lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JEYDw-0004jQ-4X@artemis.annvix.ca>
Date: Mon, 14 Jan 2008 15:56:08 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:012 ] - Updated python packages fix
	vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:012
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : python
 Date    : January 14, 2008
 Affected: Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 An integer overflow flaw was discovered in how python's pcre module
 handled certain regular expressions.  If a python application using the
 pcre module were to compile and execute untrusted regular expressions,
 it could possibly lead to an application crash or the excution
 of arbitrary code with the privileges of the python interpreter
 (CVE-2006-7228).
 
 Multiple integer overflows were found in python's imageop module.
 If an application written in python used the imageop module to
 process untrusted images, it could cause the application to crash,
 enter an infinite loop, or possibly execute arbitrary code with the
 privileges of the python interpreter (CVE-2007-4965).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 6c3c9196c69a9590c2337ec47b812512  corporate/3.0/i586/libpython2.3-2.3.3-2.5.C30mdk.i586.rpm
 633d4e1b82ffb0bab95dbad17c8658c7  corporate/3.0/i586/libpython2.3-devel-2.3.3-2.5.C30mdk.i586.rpm
 2437c3ef65df378ea6b91e18515e31a5  corporate/3.0/i586/python-2.3.3-2.5.C30mdk.i586.rpm
 4cbdfcb886ccfea966976a0e8b45eed7  corporate/3.0/i586/python-base-2.3.3-2.5.C30mdk.i586.rpm
 2b0da1499ae353820f062b2566964c56  corporate/3.0/i586/python-docs-2.3.3-2.5.C30mdk.i586.rpm
 9cfe879d13ca873e5b3f925e01afe738  corporate/3.0/i586/tkinter-2.3.3-2.5.C30mdk.i586.rpm 
 d45b5129aa7e97f4b486a2b54e2b10e0  corporate/3.0/SRPMS/python-2.3.3-2.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 58eb34e9829788ee0d0c9a2aca9d9b4d  corporate/3.0/x86_64/lib64python2.3-2.3.3-2.5.C30mdk.x86_64.rpm
 a7c01d1746edbf260c67c982d62ab5f8  corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.5.C30mdk.x86_64.rpm
 e5e3cd26caee40c1a89896b3dd99f183  corporate/3.0/x86_64/python-2.3.3-2.5.C30mdk.x86_64.rpm
 250e98c26995e58d5c074b483bc5168b  corporate/3.0/x86_64/python-base-2.3.3-2.5.C30mdk.x86_64.rpm
 d3763c75ed560b944f2900ec27fc3a24  corporate/3.0/x86_64/python-docs-2.3.3-2.5.C30mdk.x86_64.rpm
 aefa7c0274efa2d0c4d546b88940f7d0  corporate/3.0/x86_64/tkinter-2.3.3-2.5.C30mdk.x86_64.rpm 
 d45b5129aa7e97f4b486a2b54e2b10e0  corporate/3.0/SRPMS/python-2.3.3-2.5.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 f431a6aadd0f4e952c4b0515bbd21d9e  mnf/2.0/i586/libpython2.3-2.3.3-2.5.M20mdk.i586.rpm
 ed3b1c628b9165e1562e56b91c8762b2  mnf/2.0/i586/libpython2.3-devel-2.3.3-2.5.M20mdk.i586.rpm
 fa2bc6f689c780f406a5eb7a035d3d51  mnf/2.0/i586/python-2.3.3-2.5.M20mdk.i586.rpm
 a6a3082c9a938ae17ac55a90e1f34159  mnf/2.0/i586/python-base-2.3.3-2.5.M20mdk.i586.rpm
 aa492f1068bdaeaa07450844a36e53f0  mnf/2.0/i586/python-docs-2.3.3-2.5.M20mdk.i586.rpm
 69e1686a9dcc20bd77e2925b2fc9f4ca  mnf/2.0/i586/tkinter-2.3.3-2.5.M20mdk.i586.rpm 
 b4f010845985ce30fd8eef89d348f61f  mnf/2.0/SRPMS/python-2.3.3-2.5.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHi79lmqjQ0CJFipgRAubYAKCZBEYNbwsnhywcAm7zAiQL61MyvQCg1DOd
Xr5C7PIEgYrp28fE1yD4TzE=
=tyfR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ