Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2012:0745 - Security Advisory
Issued:
2012-06-18
Updated:
2012-06-18

RHSA-2012:0745 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: python security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated python packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Python is an interpreted, interactive, object-oriented programming
language.

A denial of service flaw was found in the implementation of associative
arrays (dictionaries) in Python. An attacker able to supply a large number
of inputs to a Python application (such as HTTP POST request parameters
sent to a web application) that are used as keys when inserting data into
an array could trigger multiple hash function collisions, making array
operations take an excessive amount of CPU time. To mitigate this issue,
randomization has been added to the hash function to reduce the chance of
an attacker successfully causing intentional collisions. (CVE-2012-1150)

Note: The hash randomization is not enabled by default as it may break
applications that incorrectly depend on dictionary ordering. To enable the
protection, the new "PYTHONHASHSEED" environment variable or the Python
interpreter's "-R" command line option can be used. Refer to the python(1)
manual page for details.

The RHSA-2012:0731 expat erratum must be installed with this update, which
adds hash randomization to the Expat library used by the Python pyexpat
module.

A flaw was found in the way the Python SimpleHTTPServer module generated
directory listings. An attacker able to upload a file with a
specially-crafted name to a server could possibly perform a cross-site
scripting (XSS) attack against victims visiting a listing page generated by
SimpleHTTPServer, for a directory containing the crafted file (if the
victims were using certain web browsers). (CVE-2011-4940)

A race condition was found in the way the Python distutils module set file
permissions during the creation of the .pypirc file. If a local user had
access to the home directory of another user who is running distutils, they
could use this flaw to gain access to that user's .pypirc file, which can
contain usernames and passwords for code repositories. (CVE-2011-4944)

Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT
acknowledges Julian Walde and Alexander Klink as the original reporters of
CVE-2012-1150.

All Python users should upgrade to these updated packages, which contain
backported patches to correct these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 750555 - CVE-2012-1150 python: hash table collisions CPU usage DoS (oCERT-2011-003)
  • BZ - 758905 - CVE-2011-4944 python: distutils creates ~/.pypirc insecurely
  • BZ - 803500 - CVE-2011-4940 python: potential XSS in SimpleHTTPServer's list_directory()

CVEs

  • CVE-2012-1150
  • CVE-2011-4944
  • CVE-2011-4940

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • http://www.ocert.org/advisories/ocert-2011-003.html
  • https://rhn.redhat.com/errata/RHSA-2012-0731.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
python-2.4.3-46.el5_8.2.src.rpm SHA-256: c95ac961e23b98656cfa77c50380089dfd5be2d92188492ff9d2e7e4b9878454
x86_64
python-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: dd2eed9113bdc5255fbd2fc0a0ebcef5a25848955b10ccee0118b6c27e8ec560
python-debuginfo-2.4.3-46.el5_8.2.i386.rpm SHA-256: 7c4981efc7ed0ae6d62a3733182bafaa3b5db18f0023c5f37375585e01ce06e0
python-debuginfo-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: ae5a92a06f6c8f83fafabc13ebc3aa7a4fee66b6b414f7c3689beb8dcb9c026d
python-devel-2.4.3-46.el5_8.2.i386.rpm SHA-256: 60280aa3531b97320d34e6796a8c19894cd68f2b8b3f0ac0e30d55e02c2bfc33
python-devel-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: 80a18007cea4de4338995bd495ee9873bb1bb2617057540c25e522d8615b1a96
python-libs-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: 6e8c22ca0bf70a4af1dc23a4efdac89a2a8acf8dc19817e48455407ffe9c9879
python-tools-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: e88669b7159ea06c56ae08994869bfb9d3d44126f3a87c80449a51519e8e957b
tkinter-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: c7b68f17aa5d03695db2eb0b67cfaa6fcad506c89ce282af4ee63b458b165fb1
ia64
python-2.4.3-46.el5_8.2.ia64.rpm SHA-256: 92d9aca3e98c14a75d88d93d74eac4c5921646841ee6368b514fa1ba1f84f7e2
python-debuginfo-2.4.3-46.el5_8.2.i386.rpm SHA-256: 7c4981efc7ed0ae6d62a3733182bafaa3b5db18f0023c5f37375585e01ce06e0
python-debuginfo-2.4.3-46.el5_8.2.ia64.rpm SHA-256: eb8a7f8f4f7724e2a43418e6fce6a2ad23c406d8f4dea58dd7c20f4d3e504662
python-devel-2.4.3-46.el5_8.2.ia64.rpm SHA-256: fbee76993606471d74987206271e0774ff180bd3d30f5b31aaff3d25c4254c4a
python-libs-2.4.3-46.el5_8.2.i386.rpm SHA-256: a5afa346e5fdd2b1ddefdd12675bdd9a6a1eae646acb170278f939b930c3ff7a
python-libs-2.4.3-46.el5_8.2.ia64.rpm SHA-256: ed8093de919b4e913d63e5fe438077b441f08bd7aee7f3d0650337dce4a44306
python-tools-2.4.3-46.el5_8.2.ia64.rpm SHA-256: ee2f086bcdabc14a3c52997f089257fa3923c7f65ef2f1fa415fe8f95bd5b3fa
tkinter-2.4.3-46.el5_8.2.ia64.rpm SHA-256: 6278fe6506e0a9b6f5d4895bf8b22feb6317aba83f071014af5d98d2fde94793
i386
python-2.4.3-46.el5_8.2.i386.rpm SHA-256: 8d0b2ed6be922f253f744b6d5781879edeccec28731b22c94e682addc3015bed
python-debuginfo-2.4.3-46.el5_8.2.i386.rpm SHA-256: 7c4981efc7ed0ae6d62a3733182bafaa3b5db18f0023c5f37375585e01ce06e0
python-devel-2.4.3-46.el5_8.2.i386.rpm SHA-256: 60280aa3531b97320d34e6796a8c19894cd68f2b8b3f0ac0e30d55e02c2bfc33
python-libs-2.4.3-46.el5_8.2.i386.rpm SHA-256: a5afa346e5fdd2b1ddefdd12675bdd9a6a1eae646acb170278f939b930c3ff7a
python-tools-2.4.3-46.el5_8.2.i386.rpm SHA-256: 54763beb166833158d03144eec0aae02b4a76dcf7136fd10bc60fb88c76467e1
tkinter-2.4.3-46.el5_8.2.i386.rpm SHA-256: 2bf7ae979334d14fc85054a094989c9dd7690406bf686080848c55c46f2078c1

Red Hat Enterprise Linux Workstation 5

SRPM
python-2.4.3-46.el5_8.2.src.rpm SHA-256: c95ac961e23b98656cfa77c50380089dfd5be2d92188492ff9d2e7e4b9878454
x86_64
python-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: dd2eed9113bdc5255fbd2fc0a0ebcef5a25848955b10ccee0118b6c27e8ec560
python-debuginfo-2.4.3-46.el5_8.2.i386.rpm SHA-256: 7c4981efc7ed0ae6d62a3733182bafaa3b5db18f0023c5f37375585e01ce06e0
python-debuginfo-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: ae5a92a06f6c8f83fafabc13ebc3aa7a4fee66b6b414f7c3689beb8dcb9c026d
python-debuginfo-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: ae5a92a06f6c8f83fafabc13ebc3aa7a4fee66b6b414f7c3689beb8dcb9c026d
python-devel-2.4.3-46.el5_8.2.i386.rpm SHA-256: 60280aa3531b97320d34e6796a8c19894cd68f2b8b3f0ac0e30d55e02c2bfc33
python-devel-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: 80a18007cea4de4338995bd495ee9873bb1bb2617057540c25e522d8615b1a96
python-libs-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: 6e8c22ca0bf70a4af1dc23a4efdac89a2a8acf8dc19817e48455407ffe9c9879
python-tools-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: e88669b7159ea06c56ae08994869bfb9d3d44126f3a87c80449a51519e8e957b
tkinter-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: c7b68f17aa5d03695db2eb0b67cfaa6fcad506c89ce282af4ee63b458b165fb1
i386
python-2.4.3-46.el5_8.2.i386.rpm SHA-256: 8d0b2ed6be922f253f744b6d5781879edeccec28731b22c94e682addc3015bed
python-debuginfo-2.4.3-46.el5_8.2.i386.rpm SHA-256: 7c4981efc7ed0ae6d62a3733182bafaa3b5db18f0023c5f37375585e01ce06e0
python-debuginfo-2.4.3-46.el5_8.2.i386.rpm SHA-256: 7c4981efc7ed0ae6d62a3733182bafaa3b5db18f0023c5f37375585e01ce06e0
python-devel-2.4.3-46.el5_8.2.i386.rpm SHA-256: 60280aa3531b97320d34e6796a8c19894cd68f2b8b3f0ac0e30d55e02c2bfc33
python-libs-2.4.3-46.el5_8.2.i386.rpm SHA-256: a5afa346e5fdd2b1ddefdd12675bdd9a6a1eae646acb170278f939b930c3ff7a
python-tools-2.4.3-46.el5_8.2.i386.rpm SHA-256: 54763beb166833158d03144eec0aae02b4a76dcf7136fd10bc60fb88c76467e1
tkinter-2.4.3-46.el5_8.2.i386.rpm SHA-256: 2bf7ae979334d14fc85054a094989c9dd7690406bf686080848c55c46f2078c1

Red Hat Enterprise Linux Desktop 5

SRPM
python-2.4.3-46.el5_8.2.src.rpm SHA-256: c95ac961e23b98656cfa77c50380089dfd5be2d92188492ff9d2e7e4b9878454
x86_64
python-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: dd2eed9113bdc5255fbd2fc0a0ebcef5a25848955b10ccee0118b6c27e8ec560
python-debuginfo-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: ae5a92a06f6c8f83fafabc13ebc3aa7a4fee66b6b414f7c3689beb8dcb9c026d
python-libs-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: 6e8c22ca0bf70a4af1dc23a4efdac89a2a8acf8dc19817e48455407ffe9c9879
python-tools-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: e88669b7159ea06c56ae08994869bfb9d3d44126f3a87c80449a51519e8e957b
tkinter-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: c7b68f17aa5d03695db2eb0b67cfaa6fcad506c89ce282af4ee63b458b165fb1
i386
python-2.4.3-46.el5_8.2.i386.rpm SHA-256: 8d0b2ed6be922f253f744b6d5781879edeccec28731b22c94e682addc3015bed
python-debuginfo-2.4.3-46.el5_8.2.i386.rpm SHA-256: 7c4981efc7ed0ae6d62a3733182bafaa3b5db18f0023c5f37375585e01ce06e0
python-libs-2.4.3-46.el5_8.2.i386.rpm SHA-256: a5afa346e5fdd2b1ddefdd12675bdd9a6a1eae646acb170278f939b930c3ff7a
python-tools-2.4.3-46.el5_8.2.i386.rpm SHA-256: 54763beb166833158d03144eec0aae02b4a76dcf7136fd10bc60fb88c76467e1
tkinter-2.4.3-46.el5_8.2.i386.rpm SHA-256: 2bf7ae979334d14fc85054a094989c9dd7690406bf686080848c55c46f2078c1

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
python-2.4.3-46.el5_8.2.src.rpm SHA-256: c95ac961e23b98656cfa77c50380089dfd5be2d92188492ff9d2e7e4b9878454
s390x
python-2.4.3-46.el5_8.2.s390x.rpm SHA-256: aced08284a08b738bc2c9d9e3d023024b58ea496a033316bdbde17e788710aa6
python-debuginfo-2.4.3-46.el5_8.2.s390.rpm SHA-256: 0e6f79101cc4f6277df9adf7f027d6f1ded156506b6f8a3380c7d21670bd49ee
python-debuginfo-2.4.3-46.el5_8.2.s390x.rpm SHA-256: 34051c9d915cd7b9446ab8766ee44bbcd528071f6b94c61204829987d48f3719
python-devel-2.4.3-46.el5_8.2.s390.rpm SHA-256: 775e51c896e77546e2e1a45d05edeab68b24ac8fa2e2a10b3c25d7123a414dd7
python-devel-2.4.3-46.el5_8.2.s390x.rpm SHA-256: b001357027405f28afac01d2f6841d11bcc74a71ae5e9595f5db26564e5eef65
python-libs-2.4.3-46.el5_8.2.s390x.rpm SHA-256: 50ebc44468a8d4cbcde0417a79e662c7e3f1333bf751070602e47dec39e6d7e0
python-tools-2.4.3-46.el5_8.2.s390x.rpm SHA-256: 656ad10b4ed4b953b6c682891e39b70cfa9b0946abbbfec70a8bc7d33e89416e
tkinter-2.4.3-46.el5_8.2.s390x.rpm SHA-256: 99da15d7cb61bd5fc952ee4e326334b7ab2159b0bf6a2adb8feedd7287b348a2

Red Hat Enterprise Linux for Power, big endian 5

SRPM
python-2.4.3-46.el5_8.2.src.rpm SHA-256: c95ac961e23b98656cfa77c50380089dfd5be2d92188492ff9d2e7e4b9878454
ppc
python-2.4.3-46.el5_8.2.ppc.rpm SHA-256: 6efbbf53051dae6627941e29579fb53d7df0527089360e1f42c5ea1337d5461d
python-debuginfo-2.4.3-46.el5_8.2.ppc.rpm SHA-256: 455f0f4ade98ce3c06efab2b57021d06382a75b587b48010bf705e2b0b0b1b20
python-debuginfo-2.4.3-46.el5_8.2.ppc64.rpm SHA-256: 621f3896aebfd6765a179c60a470ae2e31e2c7d03e1a5a9a54dac319a072e115
python-devel-2.4.3-46.el5_8.2.ppc.rpm SHA-256: b03eb41ad9dcc07f7800960fed0d6df8a41dbe7f129a51eacb5245510570f4ec
python-devel-2.4.3-46.el5_8.2.ppc64.rpm SHA-256: 37103ffa42a342f81b4853434c8aabf2e0f121ae4e94dd3c784e0e0cec482a3d
python-libs-2.4.3-46.el5_8.2.ppc.rpm SHA-256: 575ecc3842aaf115f047482471c88496e00986454c054982de09891950626889
python-libs-2.4.3-46.el5_8.2.ppc64.rpm SHA-256: ad56d8542ec234dbd9a5a0b766924c65dba942ce78bb9f678379e0f5ff005a9d
python-tools-2.4.3-46.el5_8.2.ppc.rpm SHA-256: 131247d59f4622ef4943abadcef1558d1bbdd3c9d9584be70659ca42fcec9bcb
tkinter-2.4.3-46.el5_8.2.ppc.rpm SHA-256: bbc5bc79afa34efc61e369d5d72f8c8350ee893a35b77ab088ce3a52de02ddc8

Red Hat Enterprise Linux Server from RHUI 5

SRPM
python-2.4.3-46.el5_8.2.src.rpm SHA-256: c95ac961e23b98656cfa77c50380089dfd5be2d92188492ff9d2e7e4b9878454
x86_64
python-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: dd2eed9113bdc5255fbd2fc0a0ebcef5a25848955b10ccee0118b6c27e8ec560
python-debuginfo-2.4.3-46.el5_8.2.i386.rpm SHA-256: 7c4981efc7ed0ae6d62a3733182bafaa3b5db18f0023c5f37375585e01ce06e0
python-debuginfo-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: ae5a92a06f6c8f83fafabc13ebc3aa7a4fee66b6b414f7c3689beb8dcb9c026d
python-devel-2.4.3-46.el5_8.2.i386.rpm SHA-256: 60280aa3531b97320d34e6796a8c19894cd68f2b8b3f0ac0e30d55e02c2bfc33
python-devel-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: 80a18007cea4de4338995bd495ee9873bb1bb2617057540c25e522d8615b1a96
python-libs-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: 6e8c22ca0bf70a4af1dc23a4efdac89a2a8acf8dc19817e48455407ffe9c9879
python-tools-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: e88669b7159ea06c56ae08994869bfb9d3d44126f3a87c80449a51519e8e957b
tkinter-2.4.3-46.el5_8.2.x86_64.rpm SHA-256: c7b68f17aa5d03695db2eb0b67cfaa6fcad506c89ce282af4ee63b458b165fb1
i386
python-2.4.3-46.el5_8.2.i386.rpm SHA-256: 8d0b2ed6be922f253f744b6d5781879edeccec28731b22c94e682addc3015bed
python-debuginfo-2.4.3-46.el5_8.2.i386.rpm SHA-256: 7c4981efc7ed0ae6d62a3733182bafaa3b5db18f0023c5f37375585e01ce06e0
python-devel-2.4.3-46.el5_8.2.i386.rpm SHA-256: 60280aa3531b97320d34e6796a8c19894cd68f2b8b3f0ac0e30d55e02c2bfc33
python-libs-2.4.3-46.el5_8.2.i386.rpm SHA-256: a5afa346e5fdd2b1ddefdd12675bdd9a6a1eae646acb170278f939b930c3ff7a
python-tools-2.4.3-46.el5_8.2.i386.rpm SHA-256: 54763beb166833158d03144eec0aae02b4a76dcf7136fd10bc60fb88c76467e1
tkinter-2.4.3-46.el5_8.2.i386.rpm SHA-256: 2bf7ae979334d14fc85054a094989c9dd7690406bf686080848c55c46f2078c1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility