logo
DATABASE RESOURCES PRICING ABOUT US

SuSE 10 Security Update : Python (ZYPP Patch Number 8080) (BEAST)

Description

The following issues have been fixed in this update : - hash randomization issues (CVE-2012-115) (see below) - SimpleHTTPServer XSS. (CVE-2011-1015) - SSL BEAST vulnerability (CVE-2011-3389) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes. To enable the hash seed randomization you can either use : - pass -R to the python interpreter commandline. - set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT. In generally enabling this is only needed when malicious third parties can inject values into your hash tables.


Related