[El-errata] ELSA-2012-0744 Moderate: Oracle Linux 6 python security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Jun 19 09:04:45 PDT 2012
Oracle Linux Security Advisory ELSA-2012-0744
https://rhn.redhat.com/errata/RHSA-2012-0744.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
python-2.6.6-29.el6_2.2.i686.rpm
python-devel-2.6.6-29.el6_2.2.i686.rpm
python-libs-2.6.6-29.el6_2.2.i686.rpm
python-test-2.6.6-29.el6_2.2.i686.rpm
python-tools-2.6.6-29.el6_2.2.i686.rpm
tkinter-2.6.6-29.el6_2.2.i686.rpm
x86_64:
python-2.6.6-29.el6_2.2.x86_64.rpm
python-devel-2.6.6-29.el6_2.2.x86_64.rpm
python-libs-2.6.6-29.el6_2.2.x86_64.rpm
python-test-2.6.6-29.el6_2.2.x86_64.rpm
python-tools-2.6.6-29.el6_2.2.x86_64.rpm
tkinter-2.6.6-29.el6_2.2.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/python-2.6.6-29.el6_2.2.src.rpm
Description of changes:
[2.6.6-29.el6_2.2]
- if hash randomization is enabled, also enable it within pyexpat
Resolves: CVE-2012-0876
[2.6.6-29.el6_2.1]
- distutils.config: create ~/.pypirc securely
Resolves: CVE-2011-4944
- fix endless loop in SimpleXMLRPCServer upon malformed POST request
Resolves: CVE-2012-0845
- send encoding in SimpleHTTPServer.list_directory to protect IE7 against
potential XSS attacks
Resolves: CVE-2011-4940
- oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment
variable, to provide an opt-in way to protect against denial of service
attacks due to hash collisions within the dict and set types
Resolves: CVE-2012-1150
More information about the El-errata
mailing list