In association with heise online

31 May 2011, 09:52

Python 2.5.6 fixes medium severity issues

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Python icon For those still running Python 2.5.x, the release of Python 2.5.6 is likely to be the last release of Python 2.5; after October 2011 there will be no more security issues fixed in Python 2.5 and it is recommended that users update to Python 2.7.1, which is the latest version of the current Python 2.x series.

The Python 2.5.6 update fixes a number of medium severity issues. These are a vulnerability to XSS attacks in SimpleHTTPServer, a failure to follow redirections with file: schemes in urllib and urllib2 (CVE-2011-1521), incorrect integer overflow checks (CVE-2010-1634) and a denial of service vulnerability in audioop (CVE-2010-2089).

The issues fixed in 2.5.6 are also due to be fixed in upcoming releases of Python 2.6.7 on 3 June, Python 3.2.1 on June 5 and Python 2.7.2 and 3.1.4 on June 11. Python 2.6.7's release will be security fixes only, while 2.7.2 and 3.1.4 will be more general maintenance releases and 3.2.1 will be the latest in the ongoing development of Python.

Python 2.5.6 is only available to download as source from the announcement page and is licensed under the Python Software Foundation Licence.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit