lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GXPpQ-0005pv-9O@mercury.mandriva.com>
Date: Tue, 10 Oct 2006 16:12:00 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:181 ] - Updated python packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:181
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : python
 Date    : October 10, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in python's repr() function was discovered by Benjamin
 C. Wiley Sittler.  It was found that the function did not properly
 handle UTF-32/UCS-4 strings, so an application that used repr() on
 certin untrusted data could possibly be exploited to execute arbitrary
 code with the privileges of the user running the python application.

 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 a9eb2b13c925cc7e81dd1ba574d8c4c3  2006.0/i586/libpython2.4-2.4.1-5.1.20060mdk.i586.rpm
 15c9eead6fd85533159526eed7a6b17e  2006.0/i586/libpython2.4-devel-2.4.1-5.1.20060mdk.i586.rpm
 c9fc746fac4125d21b7651043573e4b7  2006.0/i586/python-2.4.1-5.1.20060mdk.i586.rpm
 92c82f611c1ef25ea32dcd08104773af  2006.0/i586/python-base-2.4.1-5.1.20060mdk.i586.rpm
 016687d3639c92954d181a05b0624359  2006.0/i586/python-docs-2.4.1-5.1.20060mdk.i586.rpm
 1d6e5e8f6ce12a7c6e210ab9456f479f  2006.0/i586/tkinter-2.4.1-5.1.20060mdk.i586.rpm 
 0a76a89bc5835828c8219673cbd0b435  2006.0/SRPMS/python-2.4.1-5.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 3bbf6ed37ce7c4e7529f5fc9d17b7291  2006.0/x86_64/lib64python2.4-2.4.1-5.1.20060mdk.x86_64.rpm
 5de894eeb7ec4973bebc25bb1f72d814  2006.0/x86_64/lib64python2.4-devel-2.4.1-5.1.20060mdk.x86_64.rpm
 4db5d1a3e39c3f40c4e5050dba3d918a  2006.0/x86_64/python-2.4.1-5.1.20060mdk.x86_64.rpm
 4a5a6952e53ab7db8fe5c9471aeae89a  2006.0/x86_64/python-base-2.4.1-5.1.20060mdk.x86_64.rpm
 1465a11b9501586f7d9973a2f95fb0cc  2006.0/x86_64/python-docs-2.4.1-5.1.20060mdk.x86_64.rpm
 3ff58332759b527310ed3366bad87f04  2006.0/x86_64/tkinter-2.4.1-5.1.20060mdk.x86_64.rpm 
 0a76a89bc5835828c8219673cbd0b435  2006.0/SRPMS/python-2.4.1-5.1.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 44c48f7600b0f089117a96e5f4357a0c  2007.0/i586/libpython2.4-2.4.3-3.1mdv2007.0.i586.rpm
 a6c07dd5029afd05daf0b5d427f5cef5  2007.0/i586/libpython2.4-devel-2.4.3-3.1mdv2007.0.i586.rpm
 4244b1bbd76123e60f19c75764b00e98  2007.0/i586/python-2.4.3-3.1mdv2007.0.i586.rpm
 0b694e436e0cd6628d7369f41ffa3fd9  2007.0/i586/python-base-2.4.3-3.1mdv2007.0.i586.rpm
 829c1d6b7eb792bcbd3f7ecbe3f972d5  2007.0/i586/python-docs-2.4.3-3.1mdv2007.0.i586.rpm
 48bff204449435e63e9cb24da3f77628  2007.0/i586/tkinter-2.4.3-3.1mdv2007.0.i586.rpm 
 dea3c153d446fb676f7af3ca5c369db3  2007.0/SRPMS/python-2.4.3-3.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 3d068b19380f7fc08adb905186d8ef59  2007.0/x86_64/lib64python2.4-2.4.3-3.1mdv2007.0.x86_64.rpm
 9399b2fbd78929a705d5d8fdeaf660f0  2007.0/x86_64/lib64python2.4-devel-2.4.3-3.1mdv2007.0.x86_64.rpm
 c06b2b6d69781cfd9bd9cb9fae3f8f7f  2007.0/x86_64/python-2.4.3-3.1mdv2007.0.x86_64.rpm
 a7a7ea9f8a6d49f928af411baa3e4087  2007.0/x86_64/python-base-2.4.3-3.1mdv2007.0.x86_64.rpm
 4433860f8f42cab135453a2e8eac3f46  2007.0/x86_64/python-docs-2.4.3-3.1mdv2007.0.x86_64.rpm
 d5d22b53dc48a4150c6d1285f4bb6f33  2007.0/x86_64/tkinter-2.4.3-3.1mdv2007.0.x86_64.rpm 
 dea3c153d446fb676f7af3ca5c369db3  2007.0/SRPMS/python-2.4.3-3.1mdv2007.0.src.rpm

 Corporate 3.0:
 5a2c39e43f59a0e808fdfcec11a843eb  corporate/3.0/i586/libpython2.3-2.3.3-2.3.C30mdk.i586.rpm
 675afdbb8b04974243da9ba7879d901e  corporate/3.0/i586/libpython2.3-devel-2.3.3-2.3.C30mdk.i586.rpm
 e858609c19e443be487eb1d43f874e10  corporate/3.0/i586/python-2.3.3-2.3.C30mdk.i586.rpm
 2836f6544001bfea5d14e8a83c2711fc  corporate/3.0/i586/python-base-2.3.3-2.3.C30mdk.i586.rpm
 de9492862633cf0ca0408c536c618a19  corporate/3.0/i586/python-docs-2.3.3-2.3.C30mdk.i586.rpm
 91e09f9a6d27c0632994bf89a8fb4822  corporate/3.0/i586/tkinter-2.3.3-2.3.C30mdk.i586.rpm 
 39b14fc06738e67295a8e1c5e50e3006  corporate/3.0/SRPMS/python-2.3.3-2.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 604a86031285aa8476f791f4467fda00  corporate/3.0/x86_64/lib64python2.3-2.3.3-2.3.C30mdk.x86_64.rpm
 6cd54d8501656d40c61e2871b3a9e912  corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.3.C30mdk.x86_64.rpm
 a44195d776e49f8a9b509b5012a64071  corporate/3.0/x86_64/python-2.3.3-2.3.C30mdk.x86_64.rpm
 d5833670de0bdad6f6e475c8c7c94340  corporate/3.0/x86_64/python-base-2.3.3-2.3.C30mdk.x86_64.rpm
 f4abca5edfaa50d55f6f728d667affd1  corporate/3.0/x86_64/python-docs-2.3.3-2.3.C30mdk.x86_64.rpm
 9a26abb38c938537832cdd272d02c178  corporate/3.0/x86_64/tkinter-2.3.3-2.3.C30mdk.x86_64.rpm 
 39b14fc06738e67295a8e1c5e50e3006  corporate/3.0/SRPMS/python-2.3.3-2.3.C30mdk.src.rpm

 Corporate 4.0:
 cfe0f9797465852f67e2d478949d302e  corporate/4.0/i586/libpython2.4-2.4.1-5.1.20060mlcs4.i586.rpm
 c14e242aa3ea60dfd6c7ba0524a98d11  corporate/4.0/i586/libpython2.4-devel-2.4.1-5.1.20060mlcs4.i586.rpm
 542595eed49d7a9abf4891f3643ced62  corporate/4.0/i586/python-2.4.1-5.1.20060mlcs4.i586.rpm
 67fdcb87b005d001c04d678416c543a9  corporate/4.0/i586/python-base-2.4.1-5.1.20060mlcs4.i586.rpm
 818e3c1c31594c11a1ae6d93896f4800  corporate/4.0/i586/python-docs-2.4.1-5.1.20060mlcs4.i586.rpm
 f900fb338b7f134ac22dfee88c0fe886  corporate/4.0/i586/tkinter-2.4.1-5.1.20060mlcs4.i586.rpm 
 7b2b6581795c3df4c2f1ee84323599b7  corporate/4.0/SRPMS/python-2.4.1-5.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 9035ef7c55d505b760a793f35bd5a1b9  corporate/4.0/x86_64/lib64python2.4-2.4.1-5.1.20060mlcs4.x86_64.rpm
 1e911935ec4cb22679936deafcef042a  corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.1.20060mlcs4.x86_64.rpm
 1ed352a1529a6776574888b5d8c92767  corporate/4.0/x86_64/python-2.4.1-5.1.20060mlcs4.x86_64.rpm
 c1cd58bb170bea659c1473597390a467  corporate/4.0/x86_64/python-base-2.4.1-5.1.20060mlcs4.x86_64.rpm
 cc941f3e8b7f8bfe90350202fdfde139  corporate/4.0/x86_64/python-docs-2.4.1-5.1.20060mlcs4.x86_64.rpm
 70a8606fa34b86d046a1c2276d46dc30  corporate/4.0/x86_64/tkinter-2.4.1-5.1.20060mlcs4.x86_64.rpm 
 7b2b6581795c3df4c2f1ee84323599b7  corporate/4.0/SRPMS/python-2.4.1-5.1.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 0cd4a9b86999ad5685b4e44ecaad9ed3  mnf/2.0/i586/libpython2.3-2.3.3-2.3.M20mdk.i586.rpm
 c5e4c526e8b32dd61d8153ceaf9be7bf  mnf/2.0/i586/libpython2.3-devel-2.3.3-2.3.M20mdk.i586.rpm
 97943f39f6ffcb1fd9707a8027b1c23f  mnf/2.0/i586/python-2.3.3-2.3.M20mdk.i586.rpm
 974ac1a02271c5e59daf4f978d9d14a1  mnf/2.0/i586/python-base-2.3.3-2.3.M20mdk.i586.rpm
 fb2f664290a9af406af50f2114e7d33c  mnf/2.0/i586/python-docs-2.3.3-2.3.M20mdk.i586.rpm
 5820e40a69985f5d9a7da3c639244c21  mnf/2.0/i586/tkinter-2.3.3-2.3.M20mdk.i586.rpm 
 d4f5afc158538b5424a000ca984aa695  mnf/2.0/SRPMS/python-2.3.3-2.3.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFK+2amqjQ0CJFipgRAjfkAJ9N9WfboDZylSZxAdhxfmfAX6eT8gCgp+Pg
stTAuAjDA3wdTnpp6xQqTFU=
=YVZd
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ