SUSE-SU-2012:0565-1: moderate: Security update for Python
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Apr 26 12:08:34 MDT 2012
SUSE Security Update: Security update for Python
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:0565-1
Rating: moderate
References: #751718 #752375 #754677
Cross-References: CVE-2012-1150
Affected Products:
SUSE Linux Enterprise Server 10 SP4
SUSE Linux Enterprise Desktop 10 SP4
SLE SDK 10 SP4
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
The following issues have been fixed in this update:
* hash randomization issues (CVE-2012-115) (see below)
* SimpleHTTPServer XSS (CVE-2011-1015)
* SSL BEAST vulnerability (CVE-2011-3389)
The hash randomization fix is by default disabled to keep
compatibility with existing python code when it extracts
hashes.
To enable the hash seed randomization you can either use:
* pass -R to the python interpreter commandline.
* set the environment variable PYTHONHASHSEED=random to
enable it for programs. You can also set this environment
variable to a fixed hash seed by specifying a integer value
between 0 and MAX_UINT.
In generally enabling this is only needed when malicious
third parties can inject values into your hash tables.
Security Issue reference:
* CVE-2012-1150
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150
>
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
python-2.4.2-18.41.2
python-curses-2.4.2-18.41.2
python-demo-2.4.2-18.41.2
python-devel-2.4.2-18.41.2
python-gdbm-2.4.2-18.41.2
python-idle-2.4.2-18.41.2
python-tk-2.4.2-18.41.2
python-xml-2.4.2-18.41.2
- SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):
python-32bit-2.4.2-18.41.2
- SUSE Linux Enterprise Server 10 SP4 (noarch):
python-doc-2.4.2-18.41.3
python-doc-pdf-2.4.2-18.41.3
- SUSE Linux Enterprise Server 10 SP4 (ia64):
python-x86-2.4.2-18.41.2
- SUSE Linux Enterprise Server 10 SP4 (ppc):
python-64bit-2.4.2-18.41.2
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
python-2.4.2-18.41.2
python-curses-2.4.2-18.41.2
python-devel-2.4.2-18.41.2
python-gdbm-2.4.2-18.41.2
python-tk-2.4.2-18.41.2
python-xml-2.4.2-18.41.2
- SUSE Linux Enterprise Desktop 10 SP4 (x86_64):
python-32bit-2.4.2-18.41.2
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
python-demo-2.4.2-18.41.2
python-devel-2.4.2-18.41.2
python-idle-2.4.2-18.41.2
- SLE SDK 10 SP4 (noarch):
python-doc-2.4.2-18.41.3
python-doc-pdf-2.4.2-18.41.3
References:
http://support.novell.com/security/cve/CVE-2012-1150.html
https://bugzilla.novell.com/751718
https://bugzilla.novell.com/752375
https://bugzilla.novell.com/754677
http://download.novell.com/patch/finder/?keywords=8cae90c294b192a41f5e7816dbad3991
More information about the sle-security-updates
mailing list