Debian-Sicherheitsankündigung

DSA-666-1 python2.2 -- Design-Fehler

Datum des Berichts:
04. Feb 2005
Betroffene Pakete:
python2.2
Verwundbar:
Ja
Sicherheitsdatenbanken-Referenzen:
In Mitres CVE-Verzeichnis: CVE-2005-0089.
Weitere Informationen:

Das Python-Entwicklungsteam hat einen Fehler in ihrem Sprachpaket entdeckt. Das Bibliotheksmodul SimpleXMLRPCServer ermöglicht entfernten Angreifern ungewollt den Zugriff auf Interna des registrierten Objekts und dessen Modul sowie möglicherweise anderen Modulen. Dieser Fehler betrifft lediglich Python-XML-RPC-Server, die die Methode register_instance() zur Registrierung eines Objekts ohne eine _dispatch()-Methode benutzen. Server, die nur register_function() verwenden, sind nicht betroffen.

Für die Stable-Distribution (Woody) wurde dieses Problem in Version 2.2.1-4.7 behoben. Es ist keine weitere Version von Python in Woody betroffen.

Für die Testing- (Sarge) und Unstable-Distributionen (Sid) erklärt die folgende Matrix, welche Version die Korrektur in der jeweiligen Version enthält.

  testing unstable
Python 2.2 2.2.3-14 2.2.3-14
Python 2.3 2.3.4-20 2.3.4+2.3.5c1-2
Python 2.4 2.4-5 2.4-5

Wir empfehlen Ihnen, Ihre Python-Pakete zu aktualisieren.

Behoben in:

Debian GNU/Linux 3.0 (woody)

Quellcode:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.dsc
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.diff.gz
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
Architektur-unabhängige Dateien:
http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.7_all.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.7_all.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.7_all.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.7_all.deb
Alpha:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_alpha.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_alpha.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_alpha.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_alpha.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_alpha.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_arm.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_arm.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_arm.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_arm.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_arm.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_i386.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_i386.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_i386.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_i386.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_i386.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_ia64.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_ia64.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_ia64.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_ia64.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_ia64.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_hppa.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_hppa.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_hppa.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_hppa.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_hppa.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_m68k.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_m68k.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_m68k.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_m68k.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_m68k.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mips.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mips.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mips.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mips.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mips.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mipsel.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mipsel.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mipsel.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mipsel.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mipsel.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_powerpc.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_powerpc.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_powerpc.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_powerpc.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_powerpc.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_s390.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_s390.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_s390.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_s390.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_s390.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_sparc.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_sparc.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_sparc.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_sparc.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_sparc.deb
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.