Security update for Python
SUSE Security Update: Security update for Python
The following issues have been fixed in this update:
* hash randomization issues (CVE-2012-115) (see below)
* SimpleHTTPServer XSS (CVE-2011-1015)
* SSL BEAST vulnerability (CVE-2011-3389)
The hash randomization fix is by default disabled to keep
compatibility with existing python code when it extracts
hashes.
To enable the hash seed randomization you can either use:
* pass -R to the python interpreter commandline.
* set the environment variable PYTHONHASHSEED=random to
enable it for programs. You can also set this environment
variable to a fixed hash seed by specifying a integer value
between 0 and MAX_UINT.
In generally enabling this is only needed when malicious
third parties can inject values into your hash tables.
Security Issue reference:
* CVE-2012-1150
>
Announcement ID: | SUSE-SU-2012:0565-1 |
Rating: | moderate |
References: | #751718 #752375 #754677 |
Affected Products: |
An update that solves one vulnerability and has two fixes is now available.
Description:
The following issues have been fixed in this update:
* hash randomization issues (CVE-2012-115) (see below)
* SimpleHTTPServer XSS (CVE-2011-1015)
* SSL BEAST vulnerability (CVE-2011-3389)
The hash randomization fix is by default disabled to keep
compatibility with existing python code when it extracts
hashes.
To enable the hash seed randomization you can either use:
* pass -R to the python interpreter commandline.
* set the environment variable PYTHONHASHSEED=random to
enable it for programs. You can also set this environment
variable to a fixed hash seed by specifying a integer value
between 0 and MAX_UINT.
In generally enabling this is only needed when malicious
third parties can inject values into your hash tables.
Security Issue reference:
* CVE-2012-1150
Package List:
- SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):
- python-2.4.2-18.41.2
- python-curses-2.4.2-18.41.2
- python-demo-2.4.2-18.41.2
- python-devel-2.4.2-18.41.2
- python-gdbm-2.4.2-18.41.2
- python-idle-2.4.2-18.41.2
- python-tk-2.4.2-18.41.2
- python-xml-2.4.2-18.41.2
- SUSE Linux Enterprise Server 10 SP4 (s390x x86_64):
- python-32bit-2.4.2-18.41.2
- SUSE Linux Enterprise Server 10 SP4 (noarch):
- python-doc-2.4.2-18.41.3
- python-doc-pdf-2.4.2-18.41.3
- SUSE Linux Enterprise Server 10 SP4 (ia64):
- python-x86-2.4.2-18.41.2
- SUSE Linux Enterprise Server 10 SP4 (ppc):
- python-64bit-2.4.2-18.41.2
- SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):
- python-2.4.2-18.41.2
- python-curses-2.4.2-18.41.2
- python-devel-2.4.2-18.41.2
- python-gdbm-2.4.2-18.41.2
- python-tk-2.4.2-18.41.2
- python-xml-2.4.2-18.41.2
- SUSE Linux Enterprise Desktop 10 SP4 (x86_64):
- python-32bit-2.4.2-18.41.2
- SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):
- python-demo-2.4.2-18.41.2
- python-devel-2.4.2-18.41.2
- python-idle-2.4.2-18.41.2
- SLE SDK 10 SP4 (noarch):
- python-doc-2.4.2-18.41.3
- python-doc-pdf-2.4.2-18.41.3
References:
- http://support.novell.com/security/cve/CVE-2012-1150.html
- https://bugzilla.novell.com/751718
- https://bugzilla.novell.com/752375
- https://bugzilla.novell.com/754677
- http://download.suse.com/patch/finder/?keywords=8cae90c294b192a41f5e7816dbad3991