lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HlZKq-0000me-6O@artemis.annvix.ca>
Date: Tue, 08 May 2007 17:43:12 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:099 ] - Updated python packages fix
	vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:099
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : python
 Date    : May 8, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 An off-by-one error was discovered in the PyLocale_strxfrm function
 in Python 2.4 and 2.5 that could allow context-dependent attackers
 the ability to read portions of memory via special manipulations that
 trigger a buffer over-read due to missing null termination.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 fe74992a7b6f6e6831ad12a4ddf1efab  2007.0/i586/libpython2.4-2.4.3-3.2mdv2007.0.i586.rpm
 486ad94946de0c154806149e32fc5377  2007.0/i586/libpython2.4-devel-2.4.3-3.2mdv2007.0.i586.rpm
 06da4fbb8161ad8d2d041a765c9bd3a4  2007.0/i586/python-2.4.3-3.2mdv2007.0.i586.rpm
 e2b9a0e926a031064c679f96ab56a549  2007.0/i586/python-base-2.4.3-3.2mdv2007.0.i586.rpm
 69662a908b2b58e7566775e33c0f7c04  2007.0/i586/python-docs-2.4.3-3.2mdv2007.0.i586.rpm
 05e7ec9f4c6e8ac87300bcaad74e88c7  2007.0/i586/tkinter-2.4.3-3.2mdv2007.0.i586.rpm 
 2e8ead2656b638871f73330c544a5359  2007.0/SRPMS/python-2.4.3-3.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 512d998bab61c40a8258ad88fc5ba01e  2007.0/x86_64/lib64python2.4-2.4.3-3.2mdv2007.0.x86_64.rpm
 a3c06fa92f8f122591e71af4c1560a2f  2007.0/x86_64/lib64python2.4-devel-2.4.3-3.2mdv2007.0.x86_64.rpm
 a8a6809b466a84f0b9a3b54f118b4cc4  2007.0/x86_64/python-2.4.3-3.2mdv2007.0.x86_64.rpm
 66a8d0ec2bcf38269f9e8b7680834ed8  2007.0/x86_64/python-base-2.4.3-3.2mdv2007.0.x86_64.rpm
 1008036e8043cc5a6a16692f727962b1  2007.0/x86_64/python-docs-2.4.3-3.2mdv2007.0.x86_64.rpm
 64f804575b72200ce7a0e63bbe48a603  2007.0/x86_64/tkinter-2.4.3-3.2mdv2007.0.x86_64.rpm 
 2e8ead2656b638871f73330c544a5359  2007.0/SRPMS/python-2.4.3-3.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 48e57e010f2c6d4bc40e8ab694f36227  2007.1/i586/libpython2.5-2.5-4.1mdv2007.1.i586.rpm
 e349b0a6060e9a884b635cdc5eea1aa1  2007.1/i586/libpython2.5-devel-2.5-4.1mdv2007.1.i586.rpm
 7d4a063c40b0974328294c6c38a49301  2007.1/i586/python-2.5-4.1mdv2007.1.i586.rpm
 7731c37d3e20151bd5e3558a151027de  2007.1/i586/python-base-2.5-4.1mdv2007.1.i586.rpm
 8bf51da0f03fd148480bbf0a06498aac  2007.1/i586/python-docs-2.5-4.1mdv2007.1.i586.rpm
 7314c9500b0e494f3d8cd3204f1fbb0e  2007.1/i586/tkinter-2.5-4.1mdv2007.1.i586.rpm 
 9aee44decebb69373673aa4b31f2bfef  2007.1/SRPMS/python-2.5-4.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 37f375c1ceef5fe9182a2e293dd35cc2  2007.1/x86_64/lib64python2.5-2.5-4.1mdv2007.1.x86_64.rpm
 864eb9b480c4961252f8c1ee954a088e  2007.1/x86_64/lib64python2.5-devel-2.5-4.1mdv2007.1.x86_64.rpm
 c01eaebf2839c29f14b9c1a24897a47e  2007.1/x86_64/python-2.5-4.1mdv2007.1.x86_64.rpm
 00fdd58a1aaf31c3745e2a62bd4cf67d  2007.1/x86_64/python-base-2.5-4.1mdv2007.1.x86_64.rpm
 1d6f01a7176b1a7f0f93decc61767b70  2007.1/x86_64/python-docs-2.5-4.1mdv2007.1.x86_64.rpm
 c32da2ed04805eac862afc9f6ba82779  2007.1/x86_64/tkinter-2.5-4.1mdv2007.1.x86_64.rpm 
 9aee44decebb69373673aa4b31f2bfef  2007.1/SRPMS/python-2.5-4.1mdv2007.1.src.rpm

 Corporate 3.0:
 22141898464fda308a2f91516e1426cb  corporate/3.0/i586/libpython2.3-2.3.3-2.4.C30mdk.i586.rpm
 0f112257db4e383b87e0d9a30ea44d3f  corporate/3.0/i586/libpython2.3-devel-2.3.3-2.4.C30mdk.i586.rpm
 c13b11f924c8586b7a9a113597094d26  corporate/3.0/i586/python-2.3.3-2.4.C30mdk.i586.rpm
 74bb3c949621a653976fae5fe3d3a479  corporate/3.0/i586/python-base-2.3.3-2.4.C30mdk.i586.rpm
 121571a9f17d42f84489fa5f59f92d15  corporate/3.0/i586/python-docs-2.3.3-2.4.C30mdk.i586.rpm
 2a4bb4733f6b08ab310cdfe709222c57  corporate/3.0/i586/tkinter-2.3.3-2.4.C30mdk.i586.rpm 
 410c1764fce544f9d6928b4277d4eb0a  corporate/3.0/SRPMS/python-2.3.3-2.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 0bacb2fc09a53bd79b3ca5a7e1466293  corporate/3.0/x86_64/lib64python2.3-2.3.3-2.4.C30mdk.x86_64.rpm
 7b16e0f0487b3f2b8df9d5466235d762  corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.4.C30mdk.x86_64.rpm
 788307fb0fc1210e21f5101d833c7e06  corporate/3.0/x86_64/python-2.3.3-2.4.C30mdk.x86_64.rpm
 22876f4caaba1b887a6f91fc42e7dc82  corporate/3.0/x86_64/python-base-2.3.3-2.4.C30mdk.x86_64.rpm
 241da835482fc4d3662760f54c3ee60b  corporate/3.0/x86_64/python-docs-2.3.3-2.4.C30mdk.x86_64.rpm
 5494ce601d236eeba65cae815dfff20d  corporate/3.0/x86_64/tkinter-2.3.3-2.4.C30mdk.x86_64.rpm 
 410c1764fce544f9d6928b4277d4eb0a  corporate/3.0/SRPMS/python-2.3.3-2.4.C30mdk.src.rpm

 Corporate 4.0:
 6a896ef81fbf3575160141f4957bc562  corporate/4.0/i586/libpython2.4-2.4.1-5.2.20060mlcs4.i586.rpm
 77fcfe6d35783de11d215c756655967d  corporate/4.0/i586/libpython2.4-devel-2.4.1-5.2.20060mlcs4.i586.rpm
 670254207d969b1ea7941d3af74a92f3  corporate/4.0/i586/python-2.4.1-5.2.20060mlcs4.i586.rpm
 7a3d1475a93f18cc39e6d40d6b11ed00  corporate/4.0/i586/python-base-2.4.1-5.2.20060mlcs4.i586.rpm
 9b1a19d23ef58cf8bac99777d32a81e4  corporate/4.0/i586/python-docs-2.4.1-5.2.20060mlcs4.i586.rpm
 8cac9fb2582c7829c5dc0f63e850de79  corporate/4.0/i586/tkinter-2.4.1-5.2.20060mlcs4.i586.rpm 
 c93d08d3be64f3296a6002dd18162bf7  corporate/4.0/SRPMS/python-2.4.1-5.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 12e5b0f59a6b5f13d94cabd7daa72398  corporate/4.0/x86_64/lib64python2.4-2.4.1-5.2.20060mlcs4.x86_64.rpm
 1c16599348b73153c9085d15b6242ed5  corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.2.20060mlcs4.x86_64.rpm
 182624751d942ffcc4707d54828d8be0  corporate/4.0/x86_64/python-2.4.1-5.2.20060mlcs4.x86_64.rpm
 5c8f306b3d864db59e3e5ea4bf9cb762  corporate/4.0/x86_64/python-base-2.4.1-5.2.20060mlcs4.x86_64.rpm
 6211da765373858436fe62a318aa1666  corporate/4.0/x86_64/python-docs-2.4.1-5.2.20060mlcs4.x86_64.rpm
 805952c88f6b51596be704f7d68a401b  corporate/4.0/x86_64/tkinter-2.4.1-5.2.20060mlcs4.x86_64.rpm 
 c93d08d3be64f3296a6002dd18162bf7  corporate/4.0/SRPMS/python-2.4.1-5.2.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 2d3ec003329f84d36fd6cf64c3e3ccc5  mnf/2.0/i586/libpython2.3-2.3.3-2.4.M20mdk.i586.rpm
 116908107bda1a9940ccc34e0f34cd19  mnf/2.0/i586/libpython2.3-devel-2.3.3-2.4.M20mdk.i586.rpm
 f94e5be67c898f21384411738f3bfe13  mnf/2.0/i586/python-2.3.3-2.4.M20mdk.i586.rpm
 0647fb2e63071375d64e5eb964f1a22c  mnf/2.0/i586/python-base-2.3.3-2.4.M20mdk.i586.rpm
 cb6386daf24ae543ba84b774971676e0  mnf/2.0/i586/python-docs-2.3.3-2.4.M20mdk.i586.rpm
 70775ea2a5c73577a015c80179b694d0  mnf/2.0/i586/tkinter-2.3.3-2.4.M20mdk.i586.rpm 
 7dedeefe7a1d7a1ff337bb8a5927960f  mnf/2.0/SRPMS/python-2.3.3-2.4.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGQN+BmqjQ0CJFipgRArIbAKCLNrYWFLCeZJXc70zI0UtYNowbawCfSAzT
53lNoS58O0jjxWqTHqmbzjA=
=tPEF
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ