Python is an interpreted, interactive, object-oriented programminglanguage.It was found that many applications embedding the Python interpreter didnot specify a valid full path to the script or application when calling thePySys_SetArgv API function, which could result in the addition of thecurrent working directory to the module search path (sys.path). A localattacker able to trick a victim into running such an application in anattacker-controlled directory could use this flaw to execute code with thevictim's privileges. This update adds the PySys_SetArgvEx API. Developerscan modify their applications to use this new API, which sets sys.argvwithout modifying sys.path. (CVE-2008-5983)Multiple flaws were found in the Python rgbimg module. If an applicationwritten in Python was using the rgbimg module and loaded aspecially-crafted SGI image file, it could cause the application to crashor, possibly, execute arbitrary code with the privileges of the userrunning the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)Multiple flaws were found in the Python audioop module. Supplying certaininputs could cause the audioop module to crash or, possibly, executearbitrary code. (CVE-2010-1634, CVE-2010-2089)This update also fixes the following bugs: ValueError: filedescriptor out of range in select()This was due to the subprocess module using the "select" system call. Themodule now uses the "poll" system call, removing this limitation.(BZ#609020)As well, this update adds the following enhancements:All Python users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues and add theseenhancements.