- Home
- CVEs with nessus.description==This update to python 2.6.8 fixes the following bugs, among others :
- XMLRPC Server DoS. (CVE-2012-0845, bnc#747125)
- hash randomization issues. (CVE-2012-1150, bnc#751718)
- insecure creation of .pypirc. (CVE-2011-4944, bnc#754447)
- SimpleHTTPServer XSS. (CVE-2011-1015, bnc#752375)
- functions can accept unicode kwargs. (bnc#744287)
- python MainThread lacks ident. (bnc#754547)
- TypeError: waitpid() takes no keyword arguments.
(bnc#751714)
- Source code exposure in CGIHTTPServer module.
(CVE-2011-1015, bnc#674646)
- Insecure redirect processing in urllib2 (CVE-2011-1521, bnc#682554) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes.
To enable the hash seed randomization you can use: - pass -R to the python interpreter commandline. - set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT.
In generally enabling this is only needed when malicious third parties can inject values into your hash tables.
The update to 2.6.8 also provides many compatibility fixes with OpenStack.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top