[El-errata] ELSA-2012-0744 Moderate: Oracle Linux 6 python security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jun 19 09:04:45 PDT 2012


Oracle Linux Security Advisory ELSA-2012-0744

https://rhn.redhat.com/errata/RHSA-2012-0744.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
python-2.6.6-29.el6_2.2.i686.rpm
python-devel-2.6.6-29.el6_2.2.i686.rpm
python-libs-2.6.6-29.el6_2.2.i686.rpm
python-test-2.6.6-29.el6_2.2.i686.rpm
python-tools-2.6.6-29.el6_2.2.i686.rpm
tkinter-2.6.6-29.el6_2.2.i686.rpm

x86_64:
python-2.6.6-29.el6_2.2.x86_64.rpm
python-devel-2.6.6-29.el6_2.2.x86_64.rpm
python-libs-2.6.6-29.el6_2.2.x86_64.rpm
python-test-2.6.6-29.el6_2.2.x86_64.rpm
python-tools-2.6.6-29.el6_2.2.x86_64.rpm
tkinter-2.6.6-29.el6_2.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/python-2.6.6-29.el6_2.2.src.rpm


Description of changes:

[2.6.6-29.el6_2.2]
- if hash randomization is enabled, also enable it within pyexpat
Resolves: CVE-2012-0876

[2.6.6-29.el6_2.1]
- distutils.config: create ~/.pypirc securely
Resolves: CVE-2011-4944
- fix endless loop in SimpleXMLRPCServer upon malformed POST request
Resolves: CVE-2012-0845
- send encoding in SimpleHTTPServer.list_directory to protect IE7 against
potential XSS attacks
Resolves: CVE-2011-4940
- oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment
variable, to provide an opt-in way to protect against denial of service
attacks due to hash collisions within the dict and set types
Resolves: CVE-2012-1150







More information about the El-errata mailing list