--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 159-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 28th, 2002 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : python
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
Zack Weinberg discovered an insecure use of a temporary file in
os._execvpe from os.py. It uses a predictable name which could lead
execution of arbitrary code.
This problem has been fixed in several versions of Python: For the
current stable distribution (woody) it has been fixed in version
1.5.2-23.1 of Python 1.5, in version 2.1.3-3.1 of Python 2.1 and in
version 2.2.1-4.1 of Python 2.2. For the old stable distribution
(potato) this has been fixed in version 1.5.2-10potato12 for Python
1.5. For the unstable distribution (sid) this has been fixed in
version 1.5.2-24 of Python 1.5, in version 2.1.3-6a of Python 2.1 and
in version 2.2.1-8 of Python 2.2. Python 2.3 is not affected by this
problem.
We recommend that you upgrade your Python packages immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/python/python_1.5.2-10potato12.dsc
Size/MD5 checksum: 814 d4368a244ae130c0a879dc583d74ebb6
http://security.debian.org/pool/updates/main/p/python/python_1.5.2-10potato12.diff.gz
Size/MD5 checksum: 85380 cef4ee264c041385d26a6e7a914f66cf
http://security.debian.org/pool/updates/main/p/python/python_1.5.2.orig.tar.gz
Size/MD5 checksum: 2533053 e9d677ae6d5a3efc6937627ed8a3e752
Alpha architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_alpha.deb
Size/MD5 checksum: 928612 9cbc6a1fc341c7f5668da7f14ddfd336
ARM architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_arm.deb
Size/MD5 checksum: 848442 778e22c98169028d94ba9fe3634dd113
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_i386.deb
Size/MD5 checksum: 825052 a2b34f89248287e5f61e1a9ae051b6ae
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_m68k.deb
Size/MD5 checksum: 837528 550655222273b7ed3b5f19ced5bb35cc
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_powerpc.deb
Size/MD5 checksum: 872370 6e45dfbc1694e89f4707e1803f65943a
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_sparc.deb
Size/MD5 checksum: 854034 3ef80fbe6213c198d713046a4405cdff
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1.dsc
Size/MD5 checksum: 916 59cda94465a7108d34294050e141b0ba
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1.diff.gz
Size/MD5 checksum: 147550 0246bc4b24874e3c0f8b6c6af47b262d
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2.orig.tar.gz
Size/MD5 checksum: 2533570 d9ade0d7613466e0353561d277ff02fe
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1.dsc
Size/MD5 checksum: 1283 2193a191f73cac617edc851ce1dc0874
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1.diff.gz
Size/MD5 checksum: 70192 eacc3d64dd0717ecf47fb2793a6b94c2
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3.orig.tar.gz
Size/MD5 checksum: 6194246 1ae739aa5824de263923df3516eeaf80
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1.dsc
Size/MD5 checksum: 1150 029ee1aa079f8884283d57d765889d37
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1.diff.gz
Size/MD5 checksum: 91682 de92eb806eea24f0a00289a9179cce7a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
Size/MD5 checksum: 6536167 88aa07574673ccfaf35904253c78fc7d
Alpha architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_alpha.deb
Size/MD5 checksum: 993386 157f481ea4625e923668cf5bba1c7fe6
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_alpha.deb
Size/MD5 checksum: 1804142 e02a244d71cfbe2f17c6bdf615c0d75e
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_alpha.deb
Size/MD5 checksum: 2139238 ee19156d488c1362a0035b005b2479f0
ARM architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_arm.deb
Size/MD5 checksum: 893284 b0f4521515c2fe08bddacea2ca58a6f1
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_arm.deb
Size/MD5 checksum: 1646358 5d15c914dd3f0a6839357a40bd3badf7
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_arm.deb
Size/MD5 checksum: 1952280 ec6986def88675cc6c341a10108c4b34
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_i386.deb
Size/MD5 checksum: 865684 475adc23a0cd7b706dfb50bd2beb4a61
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_i386.deb
Size/MD5 checksum: 1592036 643613afe8b24e5cc808cfa6150cd15a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_i386.deb
Size/MD5 checksum: 1888520 99ecda3fff482dfab2fa82b76b382161
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_ia64.deb
Size/MD5 checksum: 1123586 2cdb6a3542e5bfa82fc39a106723643b
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_ia64.deb
Size/MD5 checksum: 2080726 67ad0753eb9b7f55b990889f1c5eea9f
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_ia64.deb
Size/MD5 checksum: 2489592 239f5616f5a86868ba62015c689c6275
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_hppa.deb
Size/MD5 checksum: 983136 caeb47a59a4b94c21b3e3bab307a6c90
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_hppa.deb
Size/MD5 checksum: 1832554 1678109725d49f26cdf20c027ce422c5
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_hppa.deb
Size/MD5 checksum: 2356270 4ac290e72d4fc1a78f7a77932941592c
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_m68k.deb
Size/MD5 checksum: 880018 83124846ed4bfb1752a79bcf8294c916
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_m68k.deb
Size/MD5 checksum: 1608626 163fb049f8c148913431b10e69cdd375
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_m68k.deb
Size/MD5 checksum: 1894116 4133331c9f92c4ba241fbdf4ed96dff9
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_mips.deb
Size/MD5 checksum: 893178 b47d25d678a577de7b514cab6c0f1740
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_mips.deb
Size/MD5 checksum: 1661130 3d49c465ab6ed149e1f4edd6ef2321e1
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_mips.deb
Size/MD5 checksum: 1952404 35602b09e79c12d25de7f72d086b644b
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_mipsel.deb
Size/MD5 checksum: 890722 dc11adcbff392676648f0a32c5edd32c
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_mipsel.deb
Size/MD5 checksum: 1657780 a47a8747ddaaf7b47a5da069c0cc52b9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_mipsel.deb
Size/MD5 checksum: 1947456 45dd211da13ae341437792454afa6f97
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_powerpc.deb
Size/MD5 checksum: 913346 bbfa7acdd1aa2fd2adf659d2ff6ce00b
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_powerpc.deb
Size/MD5 checksum: 1681090 baad001f04c58c6da323ff6c792ba6ea
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_powerpc.deb
Size/MD5 checksum: 1998924 c5de693417d368a11799adfdf16e7c44
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_s390.deb
Size/MD5 checksum: 897040 1586ac7fbec0d26cc32e7d63f05871ce
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_s390.deb
Size/MD5 checksum: 1647884 0c2674c851a48a2a661a78bd8aa19ca6
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_s390.deb
Size/MD5 checksum: 1929404 c20cbef3977c245f01ee9cf393b9b9b8
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_sparc.deb
Size/MD5 checksum: 962856 dcdc974bf2301783ef2ab88b0062b246
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_sparc.deb
Size/MD5 checksum: 1730870 292b2edf57377e5d43c6d2c4a57db1ae
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_sparc.deb
Size/MD5 checksum: 2036542 5ff3106c8145ab392e0125f00dbff499
Please note that python source package produces more binary packages
than the ones listed above, which are note relevant for the fixed
problems, though.
These files will probably be moved into the stable distribution on
its next revision.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9bLS5W5ql+IAeqTIRAk8UAJ0azNK3gS9e/vSLTtQiPQ9UAzANfwCeON1Q
q05uIteUt1rQaEKqo1RbTro=
=c0TY
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--- End Message ---