Lucene search

K
redhatRedHatRHSA-2011:0260
HistoryFeb 16, 2011 - 12:00 a.m.

(RHSA-2011:0260) Low: python security and bug fix update

2011-02-1600:00:00
access.redhat.com
10

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.041 Low

EPSS

Percentile

91.2%

Python is an interpreted, interactive, object-oriented programming
language.

Multiple flaws were found in the Python rgbimg module. If an application
written in Python was using the rgbimg module and loaded a
specially-crafted SGI image file, it could cause the application to crash
or, possibly, execute arbitrary code with the privileges of the user
running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)

This update also fixes the following bugs:

  • Python 2.3.4’s time.strptime() function did not correctly handle the “%W”
    week number format string. This update backports the _strptime
    implementation from Python 2.3.6, fixing this issue. (BZ#436001)

  • Python 2.3.4’s socket.htons() function returned partially-uninitialized
    data on IBM System z, generally leading to incorrect results. (BZ#513341)

  • Python 2.3.4’s pwd.getpwuid() and grp.getgrgid() functions did not
    support the full range of user and group IDs on 64-bit architectures,
    leading to “OverflowError” exceptions for large input values. This update
    adds support for the full range of user and group IDs on 64-bit
    architectures. (BZ#497540)

Users of Python should upgrade to these updated packages, which contain
backported patches to correct these issues.

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.041 Low

EPSS

Percentile

91.2%