 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.68718 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2011:0027 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2011:0027. Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path (sys.path). A local attacker able to trick a victim into running such an application in an attacker-controlled directory could use this flaw to execute code with the victim's privileges. This update adds the PySys_SetArgvEx API. Developers can modify their applications to use this new API, which sets sys.argv without modifying sys.path. (CVE-2008-5983) Multiple flaws were found in the Python rgbimg module. If an application written in Python was using the rgbimg module and loaded a specially-crafted SGI image file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450) Multiple flaws were found in the Python audioop module. Supplying certain inputs could cause the audioop module to crash or, possibly, execute arbitrary code. (CVE-2010-1634, CVE-2010-2089) This update also fixes the following bugs: * When starting a child process from the subprocess module in Python 2.4, the parent process could leak file descriptors if an error occurred. This update resolves the issue. (BZ#609017) * Prior to Python 2.7, programs that used ulimit -n to enable communication with large numbers of subprocesses could still monitor only 1024 file descriptors at a time, which caused an exception: ValueError: filedescriptor out of range in select() This was due to the subprocess module using the select system call. The module now uses the poll system call, removing this limitation. (BZ#609020) * Prior to Python 2.5, the tarfile module failed to unpack tar files if the path was longer than 100 characters. This update backports the tarfile module from Python 2.5 and the issue no longer occurs. (BZ#263401) * The email module incorrectly implemented the logic for obtaining attachment file names: the get_filename() fallback for using the deprecated name parameter of the Content-Type header erroneously used the Content-Disposition header. This update backports a fix from Python 2.6, which resolves this issue. (BZ#644147) * Prior to version 2.5, Python's optimized memory allocator never released memory back to the system. The memory usage of a long-running Python process would resemble a high-water mark. This update backports a fix from Python 2.5a1, which frees unused arenas, and adds a non-standard sys._debugmallocstats() function, which prints diagnostic information to stderr. Finally, when running under Valgrind, the optimized allocator is deactivated, to allow more convenient debugging of Python memory usage issues. (BZ#569093) * The urllib and urllib2 modules ignored the no_proxy variable, which could lead to programs such as yum erroneously accessing a proxy server for URLs covered by a no_proxy exclusion. This update backports fixes of urllib and urllib2, which respect the no_proxy variable, which fixes these issues. (BZ#549372) All Python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0027.html Risk factor : High CVSS Score: 7.5 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-5983 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html http://security.gentoo.org/glsa/glsa-200903-41.xml http://security.gentoo.org/glsa/glsa-200904-06.xml https://bugzilla.redhat.com/show_bug.cgi?id=482814 http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg586010.html http://www.openwall.com/lists/oss-security/2009/01/26/2 http://www.openwall.com/lists/oss-security/2009/01/28/5 http://www.openwall.com/lists/oss-security/2009/01/30/2 http://www.redhat.com/support/errata/RHSA-2011-0027.html http://secunia.com/advisories/34522 http://secunia.com/advisories/40194 http://secunia.com/advisories/42888 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://secunia.com/advisories/51087 http://www.ubuntu.com/usn/USN-1596-1 http://www.ubuntu.com/usn/USN-1613-1 http://www.ubuntu.com/usn/USN-1613-2 http://www.ubuntu.com/usn/USN-1616-1 http://www.vupen.com/english/advisories/2010/1448 http://www.vupen.com/english/advisories/2011/0122 Common Vulnerability Exposure (CVE) ID: CVE-2009-4134 40361 http://www.securityfocus.com/bid/40361 42888 43068 http://secunia.com/advisories/43068 43364 http://secunia.com/advisories/43364 ADV-2011-0122 ADV-2011-0212 http://www.vupen.com/english/advisories/2011/0212 ADV-2011-0413 http://www.vupen.com/english/advisories/2011/0413 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html MDVSA-2010:215 http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 RHSA-2011:0027 RHSA-2011:0260 http://www.redhat.com/support/errata/RHSA-2011-0260.html SUSE-SR:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://bugs.python.org/issue8678 http://support.apple.com/kb/HT4435 https://bugzilla.redhat.com/show_bug.cgi?id=541698 Common Vulnerability Exposure (CVE) ID: CVE-2010-1449 40363 http://www.securityfocus.com/bid/40363 Common Vulnerability Exposure (CVE) ID: CVE-2010-1450 40365 http://www.securityfocus.com/bid/40365 Common Vulnerability Exposure (CVE) ID: CVE-2010-1634 39937 http://secunia.com/advisories/39937 40194 40370 http://www.securityfocus.com/bid/40370 50858 51024 51040 51087 ADV-2010-1448 APPLE-SA-2011-10-12-3 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html FEDORA-2010-9652 SUSE-SR:2010:024 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html USN-1596-1 USN-1613-1 USN-1613-2 USN-1616-1 http://bugs.python.org/issue8674 http://support.apple.com/kb/HT5002 http://svn.python.org/view?rev=81045&view=rev http://svn.python.org/view?rev=81079&view=rev https://bugzilla.redhat.com/show_bug.cgi?id=590690 Common Vulnerability Exposure (CVE) ID: CVE-2010-2089 BugTraq ID: 40863 http://www.securityfocus.com/bid/40863 SuSE Security Announcement: SUSE-SR:2010:024 (Google Search) SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) |
| Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |