RHSA-2011:0554: python security, bug fix, and enhancement update

Description

Python is an interpreted, interactive, object-oriented programminglanguage.A flaw was found in the Python urllib and urllib2 libraries where theywould not differentiate between different target URLs when handlingautomatic redirects. This caused Python applications using these modules tofollow any new URL that they understood, including the "file://" URL type.This could allow a remote server to force a local Python application toread a local file instead of the remote one, possibly exposing local filesthat were not meant to be exposed. (CVE-2011-1521)A race condition was found in the way the Python smtpd module handled newconnections. A remote user could use this flaw to cause a Python scriptusing the smtpd module to terminate. (CVE-2010-3493)An information disclosure flaw was found in the way the PythonCGIHTTPServer module processed certain HTTP GET requests. A remote attackercould use a specially-crafted request to obtain the CGI script's sourcecode. (CVE-2011-1015)This erratum also upgrades Python to upstream version 2.6.6, and includes anumber of bug fixes and enhancements. Documentation for these bug fixesand enhancements is available from the Technical Notes document, linked toin the References section.All users of Python are advised to upgrade to these updated packages, whichcorrect these issues, and fix the bugs and add the enhancements noted inthe Technical Notes.