Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2009:1176 - Security Advisory
Issued:
2009-07-27
Updated:
2009-07-27

RHSA-2009:1176 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: python security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated python packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

Python is an interpreted, interactive, object-oriented programming
language.

When the assert() system call was disabled, an input sanitization flaw was
revealed in the Python string object implementation that led to a buffer
overflow. The missing check for negative size values meant the Python
memory allocator could allocate less memory than expected. This could
result in arbitrary code execution with the Python interpreter's
privileges. (CVE-2008-1887)

Multiple buffer and integer overflow flaws were found in the Python Unicode
string processing and in the Python Unicode and string object
implementations. An attacker could use these flaws to cause a denial of
service (Python application crash). (CVE-2008-3142, CVE-2008-5031)

Multiple integer overflow flaws were found in the Python imageop module. If
a Python application used the imageop module to process untrusted images,
it could cause the application to disclose sensitive information, crash or,
potentially, execute arbitrary code with the Python interpreter's
privileges. (CVE-2007-4965, CVE-2008-4864)

Multiple integer underflow and overflow flaws were found in the Python
snprintf() wrapper implementation. An attacker could use these flaws to
cause a denial of service (memory corruption). (CVE-2008-3144)

Multiple integer overflow flaws were found in various Python modules. An
attacker could use these flaws to cause a denial of service (Python
application crash). (CVE-2008-2315, CVE-2008-3143)

An integer signedness error, leading to a buffer overflow, was found
in the Python zlib extension module. If a Python application requested
the negative byte count be flushed for a decompression stream, it could
cause the application to crash or, potentially, execute arbitrary code
with the Python interpreter's privileges. (CVE-2008-1721)

A flaw was discovered in the strxfrm() function of the Python locale
module. Strings generated by this function were not properly
NULL-terminated, which could possibly cause disclosure of data stored in
the memory of a Python application using this function. (CVE-2007-2052)

Red Hat would like to thank David Remahl of the Apple Product Security team
for responsibly reporting the CVE-2008-2315 issue.

All Python users should upgrade to these updated packages, which contain
backported patches to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - AUS 5.3 x86_64
  • Red Hat Enterprise Linux Server - AUS 5.3 ia64
  • Red Hat Enterprise Linux Server - AUS 5.3 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc

Fixes

  • BZ - 235093 - CVE-2007-2052 python off-by-one locale.strxfrm() (possible memory disclosure)
  • BZ - 295971 - CVE-2007-4965 python imageop module heap corruption
  • BZ - 442005 - CVE-2008-1721 python: integer signedness error in the zlib extension module
  • BZ - 443810 - CVE-2008-1887 python: PyString_FromStringAndSize does not check for negative size values
  • BZ - 454990 - CVE-2008-3142 python: Multiple buffer overflows in unicode processing
  • BZ - 455008 - CVE-2008-2315 python: Multiple integer overflows in python core
  • BZ - 455013 - CVE-2008-3143 python: Multiple integer overflows discovered by Google
  • BZ - 455018 - CVE-2008-3144 python: Potential integer underflow and overflow in the PyOS_vsnprintf C API function
  • BZ - 469656 - CVE-2008-4864 python: imageop module multiple integer overflows
  • BZ - 470915 - CVE-2008-5031 python: stringobject, unicodeobject integer overflows

CVEs

  • CVE-2007-2052
  • CVE-2007-4965
  • CVE-2008-1887
  • CVE-2008-3143
  • CVE-2008-5031
  • CVE-2008-3142
  • CVE-2008-3144
  • CVE-2008-2315
  • CVE-2008-4864
  • CVE-2008-1721

References

  • http://www.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
python-2.4.3-24.el5_3.6.src.rpm SHA-256: cff11c7a584b495031a643c6042a702ca18ab45ebddc1ba323b9699d0a3b34f3
x86_64
python-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: f43ca48fc2d011d5ea5b33cd71f227ec0ab251572e800b7f6d19db47071b3969
python-devel-2.4.3-24.el5_3.6.i386.rpm SHA-256: be231412c05288a87388dd297f92bc190c920e20dd10d7126b5af1dc2875a1e8
python-devel-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: 7e16f549485f8b6e08c7ce5e023eb89f49ff66388102781038b9b471f946cba0
python-tools-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: bfbf87688d8742973649fdc7d278d2f18c72889bc73ed7e553f0aa435a4322bc
tkinter-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: 70bc4247a52fe2e939901931561ef4a2cc032c1f0eb25bc0a9b98d02f40cceb3
ia64
python-2.4.3-24.el5_3.6.ia64.rpm SHA-256: 7a914175c77350bbde5f9acb498224772c3879032c041f7f298afaf9e013360c
python-devel-2.4.3-24.el5_3.6.ia64.rpm SHA-256: ac25253275f23ece3184817b5dd2bef50668d977baf6fa482f5f31accb9f49b5
python-tools-2.4.3-24.el5_3.6.ia64.rpm SHA-256: 00b766919f7f04b12bf1245d580dcc4d83226a3917ac330025a9564d5000f6dc
tkinter-2.4.3-24.el5_3.6.ia64.rpm SHA-256: f4eb1ffae34866035ad1f144a3ea4a19df97bae3518c5a69312694ad74b88fcf
i386
python-2.4.3-24.el5_3.6.i386.rpm SHA-256: 6411b7481d8742a91ec9bb7edc2dc11a3e3c813d5b845fdd50100f5a900b6fb3
python-devel-2.4.3-24.el5_3.6.i386.rpm SHA-256: be231412c05288a87388dd297f92bc190c920e20dd10d7126b5af1dc2875a1e8
python-tools-2.4.3-24.el5_3.6.i386.rpm SHA-256: 9851b9a28cc1d1345e50ed66d6ce0c9d481f036f9a556b2f05af6e4fe47766e9
tkinter-2.4.3-24.el5_3.6.i386.rpm SHA-256: 940e660dc866c5f6a47bae217833c753e4af63db2d55123689391c946cfc4903

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server - AUS 5.3

SRPM
ia64
i386
x86_64

Red Hat Enterprise Linux Workstation 5

SRPM
python-2.4.3-24.el5_3.6.src.rpm SHA-256: cff11c7a584b495031a643c6042a702ca18ab45ebddc1ba323b9699d0a3b34f3
x86_64
python-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: f43ca48fc2d011d5ea5b33cd71f227ec0ab251572e800b7f6d19db47071b3969
python-devel-2.4.3-24.el5_3.6.i386.rpm SHA-256: be231412c05288a87388dd297f92bc190c920e20dd10d7126b5af1dc2875a1e8
python-devel-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: 7e16f549485f8b6e08c7ce5e023eb89f49ff66388102781038b9b471f946cba0
python-tools-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: bfbf87688d8742973649fdc7d278d2f18c72889bc73ed7e553f0aa435a4322bc
tkinter-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: 70bc4247a52fe2e939901931561ef4a2cc032c1f0eb25bc0a9b98d02f40cceb3
i386
python-2.4.3-24.el5_3.6.i386.rpm SHA-256: 6411b7481d8742a91ec9bb7edc2dc11a3e3c813d5b845fdd50100f5a900b6fb3
python-devel-2.4.3-24.el5_3.6.i386.rpm SHA-256: be231412c05288a87388dd297f92bc190c920e20dd10d7126b5af1dc2875a1e8
python-tools-2.4.3-24.el5_3.6.i386.rpm SHA-256: 9851b9a28cc1d1345e50ed66d6ce0c9d481f036f9a556b2f05af6e4fe47766e9
tkinter-2.4.3-24.el5_3.6.i386.rpm SHA-256: 940e660dc866c5f6a47bae217833c753e4af63db2d55123689391c946cfc4903

Red Hat Enterprise Linux Desktop 5

SRPM
python-2.4.3-24.el5_3.6.src.rpm SHA-256: cff11c7a584b495031a643c6042a702ca18ab45ebddc1ba323b9699d0a3b34f3
x86_64
python-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: f43ca48fc2d011d5ea5b33cd71f227ec0ab251572e800b7f6d19db47071b3969
python-tools-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: bfbf87688d8742973649fdc7d278d2f18c72889bc73ed7e553f0aa435a4322bc
tkinter-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: 70bc4247a52fe2e939901931561ef4a2cc032c1f0eb25bc0a9b98d02f40cceb3
i386
python-2.4.3-24.el5_3.6.i386.rpm SHA-256: 6411b7481d8742a91ec9bb7edc2dc11a3e3c813d5b845fdd50100f5a900b6fb3
python-tools-2.4.3-24.el5_3.6.i386.rpm SHA-256: 9851b9a28cc1d1345e50ed66d6ce0c9d481f036f9a556b2f05af6e4fe47766e9
tkinter-2.4.3-24.el5_3.6.i386.rpm SHA-256: 940e660dc866c5f6a47bae217833c753e4af63db2d55123689391c946cfc4903

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
python-2.4.3-24.el5_3.6.src.rpm SHA-256: cff11c7a584b495031a643c6042a702ca18ab45ebddc1ba323b9699d0a3b34f3
s390x
python-2.4.3-24.el5_3.6.s390x.rpm SHA-256: 2d51ef8b745411c1f99645fd1bd13242a75cbb5aee6924b8fe32519d23ee23cd
python-devel-2.4.3-24.el5_3.6.s390.rpm SHA-256: 9aeb14497cb3196097e8c79025854978f33720ffec658f8a403bcc1f8d2b5bfd
python-devel-2.4.3-24.el5_3.6.s390x.rpm SHA-256: 31a5bb1b11d7d2746a6f52c6837bef1697fe477ea99e04883ae045fed449c198
python-tools-2.4.3-24.el5_3.6.s390x.rpm SHA-256: 1e980d6beb78c7da6fab6c62af391a7b9b99aaf7a27c07cdae2565c4531c3828
tkinter-2.4.3-24.el5_3.6.s390x.rpm SHA-256: 6302b6c962982750d028006fa2ea34d68c19ae19e8c093fa786dd48c1e0dc30d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
python-2.4.3-24.el5_3.6.src.rpm SHA-256: cff11c7a584b495031a643c6042a702ca18ab45ebddc1ba323b9699d0a3b34f3
ppc
python-2.4.3-24.el5_3.6.ppc.rpm SHA-256: 90e690b393304d3f3b646c640f0a7910e5d6e9caef5ead6a2b55160065b3c0da
python-devel-2.4.3-24.el5_3.6.ppc.rpm SHA-256: 83705e519e02e90496410e759df81359c4cfba3ee6c8c469a145b064701b5385
python-devel-2.4.3-24.el5_3.6.ppc64.rpm SHA-256: 92b345ca01ec83ff73ad6fa29b2769784eab1dad4b740ba9f7365b037956e081
python-tools-2.4.3-24.el5_3.6.ppc.rpm SHA-256: 3679a1dee41879f4503154038ebe64b231fed53fae136b5aca22934f67fbb75f
tkinter-2.4.3-24.el5_3.6.ppc.rpm SHA-256: 61f45e4fe647fd270969148ed7c922e28c2159d5f5d75df530010afd0bcc0516

Red Hat Enterprise Linux Server from RHUI 5

SRPM
python-2.4.3-24.el5_3.6.src.rpm SHA-256: cff11c7a584b495031a643c6042a702ca18ab45ebddc1ba323b9699d0a3b34f3
x86_64
python-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: f43ca48fc2d011d5ea5b33cd71f227ec0ab251572e800b7f6d19db47071b3969
python-devel-2.4.3-24.el5_3.6.i386.rpm SHA-256: be231412c05288a87388dd297f92bc190c920e20dd10d7126b5af1dc2875a1e8
python-devel-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: 7e16f549485f8b6e08c7ce5e023eb89f49ff66388102781038b9b471f946cba0
python-tools-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: bfbf87688d8742973649fdc7d278d2f18c72889bc73ed7e553f0aa435a4322bc
tkinter-2.4.3-24.el5_3.6.x86_64.rpm SHA-256: 70bc4247a52fe2e939901931561ef4a2cc032c1f0eb25bc0a9b98d02f40cceb3
i386
python-2.4.3-24.el5_3.6.i386.rpm SHA-256: 6411b7481d8742a91ec9bb7edc2dc11a3e3c813d5b845fdd50100f5a900b6fb3
python-devel-2.4.3-24.el5_3.6.i386.rpm SHA-256: be231412c05288a87388dd297f92bc190c920e20dd10d7126b5af1dc2875a1e8
python-tools-2.4.3-24.el5_3.6.i386.rpm SHA-256: 9851b9a28cc1d1345e50ed66d6ce0c9d481f036f9a556b2f05af6e4fe47766e9
tkinter-2.4.3-24.el5_3.6.i386.rpm SHA-256: 940e660dc866c5f6a47bae217833c753e4af63db2d55123689391c946cfc4903

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter