[El-errata] ELSA-2009-1177 Moderate: Enterprise Linux 4 python security update

Mon Jul 27 11:20:51 PDT 2009

Enterprise Linux Security Advisory ELSA-2009-1177

https://rhn.redhat.com/errata/RHSA-2009-1177.html

The following updated rpms for Enterprise Linux 4 have been uploaded to 
the Unbreakable Linux Network:

i386:
python-2.3.4-14.7.el4_8.2.i386.rpm
python-devel-2.3.4-14.7.el4_8.2.i386.rpm
python-docs-2.3.4-14.7.el4_8.2.i386.rpm
python-tools-2.3.4-14.7.el4_8.2.i386.rpm
tkinter-2.3.4-14.7.el4_8.2.i386.rpm

x86_64:
python-2.3.4-14.7.el4_8.2.x86_64.rpm
python-devel-2.3.4-14.7.el4_8.2.x86_64.rpm
python-docs-2.3.4-14.7.el4_8.2.x86_64.rpm
python-tools-2.3.4-14.7.el4_8.2.x86_64.rpm
tkinter-2.3.4-14.7.el4_8.2.x86_64.rpm

ia64:
python-2.3.4-14.7.el4_8.2.ia64.rpm
python-devel-2.3.4-14.7.el4_8.2.ia64.rpm
python-docs-2.3.4-14.7.el4_8.2.ia64.rpm
python-tools-2.3.4-14.7.el4_8.2.ia64.rpm
tkinter-2.3.4-14.7.el4_8.2.ia64.rpm

SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/python-2.3.4-14.7.el4_8.2.src.rpm

Description of changes:

[2.3.4-14.7.el4_8.2]
- Fix all of the low priority security bugs:
- Resolves: rhbz#486329
- Multiple integer overflows in python core (CVE-2008-2315)
- Resolves: 455008
- PyString_FromStringAndSize does not check for negative size values 
(CVE-2008-1887)
- Resolves: 443810
- Multiple integer overflows discovered by Google (CVE-2008-3143)
- Resolves: 455013
- Multiple buffer overflows in unicode processing (CVE-2008-3142)
- Resolves: 454990
- Potential integer underflow and overflow in the PyOS_vsnprintf C API 
function (CVE-2008-3144)
- Resolves: 455018
- Resolves: 455018
- imageop module multiple integer overflows (CVE-2008-4864)
- Resolves: 469656
- stringobject, unicodeobject integer overflows (CVE-2008-5031)
- Resolves: 470915
- integer signedness error in the zlib extension module (CVE-2008-1721)
- Resolves: 442005
- imageop module integer overflows (CVE-2008-1679)
- CVE-2008-1679 patch is part of 
python-2.3.4-CVE-2008-4864-imageop-{1,2}.patch
- Resolves: 441306