[gentoo-announce] [ GLSA 201503-10 ] Python: Multiple vulnerabilities - gentoo-announce

From:	Kristian Fiskerstrand <k_f@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201503-10 ] Python: Multiple vulnerabilities
Date:	Wed, 18 Mar 2015 22:36:52
Message-Id:	`5509FCFE.8070703@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA512

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 201503-10

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                           https://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

 Severity: Normal

11

    Title: Python: Multiple vulnerabilities

12

     Date: March 18, 2015

13

     Bugs: #495224, #500518, #505068, #506084, #514686, #523792, #532232

14

       ID: 201503-10

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

Multiple vulnerabilities have been found in Python, the worst of which

22

could lead to arbitrary code execution.

23

24

Background

25

==========

26

27

Python is an interpreted, interactive, object-oriented programming

28

language.

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package              /     Vulnerable     /            Unaffected

35

    -------------------------------------------------------------------

36

  1  dev-lang/python             < 3.3.5-r1              *>= 2.7.9-r1

37

                                                          >= 3.3.5-r1

38

39

Description

40

===========

41

42

Multiple vulnerabilities have been discovered in Python. Please review

43

the CVE identifiers referenced below for details.

44

45

Impact

46

======

47

48

A context-dependent attacker may be able to execute arbitrary code or

49

cause a Denial of Service condition.

50

51

Workaround

52

==========

53

54

There is no known workaround at this time.

55

56

Resolution

57

==========

58

59

All Python 3.3 users should upgrade to the latest version:

60

61

  # emerge --sync

62

  # emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.5-r1"

63

64

All Python 2.7 users should upgrade to the latest version:

65

66

  # emerge --sync

67

  # emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.9-r1"

68

69

References

70

==========

71

72

[ 1 ] CVE-2013-1752

73

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1752

74

[ 2 ] CVE-2013-7338

75

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7338

76

[ 3 ] CVE-2014-1912

77

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1912

78

[ 4 ] CVE-2014-2667

79

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2667

80

[ 5 ] CVE-2014-4616

81

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4616

82

[ 6 ] CVE-2014-7185

83

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7185

84

[ 7 ] CVE-2014-9365

85

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9365

86

87

Availability

88

============

89

90

This GLSA and any updates to it are available for viewing at

91

the Gentoo Security Website:

92

93

 https://security.gentoo.org/glsa/201503-10

94

95

Concerns?

96

=========

97

98

Security is a primary focus of Gentoo Linux and ensuring the

99

confidentiality and security of our users' machines is of utmost

100

importance to us. Any security concerns should be addressed to

101

security@g.o or alternatively, you may file a bug at

102

https://bugs.gentoo.org.

103

104

License

105

=======

106

107

Copyright 2015 Gentoo Foundation, Inc; referenced text

108

belongs to its owner(s).

109

110

The contents of this document are licensed under the

111

Creative Commons - Attribution / Share Alike license.

112

113

http://creativecommons.org/licenses/by-sa/2.5

114

115

-----BEGIN PGP SIGNATURE-----

116

117

iQEcBAEBCgAGBQJVCfz5AAoJEP7VAChXwav6BAQH/37082hDkAVJo/x2oDcGgPD8

118

Oa959AMZKEOJtV5vJxBmR4MYfIC2lOI7/vHpLs4dDoM/NthCZDRrN5YcWHhMbzed

119

HVTyDeMKty2IHlCzCgwAPXv7C1dp/lNL0mFqjMHsRs0e1uxi/Ro50s77tyLlA25g

120

Vn1uT7yhNhBMYZCDPmYb7FPhmJMKcIM3vXK5hL7paQB9yeIZ/wMAk46Ks2mMh8s7

121

1oMgVHDfkf0u82hM+8S8VQvVB+4NmXNLvU6BNxyvoJbZ5dxCu8+drY2/sQREEjZu

122

fBC1u101ZrZpLzLSStDp6grBxK3EDgLEkQzNDuqtJRZxNf5ntHJJQpeM1P/s3Ns=

123

=Dy8A

124

-----END PGP SIGNATURE-----

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA512
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 201503-10
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	https://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: Normal
11	Title: Python: Multiple vulnerabilities
12	Date: March 18, 2015
13	Bugs: #495224, #500518, #505068, #506084, #514686, #523792, #532232
14	ID: 201503-10
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	Multiple vulnerabilities have been found in Python, the worst of which
22	could lead to arbitrary code execution.
23
24	Background
25	==========
26
27	Python is an interpreted, interactive, object-oriented programming
28	language.
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 dev-lang/python < 3.3.5-r1 *>= 2.7.9-r1
37	>= 3.3.5-r1
38
39	Description
40	===========
41
42	Multiple vulnerabilities have been discovered in Python. Please review
43	the CVE identifiers referenced below for details.
44
45	Impact
46	======
47
48	A context-dependent attacker may be able to execute arbitrary code or
49	cause a Denial of Service condition.
50
51	Workaround
52	==========
53
54	There is no known workaround at this time.
55
56	Resolution
57	==========
58
59	All Python 3.3 users should upgrade to the latest version:
60
61	# emerge --sync
62	# emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.5-r1"
63
64	All Python 2.7 users should upgrade to the latest version:
65
66	# emerge --sync
67	# emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.9-r1"
68
69	References
70	==========
71
72	[ 1 ] CVE-2013-1752
73	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1752
74	[ 2 ] CVE-2013-7338
75	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7338
76	[ 3 ] CVE-2014-1912
77	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1912
78	[ 4 ] CVE-2014-2667
79	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2667
80	[ 5 ] CVE-2014-4616
81	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4616
82	[ 6 ] CVE-2014-7185
83	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7185
84	[ 7 ] CVE-2014-9365
85	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9365
86
87	Availability
88	============
89
90	This GLSA and any updates to it are available for viewing at
91	the Gentoo Security Website:
92
93	https://security.gentoo.org/glsa/201503-10
94
95	Concerns?
96	=========
97
98	Security is a primary focus of Gentoo Linux and ensuring the
99	confidentiality and security of our users' machines is of utmost
100	importance to us. Any security concerns should be addressed to
101	security@g.o or alternatively, you may file a bug at
102	https://bugs.gentoo.org.
103
104	License
105	=======
106
107	Copyright 2015 Gentoo Foundation, Inc; referenced text
108	belongs to its owner(s).
109
110	The contents of this document are licensed under the
111	Creative Commons - Attribution / Share Alike license.
112
113	http://creativecommons.org/licenses/by-sa/2.5
114
115	-----BEGIN PGP SIGNATURE-----
116
117	iQEcBAEBCgAGBQJVCfz5AAoJEP7VAChXwav6BAQH/37082hDkAVJo/x2oDcGgPD8
118	Oa959AMZKEOJtV5vJxBmR4MYfIC2lOI7/vHpLs4dDoM/NthCZDRrN5YcWHhMbzed
119	HVTyDeMKty2IHlCzCgwAPXv7C1dp/lNL0mFqjMHsRs0e1uxi/Ro50s77tyLlA25g
120	Vn1uT7yhNhBMYZCDPmYb7FPhmJMKcIM3vXK5hL7paQB9yeIZ/wMAk46Ks2mMh8s7
121	1oMgVHDfkf0u82hM+8S8VQvVB+4NmXNLvU6BNxyvoJbZ5dxCu8+drY2/sQREEjZu
122	fBC1u101ZrZpLzLSStDp6grBxK3EDgLEkQzNDuqtJRZxNf5ntHJJQpeM1P/s3Ns=
123	=Dy8A
124	-----END PGP SIGNATURE-----

Gentoo Archives: gentoo-announce