Bug 789790 (CVE-2012-0845)
Summary: | CVE-2012-0845 python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dan Callaghan <dcallagh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dmalcolm, fche, jlieskov, jrusnack, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | python 2.6.8, python 2.7.3, python 3.1.5, python 3.2.3 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-04-11 20:01:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 790027, 790358, 790360, 790366, 805382, 805383, 808303, 808304, 808306 | ||
Bug Blocks: | 790031 |
Description
Dan Callaghan
2012-02-13 01:21:44 UTC
Issue reported upstream as: [1] http://bugs.python.org/issue14001 This issue did NOT affect the versions of the python package, as shipped with Red Hat Enterprise Linux 4 and 5. -- This issue affects the version of the python package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the version of the python26 package, as shipped with Fedora EPEL 5. Please schedule an update once final upstream patch is available. -- This issue affects the versions of the python package, as shipped with Fedora release of 15 and 16. Please schedule an update once final upstream patch is available. -- This issue affects the version of the python3 package, as shipped with Fedora release of 15 and 16. Please schedule an update once final upstream patch is available. -- This issue affects the version of the pypy package, as shipped with Fedora release of 15 and 16. Please schedule an update once final upstream patch is available. CVE request: [2] http://www.openwall.com/lists/oss-security/2012/02/13/3 Created python tracking bugs for this issue Affects: fedora-all [bug 790027] Added CVE CVE-2012-0845 as per http://www.openwall.com/lists/oss-security/2012/02/13/3 Created python3 tracking bugs for this issue Affects: fedora-all [bug 790358] Created python26 tracking bugs for this issue Affects: epel-5 [bug 790360] Created pypy tracking bugs for this issue Affects: fedora-all [bug 790366] Patch for python 2.6: http://hg.python.org/cpython/rev/24244a744d01 Created python tracking bugs for this issue Affects: fedora-all [bug 808303] Created pypy tracking bugs for this issue Affects: fedora-all [bug 808306] Created python3 tracking bugs for this issue Affects: fedora-all [bug 808304] python-2.7.3-3.fc17, python-docs-2.7.3-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. python3-3.2.3-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. python-2.7.3-1.fc16, python-docs-2.7.3-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. python3-3.2.3-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. python26-2.6.8-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0744 https://rhn.redhat.com/errata/RHSA-2012-0744.html python3-3.2.3-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. Fixed upstream in 2.6.8, 2.7.3, 3.1.5, and 3.2.3: http://www.python.org/download/releases/2.6.8/ http://www.python.org/download/releases/2.7.3/ http://www.python.org/download/releases/3.1.5/ http://www.python.org/download/releases/3.2.3/ |