[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JEYDw-0004jQ-4X@artemis.annvix.ca>
Date: Mon, 14 Jan 2008 15:56:08 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:012 ] - Updated python packages fix
vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:012
http://www.mandriva.com/security/
_______________________________________________________________________
Package : python
Date : January 14, 2008
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
An integer overflow flaw was discovered in how python's pcre module
handled certain regular expressions. If a python application using the
pcre module were to compile and execute untrusted regular expressions,
it could possibly lead to an application crash or the excution
of arbitrary code with the privileges of the python interpreter
(CVE-2006-7228).
Multiple integer overflows were found in python's imageop module.
If an application written in python used the imageop module to
process untrusted images, it could cause the application to crash,
enter an infinite loop, or possibly execute arbitrary code with the
privileges of the python interpreter (CVE-2007-4965).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
6c3c9196c69a9590c2337ec47b812512 corporate/3.0/i586/libpython2.3-2.3.3-2.5.C30mdk.i586.rpm
633d4e1b82ffb0bab95dbad17c8658c7 corporate/3.0/i586/libpython2.3-devel-2.3.3-2.5.C30mdk.i586.rpm
2437c3ef65df378ea6b91e18515e31a5 corporate/3.0/i586/python-2.3.3-2.5.C30mdk.i586.rpm
4cbdfcb886ccfea966976a0e8b45eed7 corporate/3.0/i586/python-base-2.3.3-2.5.C30mdk.i586.rpm
2b0da1499ae353820f062b2566964c56 corporate/3.0/i586/python-docs-2.3.3-2.5.C30mdk.i586.rpm
9cfe879d13ca873e5b3f925e01afe738 corporate/3.0/i586/tkinter-2.3.3-2.5.C30mdk.i586.rpm
d45b5129aa7e97f4b486a2b54e2b10e0 corporate/3.0/SRPMS/python-2.3.3-2.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
58eb34e9829788ee0d0c9a2aca9d9b4d corporate/3.0/x86_64/lib64python2.3-2.3.3-2.5.C30mdk.x86_64.rpm
a7c01d1746edbf260c67c982d62ab5f8 corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.5.C30mdk.x86_64.rpm
e5e3cd26caee40c1a89896b3dd99f183 corporate/3.0/x86_64/python-2.3.3-2.5.C30mdk.x86_64.rpm
250e98c26995e58d5c074b483bc5168b corporate/3.0/x86_64/python-base-2.3.3-2.5.C30mdk.x86_64.rpm
d3763c75ed560b944f2900ec27fc3a24 corporate/3.0/x86_64/python-docs-2.3.3-2.5.C30mdk.x86_64.rpm
aefa7c0274efa2d0c4d546b88940f7d0 corporate/3.0/x86_64/tkinter-2.3.3-2.5.C30mdk.x86_64.rpm
d45b5129aa7e97f4b486a2b54e2b10e0 corporate/3.0/SRPMS/python-2.3.3-2.5.C30mdk.src.rpm
Multi Network Firewall 2.0:
f431a6aadd0f4e952c4b0515bbd21d9e mnf/2.0/i586/libpython2.3-2.3.3-2.5.M20mdk.i586.rpm
ed3b1c628b9165e1562e56b91c8762b2 mnf/2.0/i586/libpython2.3-devel-2.3.3-2.5.M20mdk.i586.rpm
fa2bc6f689c780f406a5eb7a035d3d51 mnf/2.0/i586/python-2.3.3-2.5.M20mdk.i586.rpm
a6a3082c9a938ae17ac55a90e1f34159 mnf/2.0/i586/python-base-2.3.3-2.5.M20mdk.i586.rpm
aa492f1068bdaeaa07450844a36e53f0 mnf/2.0/i586/python-docs-2.3.3-2.5.M20mdk.i586.rpm
69e1686a9dcc20bd77e2925b2fc9f4ca mnf/2.0/i586/tkinter-2.3.3-2.5.M20mdk.i586.rpm
b4f010845985ce30fd8eef89d348f61f mnf/2.0/SRPMS/python-2.3.3-2.5.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHi79lmqjQ0CJFipgRAubYAKCZBEYNbwsnhywcAm7zAiQL61MyvQCg1DOd
Xr5C7PIEgYrp28fE1yD4TzE=
=tyfR
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists