lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JEYMP-0004v0-0T@artemis.annvix.ca>
Date: Mon, 14 Jan 2008 16:04:52 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:013 ] - Updated python packages fix
 vulnerability in imageop module


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:013
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : python
 Date    : January 14, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple integer overflows were found in python's imageop module.
 If an application written in python used the imageop module to
 process untrusted images, it could cause the application to crash,
 enter an infinite loop, or possibly execute arbitrary code with the
 privileges of the python interpreter.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 2aa2d395f88ba6a4d59c9768d838bbc9  2007.0/i586/libpython2.4-2.4.3-3.3mdv2007.0.i586.rpm
 42e7a809d98b494c397b02536f563e3f  2007.0/i586/libpython2.4-devel-2.4.3-3.3mdv2007.0.i586.rpm
 8047a106fcacb1a389fc62a4c0a1ffe1  2007.0/i586/python-2.4.3-3.3mdv2007.0.i586.rpm
 5fc7ec936e59f3dbaf4195e68838c260  2007.0/i586/python-base-2.4.3-3.3mdv2007.0.i586.rpm
 3f08259502861bfd057c9a675824eed1  2007.0/i586/python-docs-2.4.3-3.3mdv2007.0.i586.rpm
 295ec06fd92677faa81958b3dc15673f  2007.0/i586/tkinter-2.4.3-3.3mdv2007.0.i586.rpm 
 3f4dcfcafa39b91533d2a6995d57900b  2007.0/SRPMS/python-2.4.3-3.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 caaa07f3f09cfcea0bd1e8973799ffef  2007.0/x86_64/lib64python2.4-2.4.3-3.3mdv2007.0.x86_64.rpm
 969e366d80532376e1eea4679b0ac0fb  2007.0/x86_64/lib64python2.4-devel-2.4.3-3.3mdv2007.0.x86_64.rpm
 df60e3b77cc2e0653781fba0d2dd0b55  2007.0/x86_64/python-2.4.3-3.3mdv2007.0.x86_64.rpm
 e23dadbd0a78fe5a3ed85d5cc1aec10b  2007.0/x86_64/python-base-2.4.3-3.3mdv2007.0.x86_64.rpm
 19b0ae3d1ab4fe68ea3ffbe43c3b0942  2007.0/x86_64/python-docs-2.4.3-3.3mdv2007.0.x86_64.rpm
 9daa7753a70117f94e478357824ee274  2007.0/x86_64/tkinter-2.4.3-3.3mdv2007.0.x86_64.rpm 
 3f4dcfcafa39b91533d2a6995d57900b  2007.0/SRPMS/python-2.4.3-3.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 83789918b32161771fc31de1c0276abc  2007.1/i586/libpython2.5-2.5-4.2mdv2007.1.i586.rpm
 fb805a3c75630617183bddd8b1876317  2007.1/i586/libpython2.5-devel-2.5-4.2mdv2007.1.i586.rpm
 e33c7874ed3d6d567f581c5698925ec8  2007.1/i586/python-2.5-4.2mdv2007.1.i586.rpm
 0397f12fdddf81747abdee00035aa652  2007.1/i586/python-base-2.5-4.2mdv2007.1.i586.rpm
 9afc73871e8e9aac908728f2895fad17  2007.1/i586/python-docs-2.5-4.2mdv2007.1.i586.rpm
 36dbd270e4ce9d14a4cf00cb82218721  2007.1/i586/tkinter-2.5-4.2mdv2007.1.i586.rpm 
 e87524f2a4ba782fb8dc1616d52a5210  2007.1/SRPMS/python-2.5-4.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 a4e9f1cac6e2f4bb101ec44993787e8a  2007.1/x86_64/lib64python2.5-2.5-4.2mdv2007.1.x86_64.rpm
 d36b5ee8b915aeb0aeacfb31c72b0d5b  2007.1/x86_64/lib64python2.5-devel-2.5-4.2mdv2007.1.x86_64.rpm
 11c9d94ace60556d0742b7df15f26e20  2007.1/x86_64/python-2.5-4.2mdv2007.1.x86_64.rpm
 5733c0d34ad9d474f09d72e081e8abb5  2007.1/x86_64/python-base-2.5-4.2mdv2007.1.x86_64.rpm
 c111909ca5e251969157d0846aaddab5  2007.1/x86_64/python-docs-2.5-4.2mdv2007.1.x86_64.rpm
 d0ebc98fb24040adada7f5a1cb0786da  2007.1/x86_64/tkinter-2.5-4.2mdv2007.1.x86_64.rpm 
 e87524f2a4ba782fb8dc1616d52a5210  2007.1/SRPMS/python-2.5-4.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 402de17d03c279d7473dc00bfb30fa29  2008.0/i586/libpython2.5-2.5.1-5.1mdv2008.0.i586.rpm
 460006b33d6d8d221119e757d0e53997  2008.0/i586/libpython2.5-devel-2.5.1-5.1mdv2008.0.i586.rpm
 006d53e8c4c5344f3333a5e88a8e5353  2008.0/i586/python-2.5.1-5.1mdv2008.0.i586.rpm
 6f688cfe64f97febd7b4b1fde1444a4e  2008.0/i586/python-base-2.5.1-5.1mdv2008.0.i586.rpm
 2cfbc489e172026680449de3549e4451  2008.0/i586/python-docs-2.5.1-5.1mdv2008.0.i586.rpm
 55dbf574855f61c4cddcf24d86004fef  2008.0/i586/tkinter-2.5.1-5.1mdv2008.0.i586.rpm
 b0a635daa3bd47a95ea97fa1e28869e4  2008.0/i586/tkinter-apps-2.5.1-5.1mdv2008.0.i586.rpm 
 aa344e978d53a329b717cae3ffaa6a38  2008.0/SRPMS/python-2.5.1-5.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 c759088550b15fe216d9d42d4f205ae3  2008.0/x86_64/lib64python2.5-2.5.1-5.1mdv2008.0.x86_64.rpm
 c98822c30fff7d1b28f77db91c20e094  2008.0/x86_64/lib64python2.5-devel-2.5.1-5.1mdv2008.0.x86_64.rpm
 786551ac171968deba675aac73bd25f9  2008.0/x86_64/python-2.5.1-5.1mdv2008.0.x86_64.rpm
 ded534c04a11298591276b573cd84fac  2008.0/x86_64/python-base-2.5.1-5.1mdv2008.0.x86_64.rpm
 7cdc40b041fab7c0462e7d01accd72e2  2008.0/x86_64/python-docs-2.5.1-5.1mdv2008.0.x86_64.rpm
 70ce8cebd5a034e45da35152feb07c4d  2008.0/x86_64/tkinter-2.5.1-5.1mdv2008.0.x86_64.rpm
 6bc778f57d71c0206a265e817644395a  2008.0/x86_64/tkinter-apps-2.5.1-5.1mdv2008.0.x86_64.rpm 
 aa344e978d53a329b717cae3ffaa6a38  2008.0/SRPMS/python-2.5.1-5.1mdv2008.0.src.rpm

 Corporate 4.0:
 38717e896327570dbbe5bf52099b45a4  corporate/4.0/i586/libpython2.4-2.4.1-5.3.20060mlcs4.i586.rpm
 4584b1a54de62e416aa088d0f5c58aaf  corporate/4.0/i586/libpython2.4-devel-2.4.1-5.3.20060mlcs4.i586.rpm
 c17ae6ab96b00477d4d43f9503dd5586  corporate/4.0/i586/python-2.4.1-5.3.20060mlcs4.i586.rpm
 f6e5380393fbaab901856846f45cb872  corporate/4.0/i586/python-base-2.4.1-5.3.20060mlcs4.i586.rpm
 2e153a8f3d28c7bcdf203429601dd5a3  corporate/4.0/i586/python-docs-2.4.1-5.3.20060mlcs4.i586.rpm
 c09dbfa148bc49ff700c534e60456249  corporate/4.0/i586/tkinter-2.4.1-5.3.20060mlcs4.i586.rpm 
 ed33c06ab7a6c1235121330dfc7c14ea  corporate/4.0/SRPMS/python-2.4.1-5.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 dc60e48b88c515fd370bef76434df88e  corporate/4.0/x86_64/lib64python2.4-2.4.1-5.3.20060mlcs4.x86_64.rpm
 cd4810341e9e49cc2e607a4ae067fd78  corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.3.20060mlcs4.x86_64.rpm
 d71bbb307d68599831ff0c30d0968cc3  corporate/4.0/x86_64/python-2.4.1-5.3.20060mlcs4.x86_64.rpm
 945f1355d6a357b0666512f1fd485f61  corporate/4.0/x86_64/python-base-2.4.1-5.3.20060mlcs4.x86_64.rpm
 f905de87ed4a5d0dd0239d8896d39243  corporate/4.0/x86_64/python-docs-2.4.1-5.3.20060mlcs4.x86_64.rpm
 cca9d202eb85b96a1c61c396e125637d  corporate/4.0/x86_64/tkinter-2.4.1-5.3.20060mlcs4.x86_64.rpm 
 ed33c06ab7a6c1235121330dfc7c14ea  corporate/4.0/SRPMS/python-2.4.1-5.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHi79pmqjQ0CJFipgRAr21AKDvgsQaALmLRxyo52cXu0HQRFOY6gCfSZoU
0Phgk04W2rDdd6KGUy/BtDI=
=2oLn
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ