The Slackware Linux Project: Slackware Security Advisories

Slackware Security Advisories
News
Security Advisories
FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact
Mailing Lists
About
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Python SimpleXMLRPCServer module (SSA:2005-111-02)
Date: Thu, 21 Apr 2005 22:27:41 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  Python SimpleXMLRPCServer module (SSA:2005-111-02)

New Python packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
and -current to fix a security issue in the SimpleXMLRPCServer library
module.


Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
patches/packages/python-2.4.1-i486-1.tgz:  Upgraded to python-2.4.1.
  From the python.org site:  "The Python development team has discovered a flaw
  in the SimpleXMLRPCServer library module which can give remote attackers
  access to internals of the registered object or its module or possibly other
  modules. The flaw only affects Python XML-RPC servers that use the
  register_instance() method to register an object without a _dispatch()
  method. Servers using only register_function() are not affected."
  For more details, see:
    http://python.org/security/PSF-2005-001/
  (* Security fix *)
patches/packages/python-demo-2.4.1-noarch-1.tgz:  Upgraded to python-2.4.1
  demos.
patches/packages/python-tools-2.4.1-noarch-1.tgz:  Upgraded to python-2.4.1
  tools.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/python-2.2.3-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/python-2.2.3-i386-1.tgz

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-2.3.5-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-demo-2.3.5-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-tools-2.3.5-noarch-1.tgz

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/python-2.3.5-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/python-demo-2.3.5-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/python-tools-2.3.5-noarch-1.tgz

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/python-2.4.1-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/python-demo-2.4.1-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/python-tools-2.4.1-noarch-1.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python-2.4.1-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python-demo-2.4.1-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python-tools-2.4.1-noarch-1.tgz


MD5 signatures:
+-------------+

Slackware 8.1 package:
b90d20f1c90a39407fae3346e17befd0  python-2.2.3-i386-1.tgz

Slackware 9.0 package:
fb39a3367b130440b5f8a64c3468eec2  python-2.2.3-i386-1.tgz

Slackware 9.1 packages:
897fe07abe99fc1f1a4095cacecd697f  python-2.3.5-i486-1.tgz
34a3cd2b3fe85810964a13fce7c5d9fc  python-demo-2.3.5-noarch-1.tgz
c48b074dcf6a76818e181764ce7e41ee  python-tools-2.3.5-noarch-1.tgz

Slackware 10.0 packages:
11c483e44089d7aae954c62eada1108c  python-2.3.5-i486-1.tgz
b1dbd8eeca44c048dd83f505b2c69fdb  python-demo-2.3.5-noarch-1.tgz
554e9cc2cb5c3f9d02cb57ee07025681  python-tools-2.3.5-noarch-1.tgz

Slackware 10.1 packages:
b78837244ef3c145cb9c354729d2954f  python-2.4.1-i486-1.tgz
83b8a735c638a64f0f348a95fd58847a  python-demo-2.4.1-noarch-1.tgz
83f0b4a65b44de14e475faa4087e5268  python-tools-2.4.1-noarch-1.tgz

Slackware -current packages:
7b2695497611d592ca756a074084bcbc  python-2.4.1-i486-1.tgz
81f77f0063c79aa9cb78c7d03c2a762b  python-demo-2.4.1-noarch-1.tgz
4008585cd345feb544de5ffae574a449  python-tools-2.4.1-noarch-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg python-2.4.1-i486-1.tgz python-demo-2.4.1-noarch-1.tgz python-tools-2.4.1-noarch-1.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFCaG6sakRjwEAQIjMRAgQUAJ9AP2+3/FIMWQ4P4NkGDUl9dw3YygCfZmiT
574knh55gFxmCnxjKr1CENs=
=KQDB
-----END PGP SIGNATURE-----
Slackware™ is a trademark of Patrick Volkerding.