Bulletin d'alerte Debian
DSA-666-1 python2.2 -- Défaut de conception
- Date du rapport :
- 4 février 2005
- Paquets concernés :
- python2.2
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le dictionnaire CVE du Mitre : CVE-2005-0089.
- Plus de précisions :
-
L'équipe de développement de Python a découvert un défaut dans son paquet principal. Le module de la bibliothèque SimpleXMLRPCServer pouvait permettre aux attaquants distants d'accéder au contenu de l'objet enregistré, ou à son module, ou même à d'autres modules. Le défaut touche uniquement les serveurs XML-RPC en Python qui utilisent la méthode register_instance() pour enregistrer un objet sans une méthode du type _dispatch(). Les serveurs utilisant uniquement register_function() ne sont pas touchés.
Pour l'actuelle distribution stable (Woody), ce problème a été corrigé dans la version 2.2.1-4.7. Aucune autre version de Python présente dans Woody n'est touchée.
Pour les distributions de test (Sarge) et instable (Sid), le tableau suivant explique pour chaque version touchée quelle version contiendra la correction :
testing instable Python 2.2 2.2.3-14 2.2.3-14 Python 2.3 2.3.4-20 2.3.4+2.3.5c1-2 Python 2.4 2.4-5 2.4-5 Nous vous recommandons de mettre à jour vos paquets Python.
- Corrigé dans :
-
Debian GNU/Linux 3.0 (woody)
- Source :
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.dsc
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.diff.gz
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.diff.gz
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.7_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.7_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.7_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.7_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.7_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.