Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2011-0027)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.122278

Categoría: Oracle Linux Local Security Checks

Título: Oracle: Security Advisory (ELSA-2011-0027)

Resumen: The remote host is missing an update for the 'python' package(s) announced via the ELSA-2011-0027 advisory.

Descripción: Summary:
The remote host is missing an update for the 'python' package(s) announced via the ELSA-2011-0027 advisory.

Vulnerability Insight:
[2.4.3-43]
- add missing patch 206
Related: rhbz#549372

[2.4.3-42]
- fix test_pyclbr to match the urllib change in patch 204 (patch 206)
- allow the 'no_proxy' environment variable to override 'ftp_proxy' in
urllib2 (patch 207)
- fix typos in names of patches 204 and 205
Related: rhbz#549372

[2.4.3-41]
- backport support for the 'no_proxy' environment variable to the urllib and
urllib2 modules (patches 204 and 205, respectively)
Resolves: rhbz#549372

[2.4.3-40]
- backport fixes for arena allocator from 2.5a1
- disable arena allocator when run under valgrind on x86, x86_64, ppc, ppc64
(patch 203)
- add patch to add sys._debugmallocstats() hook (patch 202)
Resolves: rhbz#569093

[2.4.3-39]
- fix various flaws in the 'audioop' module
- Resolves: CVE-2010-1634 CVE-2010-2089
- backport the new PySys_SetArgvEx libpython entrypoint from 2.6
- Related: CVE-2008-5983
- restrict creation of the .relocation-tag files to i386 builds
- Related: rhbz#644761
- move the python-optik metadata from the core subpackage to the python-libs
subpackage
- Related: rhbz#625372

[2.4.3-38]
- add metadata to ensure that 'yum install python-libs' works
- Related: rhbz#625372

[2.4.3-37]
- create dummy ELF file '.relocation-tag' to force RPM directory coloring,
fixing i386 on ia64 compat
- Resolves: rhbz#644761

[2.4.3-36]
- Backport fix for [link moved to references] to 2.4.3
- Resolves: rhbz#644147

[2.4.3-35]
- Rework rgbimgmodule fix for CVE-2008-3143
- Resolves: rhbz#644425 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450

[2.4.3-34]
- fix stray 'touch' command
- Related: rhbz#625372

[2.4.3-33]
- Preserve timestamps when fixing shebangs (patch 104) and when installing, to
minimize .pyc/.pyo differences across architectures (due to the embedded mtime
in .pyc/.pyo headers)
- Related: rhbz#625372

[2.4.3-32]
- introduce libs subpackage as a dependency of the core package, moving the
shared libraries and python standard libraries there
- Resolves: rhbz#625372

[2.4.3-31]
- don't use -b when applying patch 103
- Related: rhbz#263401

[2.4.3-30]
- add missing patch
- Resolves: rhbz#263401

[2.4.3-29]
- Backport Python 2.5s tarfile module (0.8.0) to 2.4.3
- Resolves: rhbz#263401

[2.4.3-28]
- Backport fix for leaking filedescriptors in subprocess error-handling path
from Python 2.6
- Resolves: rhbz#609017
- Backport usage of 'poll' within the subprocess module to 2.4.3
- Resolves: rhbz#609020

Affected Software/OS:
'python' package(s) on Oracle Linux 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5983
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html
http://security.gentoo.org/glsa/glsa-200903-41.xml
http://security.gentoo.org/glsa/glsa-200904-06.xml
https://bugzilla.redhat.com/show_bug.cgi?id=482814
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg586010.html
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://www.openwall.com/lists/oss-security/2009/01/28/5
http://www.openwall.com/lists/oss-security/2009/01/30/2
http://www.redhat.com/support/errata/RHSA-2011-0027.html
http://secunia.com/advisories/34522
http://secunia.com/advisories/40194
http://secunia.com/advisories/42888
http://secunia.com/advisories/50858
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
http://secunia.com/advisories/51087
http://www.ubuntu.com/usn/USN-1596-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
http://www.ubuntu.com/usn/USN-1616-1
http://www.vupen.com/english/advisories/2010/1448
http://www.vupen.com/english/advisories/2011/0122
Common Vulnerability Exposure (CVE) ID: CVE-2009-4134
40361
http://www.securityfocus.com/bid/40361
42888
43068
http://secunia.com/advisories/43068
43364
http://secunia.com/advisories/43364
ADV-2011-0122
ADV-2011-0212
http://www.vupen.com/english/advisories/2011/0212
ADV-2011-0413
http://www.vupen.com/english/advisories/2011/0413
APPLE-SA-2010-11-10-1
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
MDVSA-2010:215
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215
RHSA-2011:0027
RHSA-2011:0260
http://www.redhat.com/support/errata/RHSA-2011-0260.html
SUSE-SR:2011:002
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://bugs.python.org/issue8678
http://support.apple.com/kb/HT4435
https://bugzilla.redhat.com/show_bug.cgi?id=541698
Common Vulnerability Exposure (CVE) ID: CVE-2010-1449
40363
http://www.securityfocus.com/bid/40363
Common Vulnerability Exposure (CVE) ID: CVE-2010-1450
40365
http://www.securityfocus.com/bid/40365
Common Vulnerability Exposure (CVE) ID: CVE-2010-1634
39937
http://secunia.com/advisories/39937
40194
40370
http://www.securityfocus.com/bid/40370
50858
51024
51040
51087
ADV-2010-1448
APPLE-SA-2011-10-12-3
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
FEDORA-2010-9652
SUSE-SR:2010:024
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
USN-1596-1
USN-1613-1
USN-1613-2
USN-1616-1
http://bugs.python.org/issue8674
http://support.apple.com/kb/HT5002
http://svn.python.org/view?rev=81045&view=rev
http://svn.python.org/view?rev=81079&view=rev
https://bugzilla.redhat.com/show_bug.cgi?id=590690
Common Vulnerability Exposure (CVE) ID: CVE-2010-2089
BugTraq ID: 40863
http://www.securityfocus.com/bid/40863
SuSE Security Announcement: SUSE-SR:2010:024 (Google Search)
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.122278
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2011-0027)
Resumen:	The remote host is missing an update for the 'python' package(s) announced via the ELSA-2011-0027 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python' package(s) announced via the ELSA-2011-0027 advisory. Vulnerability Insight: [2.4.3-43] - add missing patch 206 Related: rhbz#549372 [2.4.3-42] - fix test_pyclbr to match the urllib change in patch 204 (patch 206) - allow the 'no_proxy' environment variable to override 'ftp_proxy' in urllib2 (patch 207) - fix typos in names of patches 204 and 205 Related: rhbz#549372 [2.4.3-41] - backport support for the 'no_proxy' environment variable to the urllib and urllib2 modules (patches 204 and 205, respectively) Resolves: rhbz#549372 [2.4.3-40] - backport fixes for arena allocator from 2.5a1 - disable arena allocator when run under valgrind on x86, x86_64, ppc, ppc64 (patch 203) - add patch to add sys._debugmallocstats() hook (patch 202) Resolves: rhbz#569093 [2.4.3-39] - fix various flaws in the 'audioop' module - Resolves: CVE-2010-1634 CVE-2010-2089 - backport the new PySys_SetArgvEx libpython entrypoint from 2.6 - Related: CVE-2008-5983 - restrict creation of the .relocation-tag files to i386 builds - Related: rhbz#644761 - move the python-optik metadata from the core subpackage to the python-libs subpackage - Related: rhbz#625372 [2.4.3-38] - add metadata to ensure that 'yum install python-libs' works - Related: rhbz#625372 [2.4.3-37] - create dummy ELF file '.relocation-tag' to force RPM directory coloring, fixing i386 on ia64 compat - Resolves: rhbz#644761 [2.4.3-36] - Backport fix for [link moved to references] to 2.4.3 - Resolves: rhbz#644147 [2.4.3-35] - Rework rgbimgmodule fix for CVE-2008-3143 - Resolves: rhbz#644425 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 [2.4.3-34] - fix stray 'touch' command - Related: rhbz#625372 [2.4.3-33] - Preserve timestamps when fixing shebangs (patch 104) and when installing, to minimize .pyc/.pyo differences across architectures (due to the embedded mtime in .pyc/.pyo headers) - Related: rhbz#625372 [2.4.3-32] - introduce libs subpackage as a dependency of the core package, moving the shared libraries and python standard libraries there - Resolves: rhbz#625372 [2.4.3-31] - don't use -b when applying patch 103 - Related: rhbz#263401 [2.4.3-30] - add missing patch - Resolves: rhbz#263401 [2.4.3-29] - Backport Python 2.5s tarfile module (0.8.0) to 2.4.3 - Resolves: rhbz#263401 [2.4.3-28] - Backport fix for leaking filedescriptors in subprocess error-handling path from Python 2.6 - Resolves: rhbz#609017 - Backport usage of 'poll' within the subprocess module to 2.4.3 - Resolves: rhbz#609020 Affected Software/OS: 'python' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5983 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html http://security.gentoo.org/glsa/glsa-200903-41.xml http://security.gentoo.org/glsa/glsa-200904-06.xml https://bugzilla.redhat.com/show_bug.cgi?id=482814 http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg586010.html http://www.openwall.com/lists/oss-security/2009/01/26/2 http://www.openwall.com/lists/oss-security/2009/01/28/5 http://www.openwall.com/lists/oss-security/2009/01/30/2 http://www.redhat.com/support/errata/RHSA-2011-0027.html http://secunia.com/advisories/34522 http://secunia.com/advisories/40194 http://secunia.com/advisories/42888 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://secunia.com/advisories/51087 http://www.ubuntu.com/usn/USN-1596-1 http://www.ubuntu.com/usn/USN-1613-1 http://www.ubuntu.com/usn/USN-1613-2 http://www.ubuntu.com/usn/USN-1616-1 http://www.vupen.com/english/advisories/2010/1448 http://www.vupen.com/english/advisories/2011/0122 Common Vulnerability Exposure (CVE) ID: CVE-2009-4134 40361 http://www.securityfocus.com/bid/40361 42888 43068 http://secunia.com/advisories/43068 43364 http://secunia.com/advisories/43364 ADV-2011-0122 ADV-2011-0212 http://www.vupen.com/english/advisories/2011/0212 ADV-2011-0413 http://www.vupen.com/english/advisories/2011/0413 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html MDVSA-2010:215 http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 RHSA-2011:0027 RHSA-2011:0260 http://www.redhat.com/support/errata/RHSA-2011-0260.html SUSE-SR:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://bugs.python.org/issue8678 http://support.apple.com/kb/HT4435 https://bugzilla.redhat.com/show_bug.cgi?id=541698 Common Vulnerability Exposure (CVE) ID: CVE-2010-1449 40363 http://www.securityfocus.com/bid/40363 Common Vulnerability Exposure (CVE) ID: CVE-2010-1450 40365 http://www.securityfocus.com/bid/40365 Common Vulnerability Exposure (CVE) ID: CVE-2010-1634 39937 http://secunia.com/advisories/39937 40194 40370 http://www.securityfocus.com/bid/40370 50858 51024 51040 51087 ADV-2010-1448 APPLE-SA-2011-10-12-3 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html FEDORA-2010-9652 SUSE-SR:2010:024 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html USN-1596-1 USN-1613-1 USN-1613-2 USN-1616-1 http://bugs.python.org/issue8674 http://support.apple.com/kb/HT5002 http://svn.python.org/view?rev=81045&view=rev http://svn.python.org/view?rev=81079&view=rev https://bugzilla.redhat.com/show_bug.cgi?id=590690 Common Vulnerability Exposure (CVE) ID: CVE-2010-2089 BugTraq ID: 40863 http://www.securityfocus.com/bid/40863 SuSE Security Announcement: SUSE-SR:2010:024 (Google Search) SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
Copyright	Copyright (C) 2015 Greenbone AG