RHSA-2011:0491: python security update

Description

Python is an interpreted, interactive, object-oriented programminglanguage.A flaw was found in the Python urllib and urllib2 libraries where theywould not differentiate between different target URLs when handlingautomatic redirects. This caused Python applications using these modules tofollow any new URL that they understood, including the "file://" URL type.This could allow a remote server to force a local Python application toread a local file instead of the remote one, possibly exposing local filesthat were not meant to be exposed. (CVE-2011-1521)Multiple flaws were found in the Python audioop module. Supplying certaininputs could cause the audioop module to crash or, possibly, executearbitrary code. (CVE-2010-1634, CVE-2010-2089)A race condition was found in the way the Python smtpd module handled newconnections. A remote user could use this flaw to cause a Python scriptusing the smtpd module to terminate. (CVE-2010-3493)An information disclosure flaw was found in the way the PythonCGIHTTPServer module processed certain HTTP GET requests. A remote attackercould use a specially-crafted request to obtain the CGI script's sourcecode. (CVE-2011-1015)A buffer over-read flaw was found in the way the Python Expat parserhandled malformed UTF-8 sequences when processing XML files. Aspecially-crafted XML file could cause Python applications using the PythonExpat parser to crash while parsing the file. (CVE-2009-3720)This update makes Python use the system Expat library rather than its owninternal copy; therefore, users must have the version of Expat shipped withRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720issue.All Python users should upgrade to these updated packages, which containbackported patches to correct these issues.