
- BZ - 491674 - Use relative paths in HTTP requests via m2urllib2
- BZ - 504060 - m2crypto does not handle subjectAltName having non DNS:xxx entries.
- BZ - 507903 - m2crypto's OpenSSL locking callback does a sem_trywait() instead of sem_wait ()
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
m2crypto-0.16-6.el5.6.src.rpm | SHA-256: e7b26adecd420c1a06d60108dba5038bbe2761d363ef75dd05d0be1527a15be1 |
x86_64 | |
m2crypto-0.16-6.el5.6.x86_64.rpm | SHA-256: 33dcb803a8eafb30a4f51002c553bc138dbac670f95a9b07db495c0c2c28503f |
ia64 | |
m2crypto-0.16-6.el5.6.ia64.rpm | SHA-256: 0444e59e01b50c74b8d9d61ce1c188a3b96e1296e46d7d032a003edadbf60a85 |
i386 | |
m2crypto-0.16-6.el5.6.i386.rpm | SHA-256: e3cf8851ad6baf4a31481a272049411b2c7ed3643d1e280d015885569e6f8223 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
m2crypto-0.16-6.el5.6.src.rpm | SHA-256: e7b26adecd420c1a06d60108dba5038bbe2761d363ef75dd05d0be1527a15be1 |
x86_64 | |
m2crypto-0.16-6.el5.6.x86_64.rpm | SHA-256: 33dcb803a8eafb30a4f51002c553bc138dbac670f95a9b07db495c0c2c28503f |
i386 | |
m2crypto-0.16-6.el5.6.i386.rpm | SHA-256: e3cf8851ad6baf4a31481a272049411b2c7ed3643d1e280d015885569e6f8223 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
m2crypto-0.16-6.el5.6.src.rpm | SHA-256: e7b26adecd420c1a06d60108dba5038bbe2761d363ef75dd05d0be1527a15be1 |
x86_64 | |
m2crypto-0.16-6.el5.6.x86_64.rpm | SHA-256: 33dcb803a8eafb30a4f51002c553bc138dbac670f95a9b07db495c0c2c28503f |
i386 | |
m2crypto-0.16-6.el5.6.i386.rpm | SHA-256: e3cf8851ad6baf4a31481a272049411b2c7ed3643d1e280d015885569e6f8223 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
m2crypto-0.16-6.el5.6.src.rpm | SHA-256: e7b26adecd420c1a06d60108dba5038bbe2761d363ef75dd05d0be1527a15be1 |
s390x | |
m2crypto-0.16-6.el5.6.s390x.rpm | SHA-256: a24bacc100170059cbb528e8a7e4a82c69cb90330e97a1ca9f351938f8a46cac |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
m2crypto-0.16-6.el5.6.src.rpm | SHA-256: e7b26adecd420c1a06d60108dba5038bbe2761d363ef75dd05d0be1527a15be1 |
ppc | |
m2crypto-0.16-6.el5.6.ppc.rpm | SHA-256: ce4001692010eb3d32115ec9f8aa71c3f13f21f94714a6ae8e789b524cb1bfca |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
m2crypto-0.16-6.el5.6.src.rpm | SHA-256: e7b26adecd420c1a06d60108dba5038bbe2761d363ef75dd05d0be1527a15be1 |
x86_64 | |
m2crypto-0.16-6.el5.6.x86_64.rpm | SHA-256: 33dcb803a8eafb30a4f51002c553bc138dbac670f95a9b07db495c0c2c28503f |
i386 | |
m2crypto-0.16-6.el5.6.i386.rpm | SHA-256: e3cf8851ad6baf4a31481a272049411b2c7ed3643d1e280d015885569e6f8223 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.