[gentoo-announce] [ GLSA 201401-04 ] Python: Multiple vulnerabilities - gentoo-announce

From:	Sergey Popov <pinkbyte@g.o>
To:	gentoo-announce@g.o
Subject:	[gentoo-announce] [ GLSA 201401-04 ] Python: Multiple vulnerabilities
Date:	Mon, 06 Jan 2014 21:29:36
Message-Id:	`52CB1FE7.1070009@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201401-04

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Python: Multiple vulnerabilities

9

     Date: January 06, 2014

10

     Bugs: #325593, #355927, #358663, #396329, #403437, #469988

11

       ID: 201401-04

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Python, worst of which

19

allows remote attackers to cause a Denial of Service condition.

20

21

Background

22

==========

23

24

Python is an interpreted, interactive, object-oriented programming

25

language.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  dev-lang/python             < 3.3.2-r1              *>= 2.7.3-r1

34

                                                            *>= 2.6.8

35

                                                         *>= 3.2.5-r1

36

                                                          >= 3.3.2-r1

37

38

Description

39

===========

40

41

Multiple vulnerabilities have been discovered in Python. Please review

42

the CVE identifiers referenced below for details.

43

44

Impact

45

======

46

47

A remote attacker could possibly cause a Denial of Service condition or

48

perform man-in-the-middle attack to disclose  sensitive information.

49

50

Workaround

51

==========

52

53

There is no known workaround at this time.

54

55

Resolution

56

==========

57

58

All Python 3.3 users should upgrade to the latest version:

59

60

  # emerge --sync

61

  # emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.2-r1"

62

63

All Python 3.2 users should upgrade to the latest version:

64

65

  # emerge --sync

66

  # emerge --ask --oneshot --verbose ">=dev-lang/python-3.2.5-r1"

67

68

All Python 2.6 users should upgrade to the latest version:

69

70

  # emerge --sync

71

  # emerge --ask --oneshot --verbose ">=dev-lang/python-2.6.8"

72

73

All Python 2.7 users should upgrade to the latest version:

74

75

  # emerge --sync

76

  # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.3-r1"

77

78

References

79

==========

80

81

[ 1 ] CVE-2010-1634

82

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1634

83

[ 2 ] CVE-2010-2089

84

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2089

85

[ 3 ] CVE-2010-3492

86

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3492

87

[ 4 ] CVE-2010-3493

88

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3493

89

[ 5 ] CVE-2011-1015

90

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1015

91

[ 6 ] CVE-2012-0845

92

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0845

93

[ 7 ] CVE-2012-1150

94

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1150

95

[ 8 ] CVE-2013-2099

96

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2099

97

98

Availability

99

============

100

101

This GLSA and any updates to it are available for viewing at

102

the Gentoo Security Website:

103

104

 http://security.gentoo.org/glsa/glsa-201401-04.xml

105

106

Concerns?

107

=========

108

109

Security is a primary focus of Gentoo Linux and ensuring the

110

confidentiality and security of our users' machines is of utmost

111

importance to us. Any security concerns should be addressed to

112

security@g.o or alternatively, you may file a bug at

113

https://bugs.gentoo.org.

114

115

License

116

=======

117

118

Copyright 2014 Gentoo Foundation, Inc; referenced text

119

belongs to its owner(s).

120

121

The contents of this document are licensed under the

122

Creative Commons - Attribution / Share Alike license.

123

124

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201401-04
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Python: Multiple vulnerabilities
9	Date: January 06, 2014
10	Bugs: #325593, #355927, #358663, #396329, #403437, #469988
11	ID: 201401-04
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Python, worst of which
19	allows remote attackers to cause a Denial of Service condition.
20
21	Background
22	==========
23
24	Python is an interpreted, interactive, object-oriented programming
25	language.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 dev-lang/python < 3.3.2-r1 *>= 2.7.3-r1
34	*>= 2.6.8
35	*>= 3.2.5-r1
36	>= 3.3.2-r1
37
38	Description
39	===========
40
41	Multiple vulnerabilities have been discovered in Python. Please review
42	the CVE identifiers referenced below for details.
43
44	Impact
45	======
46
47	A remote attacker could possibly cause a Denial of Service condition or
48	perform man-in-the-middle attack to disclose sensitive information.
49
50	Workaround
51	==========
52
53	There is no known workaround at this time.
54
55	Resolution
56	==========
57
58	All Python 3.3 users should upgrade to the latest version:
59
60	# emerge --sync
61	# emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.2-r1"
62
63	All Python 3.2 users should upgrade to the latest version:
64
65	# emerge --sync
66	# emerge --ask --oneshot --verbose ">=dev-lang/python-3.2.5-r1"
67
68	All Python 2.6 users should upgrade to the latest version:
69
70	# emerge --sync
71	# emerge --ask --oneshot --verbose ">=dev-lang/python-2.6.8"
72
73	All Python 2.7 users should upgrade to the latest version:
74
75	# emerge --sync
76	# emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.3-r1"
77
78	References
79	==========
80
81	[ 1 ] CVE-2010-1634
82	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1634
83	[ 2 ] CVE-2010-2089
84	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2089
85	[ 3 ] CVE-2010-3492
86	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3492
87	[ 4 ] CVE-2010-3493
88	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3493
89	[ 5 ] CVE-2011-1015
90	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1015
91	[ 6 ] CVE-2012-0845
92	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0845
93	[ 7 ] CVE-2012-1150
94	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1150
95	[ 8 ] CVE-2013-2099
96	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2099
97
98	Availability
99	============
100
101	This GLSA and any updates to it are available for viewing at
102	the Gentoo Security Website:
103
104	http://security.gentoo.org/glsa/glsa-201401-04.xml
105
106	Concerns?
107	=========
108
109	Security is a primary focus of Gentoo Linux and ensuring the
110	confidentiality and security of our users' machines is of utmost
111	importance to us. Any security concerns should be addressed to
112	security@g.o or alternatively, you may file a bug at
113	https://bugs.gentoo.org.
114
115	License
116	=======
117
118	Copyright 2014 Gentoo Foundation, Inc; referenced text
119	belongs to its owner(s).
120
121	The contents of this document are licensed under the
122	Creative Commons - Attribution / Share Alike license.
123
124	http://creativecommons.org/licenses/by-sa/2.5