Bug 446007 - Python Needs an Update
Python Needs an Update
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: python (Show other bugs)
5.1
All Linux
low Severity low
: rc
: ---
Assigned To: James Antill
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-11 16:36 EDT by Jonathan Steffan
Modified: 2009-05-14 23:29 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-14 23:29:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jonathan Steffan 2008-05-11 16:36:09 EDT
Description of problem:
My exact use case is trying to push zope 2.10.6 out to epel5. However, we need
python 2.4.4+. (Yes, I could patch the makefile and likely everything will work)
There are security issues with 2.4.3. Please update to at least 2.4.4 (2.4.5
would be nice.)

Version-Release number of selected component (if applicable):
python-2.4.3-19.el5

How reproducible:
Always

Steps to Reproduce:
1. Install python
2. Try building zope 2.10.6 (and 2.10.5.. unless patched)
  
Actual results:
Fail.

Expected results:
Zope can build without being patched to ignore the python warnings.

Additional info:
Just because my usecase is for zope, this does not mean that the security issues
should not be addressed.

http://www.python.org/download/releases/2.4.4/NEWS.txt has all the stuff that
has been fixed.

http://www.python.org/news/security/PSF-2006-001/
Comment 1 Subhendu Ghosh 2009-05-14 23:29:01 EDT
python-2.4.3-24.el5.x86_64

bash$ rpm -q --changelog python | grep -i cve
- Fix CVE-2007-4965 int-overflow for some image operations
- Fixed bug #208166 / CVE-2006-4980: repr unicode buffer overflow

Security issues are addressed in the Red Hat version by backporting the fixes.


Zope can be easily compiled using the appropriate configure option:

./configure --with-python=/usr/bin/python

running "make test" results in the following:
Total: 6518 tests, 0 failures, 0 errors in 2 minutes 49.169 seconds.

Note You need to log in before you can comment on or make changes to this bug.