[USN-73-1] Python vulnerability

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 02/03/05

  • Next message: J. Oquendo: "[Full-Disclosure] Re: Cain and Abel"
    Date: Thu, 3 Feb 2005 17:18:26 +0100
    To: ubuntu-security-announce@lists.ubuntu.com
    
    
    

    ===========================================================
    Ubuntu Security Notice USN-73-1 February 03, 2005
    python2.2, python2.3 vulnerability
    CAN-2005-0089
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)

    The following packages are affected:

    python2.2
    python2.3

    The problem can be corrected by upgrading the affected package to
    version 2.2.3-10ubuntu0.1 (python2.2) and 2.3.4-2ubuntu0.1
    (python2.3). After a standard system upgrade you must restart all
    running Python server applications that use XML-RPC to effect the
    necessary changes.

    Details follow:

    The Python developers discovered a flaw in the SimpleXMLRPCServer
    module. Python XML-RPC servers that used the register_instance()
    method to register an object, but do not have a _dispatch() method,
    allowed remote users to access or change function internals using the
    im_* and func_* attributes.

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1.diff.gz
          Size/MD5: 1927781 2df9c99747532348619bbb8d8d5f3996
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1.dsc
          Size/MD5: 1184 3e1c5d029c99987852bad718712dcf76
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3.orig.tar.gz
          Size/MD5: 6711816 c23fbe6a0cdf800734f5813b9f7cb1d0
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1.diff.gz
          Size/MD5: 2284380 04304bcdf030e24976fa4f846b754aa8
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1.dsc
          Size/MD5: 1141 28c897b1a2c44ee9eb72cc30177f8697
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4.orig.tar.gz
          Size/MD5: 8502596 d68a6a490c04b2c8f664ba4f2192e2fb

      Architecture independent packages:

        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/idle-python2.2_2.2.3-10ubuntu0.1_all.deb
          Size/MD5: 116018 b4ab3787a4c6b4025a9ae70393990b45
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.3/idle-python2.3_2.3.4-2ubuntu0.1_all.deb
          Size/MD5: 228350 07375ecb2762227776cd700429d8531c
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-doc_2.2.3-10ubuntu0.1_all.deb
          Size/MD5: 2268242 a572cf6409ca4a82721952ae7d36529d
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-examples_2.2.3-10ubuntu0.1_all.deb
          Size/MD5: 479006 cdf96d86449bdbd72ef25e5830a9a8fe
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-doc_2.3.4-2ubuntu0.1_all.deb
          Size/MD5: 2816894 91930107a10bb529d3cba16312457d76
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-examples_2.3.4-2ubuntu0.1_all.deb
          Size/MD5: 507732 2daf5ccaec4f6b967223b09b15f85197

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_amd64.deb
          Size/MD5: 1402344 a1d36ff39d0fb0cf2a05b22175f3083f
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_amd64.deb
          Size/MD5: 20138 e771840c7881423e226d0fb37a2e1a1e
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_amd64.deb
          Size/MD5: 24932 a71d0c4e6301b330b62edc73865300ae
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_amd64.deb
          Size/MD5: 96092 606bcccac218c73b3f86658cb4ba4750
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_amd64.deb
          Size/MD5: 54902 a030a68171c6fc6591a9e8af1ed1c31b
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_amd64.deb
          Size/MD5: 2240692 59cb63acc72ee9b6b93f786555f6343f
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_amd64.deb
          Size/MD5: 1747592 a9c0dd251682fb7101ebfcad03d1d114
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_amd64.deb
          Size/MD5: 22300 5cc5444cf4c6361e7f2bb7970a53dad2
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_amd64.deb
          Size/MD5: 27138 f362a0c22d0ebeb4f82910ce8fad2206
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_amd64.deb
          Size/MD5: 104686 ce82ad1e4225e88a9d442e86e3df1cbd
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_amd64.deb
          Size/MD5: 2868960 2eb165d9c2654606c26cf2f8e195b638

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_i386.deb
          Size/MD5: 1272072 875cdbb06f99e8a47e3c101e15663c8a
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_i386.deb
          Size/MD5: 19798 d77efa2115ebe5865ea364851469a829
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_i386.deb
          Size/MD5: 23686 45e1ed9fd53a647d917537c10c7a46d6
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_i386.deb
          Size/MD5: 93364 389380de54da2d08c7b04c1aa4c95677
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_i386.deb
          Size/MD5: 53162 90aaed4f73b488ada5cd06986d226614
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_i386.deb
          Size/MD5: 2114526 47c6ae1fece9dc560b1e8936e79df43e
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_i386.deb
          Size/MD5: 1601264 7abd99ff94b75c7afd6c1588215293de
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_i386.deb
          Size/MD5: 21950 9b9dde52eabbc8814c1e3afa2704473f
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_i386.deb
          Size/MD5: 25828 e784462eff29ce1e01bfe752868abd27
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_i386.deb
          Size/MD5: 102082 dcdfa6a516d8d304f61d545004ddd966
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_i386.deb
          Size/MD5: 2709818 3cb0d2298cd5f16cc788a605030cb443

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_powerpc.deb
          Size/MD5: 1503152 4256f400ee60f9742b126b0e1b3a7632
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_powerpc.deb
          Size/MD5: 21666 6ee9aba13aeeaa94241a8c3374845cf1
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_powerpc.deb
          Size/MD5: 26042 6379c3913926b334540a7242375d0941
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_powerpc.deb
          Size/MD5: 96722 cb91d46072de61a5ada927174302ffe9
        http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_powerpc.deb
          Size/MD5: 55926 8cc515a6cf422176e742308f084d3f19
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_powerpc.deb
          Size/MD5: 2358186 d741cf48639a380c1a2b0e403d5ed8d6
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_powerpc.deb
          Size/MD5: 1863678 57357eb08927011b1cd7d380ff95bdf5
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_powerpc.deb
          Size/MD5: 23732 b5c6ce94233cd2ec0766f2719f398cc8
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_powerpc.deb
          Size/MD5: 28194 d177c4e8a8f4a939978720e52a70f46b
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_powerpc.deb
          Size/MD5: 105318 344134e35b32ee6943a77e4e11dd4d05
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_powerpc.deb
          Size/MD5: 3024388 852ffcf5cfd7fcf2f1f65121f58dced9

    
    



  • Next message: J. Oquendo: "[Full-Disclosure] Re: Cain and Abel"