-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  Python SimpleXMLRPCServer module (SSA:2005-111-02)

New Python packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
and -current to fix a security issue in the SimpleXMLRPCServer library
module.


Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
patches/packages/python-2.4.1-i486-1.tgz:  Upgraded to python-2.4.1.
  From the python.org site:  "The Python development team has discovered a flaw
  in the SimpleXMLRPCServer library module which can give remote attackers  access to internals of the registered object or its module or possibly other
  modules. The flaw only affects Python XML-RPC servers that use the
  register_instance() method to register an object without a _dispatch()
  method. Servers using only register_function() are not affected."
  For more details, see:
    https://www.python.org/blogs/
  (* Security fix *)
patches/packages/python-demo-2.4.1-noarch-1.tgz:  Upgraded to python-2.4.1
  demos.
patches/packages/python-tools-2.4.1-noarch-1.tgz:  Upgraded to python-2.4.1
  tools.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/python-2.2.3-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/python-2.2.3-i386-1.tgz

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-2.3.5-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-demo-2.3.5-noarch-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-tools-2.3.5-noarch-1.tgz

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/python-2.3.5-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/python-demo-2.3.5-noarch-1.tgz

Updated packages for Slackware 10.1:

Updated packages for Slackware -current:


MD5 signatures:
+-------------+

Slackware 8.1 package:
b90d20f1c90a39407fae3346e17befd0  python-2.2.3-i386-1.tgz

Slackware 9.0 package:
fb39a3367b130440b5f8a64c3468eec2  python-2.2.3-i386-1.tgz

Slackware 9.1 packages:
897fe07abe99fc1f1a4095cacecd697f  python-2.3.5-i486-1.tgz
34a3cd2b3fe85810964a13fce7c5d9fc  python-demo-2.3.5-noarch-1.tgz
c48b074dcf6a76818e181764ce7e41ee  python-tools-2.3.5-noarch-1.tgz

Slackware 10.0 packages:
11c483e44089d7aae954c62eada1108c  python-2.3.5-i486-1.tgz
b1dbd8eeca44c048dd83f505b2c69fdb  python-demo-2.3.5-noarch-1.tgz
554e9cc2cb5c3f9d02cb57ee07025681  python-tools-2.3.5-noarch-1.tgz

Slackware 10.1 packages:
b78837244ef3c145cb9c354729d2954f  python-2.4.1-i486-1.tgz
83b8a735c638a64f0f348a95fd58847a  python-demo-2.4.1-noarch-1.tgz
83f0b4a65b44de14e475faa4087e5268  python-tools-2.4.1-noarch-1.tgz

Slackware -current packages:
7b2695497611d592ca756a074084bcbc  python-2.4.1-i486-1.tgz
81f77f0063c79aa9cb78c7d03c2a762b  python-demo-2.4.1-noarch-1.tgz
4008585cd345feb544de5ffae574a449  python-tools-2.4.1-noarch-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg python-2.4.1-i486-1.tgz python-demo-2.4.1-noarch-1.tgz python-tools-2.4.1-noarch-1.tgz


+-----+

Slackware: 2005-111-02: Python SimpleXMLRPCServer module Security Update

April 22, 2005
New Python packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue in the SimpleXMLRPCServer library module

Summary

Here are the details from the Slackware 10.1 ChangeLog: patches/packages/python-2.4.1-i486-1.tgz: Upgraded to python-2.4.1. From the python.org site: "The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC servers that use the register_instance() method to register an object without a _dispatch() method. Servers using only register_function() are not affected." For more details, see: https://www.python.org/blogs/ (* Security fix *) patches/packages/python-demo-2.4.1-noarch-1.tgz: Upgraded to python-2.4.1 demos. patches/packages/python-tools-2.4.1-noarch-1.tgz: Upgraded to python-2.4.1 tools.

Where Find New Packages

Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/python-2.2.3-i386-1.tgz
Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/python-2.2.3-i386-1.tgz
Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-2.3.5-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-demo-2.3.5-noarch-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/python-tools-2.3.5-noarch-1.tgz
Updated packages for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/python-2.3.5-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/python-demo-2.3.5-noarch-1.tgz
Updated packages for Slackware 10.1:
Updated packages for Slackware -current:

MD5 Signatures

Slackware 8.1 package: b90d20f1c90a39407fae3346e17befd0 python-2.2.3-i386-1.tgz
Slackware 9.0 package: fb39a3367b130440b5f8a64c3468eec2 python-2.2.3-i386-1.tgz
Slackware 9.1 packages: 897fe07abe99fc1f1a4095cacecd697f python-2.3.5-i486-1.tgz 34a3cd2b3fe85810964a13fce7c5d9fc python-demo-2.3.5-noarch-1.tgz c48b074dcf6a76818e181764ce7e41ee python-tools-2.3.5-noarch-1.tgz
Slackware 10.0 packages: 11c483e44089d7aae954c62eada1108c python-2.3.5-i486-1.tgz b1dbd8eeca44c048dd83f505b2c69fdb python-demo-2.3.5-noarch-1.tgz 554e9cc2cb5c3f9d02cb57ee07025681 python-tools-2.3.5-noarch-1.tgz
Slackware 10.1 packages: b78837244ef3c145cb9c354729d2954f python-2.4.1-i486-1.tgz 83b8a735c638a64f0f348a95fd58847a python-demo-2.4.1-noarch-1.tgz 83f0b4a65b44de14e475faa4087e5268 python-tools-2.4.1-noarch-1.tgz
Slackware -current packages: 7b2695497611d592ca756a074084bcbc python-2.4.1-i486-1.tgz 81f77f0063c79aa9cb78c7d03c2a762b python-demo-2.4.1-noarch-1.tgz 4008585cd345feb544de5ffae574a449 python-tools-2.4.1-noarch-1.tgz

Severity
[slackware-security] Python SimpleXMLRPCServer module (SSA:2005-111-02)
New Python packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue in the SimpleXMLRPCServer library module.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg python-2.4.1-i486-1.tgz python-demo-2.4.1-noarch-1.tgz python-tools-2.4.1-noarch-1.tgz

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved