SUSE-SU-2012:0565-1: moderate: Security update for Python

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Apr 26 12:08:34 MDT 2012


   SUSE Security Update: Security update for Python
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0565-1
Rating:             moderate
References:         #751718 #752375 #754677 
Cross-References:   CVE-2012-1150
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that solves one vulnerability and has two fixes
   is now available.

Description:


   The following issues have been fixed in this update:

   * hash randomization issues (CVE-2012-115) (see below)
   * SimpleHTTPServer XSS (CVE-2011-1015)
   * SSL BEAST vulnerability (CVE-2011-3389)

   The hash randomization fix is by default disabled to keep
   compatibility  with existing python code when it extracts
   hashes.

   To enable the hash seed randomization you can either use:

   * pass -R to the python interpreter commandline.
   * set the environment variable PYTHONHASHSEED=random to
   enable it for programs. You can also set this environment
   variable to a fixed hash seed by specifying a integer value
   between 0 and MAX_UINT.

   In generally enabling this is only needed when malicious
   third parties can  inject values into your hash tables.

   Security Issue reference:

   * CVE-2012-1150
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150
   >



Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      python-2.4.2-18.41.2
      python-curses-2.4.2-18.41.2
      python-demo-2.4.2-18.41.2
      python-devel-2.4.2-18.41.2
      python-gdbm-2.4.2-18.41.2
      python-idle-2.4.2-18.41.2
      python-tk-2.4.2-18.41.2
      python-xml-2.4.2-18.41.2

   - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):

      python-32bit-2.4.2-18.41.2

   - SUSE Linux Enterprise Server 10 SP4 (noarch):

      python-doc-2.4.2-18.41.3
      python-doc-pdf-2.4.2-18.41.3

   - SUSE Linux Enterprise Server 10 SP4 (ia64):

      python-x86-2.4.2-18.41.2

   - SUSE Linux Enterprise Server 10 SP4 (ppc):

      python-64bit-2.4.2-18.41.2

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      python-2.4.2-18.41.2
      python-curses-2.4.2-18.41.2
      python-devel-2.4.2-18.41.2
      python-gdbm-2.4.2-18.41.2
      python-tk-2.4.2-18.41.2
      python-xml-2.4.2-18.41.2

   - SUSE Linux Enterprise Desktop 10 SP4 (x86_64):

      python-32bit-2.4.2-18.41.2

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

      python-demo-2.4.2-18.41.2
      python-devel-2.4.2-18.41.2
      python-idle-2.4.2-18.41.2

   - SLE SDK 10 SP4 (noarch):

      python-doc-2.4.2-18.41.3
      python-doc-pdf-2.4.2-18.41.3


References:

   http://support.novell.com/security/cve/CVE-2012-1150.html
   https://bugzilla.novell.com/751718
   https://bugzilla.novell.com/752375
   https://bugzilla.novell.com/754677
   http://download.novell.com/patch/finder/?keywords=8cae90c294b192a41f5e7816dbad3991



More information about the sle-security-updates mailing list