lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1E8nK0-0007ik-2b@mercury.mandriva.com>
Date: Fri, 26 Aug 2005 17:09:16 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:154 - Updated python packages fix integer overflow vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           python
 Advisory ID:            MDKSA-2005:154
 Date:                   August 26th, 2005

 Affected versions:	 10.0, 10.1, Corporate 3.0,
			 Corporate Server 2.1,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Integer overflow in pcre_compile.c in Perl Compatible Regular
 Expressions (PCRE) before 6.2, as used in multiple products, allows
 attackers to execute arbitrary code via quantifier values in regular
 expressions, which leads to a heap-based buffer overflow.
 
 The python packages use a private copy of pcre code.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 5254d6dd2c29d04b93742943d850d5a6  10.0/RPMS/libpython2.3-2.3.3-2.2.100mdk.i586.rpm
 01e76259abbca381185552182c755ebc  10.0/RPMS/libpython2.3-devel-2.3.3-2.2.100mdk.i586.rpm
 4c0842a0ae3c0d00af9f238aba27b2c6  10.0/RPMS/python-2.3.3-2.2.100mdk.i586.rpm
 fb6a33cc69d04f8edd53ce8026fa1a11  10.0/RPMS/python-base-2.3.3-2.2.100mdk.i586.rpm
 4775225e6c25405c162599ff27391d35  10.0/RPMS/python-docs-2.3.3-2.2.100mdk.i586.rpm
 82530135e527cd8ac99193368a81c3fb  10.0/RPMS/xchat-python-2.0.7-6.1.100mdk.i586.rpm
 917165c654a81f44cc974b0f6adeba35  10.0/RPMS/tkinter-2.3.3-2.2.100mdk.i586.rpm
 06ab77bf8c3a95864d73018485f7a22a  10.0/SRPMS/python-2.3.3-2.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 36deaedf901b5c30f68ba81aef492728  amd64/10.0/RPMS/lib64python2.3-2.3.3-2.2.100mdk.amd64.rpm
 4be95cd1143d2f255b334b43e410e98b  amd64/10.0/RPMS/lib64python2.3-devel-2.3.3-2.2.100mdk.amd64.rpm
 385fbba2bdf856e2acbb186a6977f6f0  amd64/10.0/RPMS/python-2.3.3-2.2.100mdk.amd64.rpm
 bba1e1f45eaa5d557be977fdec1ef752  amd64/10.0/RPMS/python-base-2.3.3-2.2.100mdk.amd64.rpm
 6f9b5d5076ba084325a108df2dd3523f  amd64/10.0/RPMS/python-docs-2.3.3-2.2.100mdk.amd64.rpm
 0466472b41b2fd02802bfc5a3fe5b7a9  amd64/10.0/RPMS/tkinter-2.3.3-2.2.100mdk.amd64.rpm
 06ab77bf8c3a95864d73018485f7a22a  amd64/10.0/SRPMS/python-2.3.3-2.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 0c2619eb2e9864ef420ec89ae78dba12  10.1/RPMS/libpython2.3-2.3.4-6.2.101mdk.i586.rpm
 ed9f6fee4ec8ab8d8e2388f9c92f66ef  10.1/RPMS/libpython2.3-devel-2.3.4-6.2.101mdk.i586.rpm
 e71c5ad5f0718e61c81a93c98667deaf  10.1/RPMS/python-2.3.4-6.2.101mdk.i586.rpm
 4e8831f2dab035e3c67afc53f702108f  10.1/RPMS/python-base-2.3.4-6.2.101mdk.i586.rpm
 7a4822ce3f46a48ead29363f23adfcd5  10.1/RPMS/python-docs-2.3.4-6.2.101mdk.i586.rpm
 6b15b0c9b116db6b38623cb15f868fe6  10.1/RPMS/tkinter-2.3.4-6.2.101mdk.i586.rpm
 b965827276d1efd49fc403dda0df33e8  10.1/SRPMS/python-2.3.4-6.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 a19885472aaa03aad5c3dac1b8d668b4  x86_64/10.1/RPMS/lib64python2.3-2.3.4-6.2.101mdk.x86_64.rpm
 79e3aaa88ec98d9007d20c37cee2cccd  x86_64/10.1/RPMS/lib64python2.3-devel-2.3.4-6.2.101mdk.x86_64.rpm
 2a3eee71bcd5b63fa1cc39775e3d514d  x86_64/10.1/RPMS/python-2.3.4-6.2.101mdk.x86_64.rpm
 318cec7614713c4410393ec50425bebb  x86_64/10.1/RPMS/python-base-2.3.4-6.2.101mdk.x86_64.rpm
 494b1c0a96a211dacfd4f75f803014ae  x86_64/10.1/RPMS/python-docs-2.3.4-6.2.101mdk.x86_64.rpm
 08bfe8c623d71cb66a5d84f5579eeac5  x86_64/10.1/RPMS/tkinter-2.3.4-6.2.101mdk.x86_64.rpm
 b965827276d1efd49fc403dda0df33e8  x86_64/10.1/SRPMS/python-2.3.4-6.2.101mdk.src.rpm

 Multi Network Firewall 2.0:
 12396f1a0b719b02e058926dee6a62c8  mnf/2.0/RPMS/libpython2.3-2.3.3-2.2.M20mdk.i586.rpm
 646799aea341177d9118e55254c2508f  mnf/2.0/RPMS/python-2.3.3-2.2.M20mdk.i586.rpm
 c031bc315c2a580557c5ef970cb9ff42  mnf/2.0/RPMS/python-base-2.3.3-2.2.M20mdk.i586.rpm
 788f1f58cb6efbd1d44fb13df757587f  mnf/2.0/SRPMS/python-2.3.3-2.2.M20mdk.src.rpm

 Corporate Server 2.1:
 5a0c02b33df517b05732d15e52674218  corporate/2.1/RPMS/libpython2.2-2.2.1-14.6.C21mdk.i586.rpm
 d4b45fdea45bcb3997cc33464411c0c5  corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.6.C21mdk.i586.rpm
 dfcd6f26c5d4a2fa9863ff385db02add  corporate/2.1/RPMS/python-2.2.1-14.6.C21mdk.i586.rpm
 b4f8157fd19d0d1a815dda9e46a51cbe  corporate/2.1/RPMS/python-base-2.2.1-14.6.C21mdk.i586.rpm
 9ae1eabfc50a8e142e4f8c71a4942650  corporate/2.1/RPMS/python-docs-2.2.1-14.6.C21mdk.i586.rpm
 fb5201c0f5a7d0c961699c8a11b678a8  corporate/2.1/RPMS/tkinter-2.2.1-14.6.C21mdk.i586.rpm
 4278bc8a7bccc81af2e2a5d3f2ceef75  corporate/2.1/SRPMS/python-2.2.1-14.6.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 0637dd1d56b1325764fb76e7971cb8b8  x86_64/corporate/2.1/RPMS/libpython2.2-2.2.1-14.6.C21mdk.x86_64.rpm
 4d58b57f2084fe45e8eb5f94165b1560  x86_64/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.6.C21mdk.x86_64.rpm
 efb6243e3d36f7efbb49d9aba35da8a7  x86_64/corporate/2.1/RPMS/python-2.2.1-14.6.C21mdk.x86_64.rpm
 cf919649caf1ff241ad7b5bfe1723fcd  x86_64/corporate/2.1/RPMS/python-base-2.2.1-14.6.C21mdk.x86_64.rpm
 349e2813c1646a5b912d15ba9b9a6f9e  x86_64/corporate/2.1/RPMS/python-docs-2.2.1-14.6.C21mdk.x86_64.rpm
 87bb6b2752730ccc16d4f618a8b629e1  x86_64/corporate/2.1/RPMS/tkinter-2.2.1-14.6.C21mdk.x86_64.rpm
 4278bc8a7bccc81af2e2a5d3f2ceef75  x86_64/corporate/2.1/SRPMS/python-2.2.1-14.6.C21mdk.src.rpm

 Corporate 3.0:
 c1f03087db68fdd46699568578f679e3  corporate/3.0/RPMS/libpython2.3-2.3.3-2.2.C30mdk.i586.rpm
 d9944ec5da6e803e7196fa4ec06506c1  corporate/3.0/RPMS/libpython2.3-devel-2.3.3-2.2.C30mdk.i586.rpm
 436fee80f01788313616b284c64b180e  corporate/3.0/RPMS/python-2.3.3-2.2.C30mdk.i586.rpm
 8cdec2971afff4e026b5336ec0a12a1f  corporate/3.0/RPMS/python-base-2.3.3-2.2.C30mdk.i586.rpm
 4dd58a42f994e7745edceb848e0812c6  corporate/3.0/RPMS/python-docs-2.3.3-2.2.C30mdk.i586.rpm
 f0f0f952a3ed0cc942d9876ffdb9c440  corporate/3.0/RPMS/tkinter-2.3.3-2.2.C30mdk.i586.rpm
 8dee233593fd7fc6ae744285b4320018  corporate/3.0/SRPMS/python-2.3.3-2.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 65efa7d72f4691c30e9fd86e6d0c0a56  x86_64/corporate/3.0/RPMS/lib64python2.3-2.3.3-2.2.C30mdk.x86_64.rpm
 0fffd6cb253d54bd263faabc1548a818  x86_64/corporate/3.0/RPMS/lib64python2.3-devel-2.3.3-2.2.C30mdk.x86_64.rpm
 e72ca5e5e4a2613e1c3bd4a58cc706e0  x86_64/corporate/3.0/RPMS/python-2.3.3-2.2.C30mdk.x86_64.rpm
 4c77780c9584fb854820416a3ea8ab75  x86_64/corporate/3.0/RPMS/python-base-2.3.3-2.2.C30mdk.x86_64.rpm
 fb724b4265cc408ec4269d4ad9ed7d91  x86_64/corporate/3.0/RPMS/python-docs-2.3.3-2.2.C30mdk.x86_64.rpm
 c2cbaac05b69747906c545dfd8d88e90  x86_64/corporate/3.0/RPMS/tkinter-2.3.3-2.2.C30mdk.x86_64.rpm
 8dee233593fd7fc6ae744285b4320018  x86_64/corporate/3.0/SRPMS/python-2.3.3-2.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDD6EbmqjQ0CJFipgRAqzZAKC8Ubn0EaxvwoeGoJrh99DQj4qvlgCgt0IM
bj9F1T6InyMbSjwiB3w7/fY=
=fL25
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ