lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JlhZ7-0001n8-HA@artemis.annvix.ca>
Date: Tue, 15 Apr 2008 03:35:01 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:085 ] - Updated python packages fix
 arbitrary code execution vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:085
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : python
 Date    : April 15, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Integer signedness error in the zlib extension module in Python 2.5.2
 and earlier allows remote attackers to execute arbitrary code via a
 negative signed integer, which triggers insufficient memory allocation
 and a buffer overflow.
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.1:
 9ecc4c94fe365970d42278e55bc02b73  2007.1/i586/libpython2.5-2.5-4.3mdv2007.1.i586.rpm
 47b7294690cc9a34714394602ec52fe3  2007.1/i586/libpython2.5-devel-2.5-4.3mdv2007.1.i586.rpm
 eebd7eb038b8b8e8646f660a1979919c  2007.1/i586/python-2.5-4.3mdv2007.1.i586.rpm
 35e7b42b7537d448d10266aff4c4d8e8  2007.1/i586/python-base-2.5-4.3mdv2007.1.i586.rpm
 8af1b52823f5c185e317ad1284b2466b  2007.1/i586/python-docs-2.5-4.3mdv2007.1.i586.rpm
 29a99c607e0890685053959399368dbd  2007.1/i586/tkinter-2.5-4.3mdv2007.1.i586.rpm 
 d1c1500f11921e027dc1e84bd731d86c  2007.1/SRPMS/python-2.5-4.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 dfea89865b1020c76acc6f3df20613a5  2007.1/x86_64/lib64python2.5-2.5-4.3mdv2007.1.x86_64.rpm
 53a6e2ffe62fc8872a45383c237a9144  2007.1/x86_64/lib64python2.5-devel-2.5-4.3mdv2007.1.x86_64.rpm
 2f519a0aa522130441d6fc714e6e5a1f  2007.1/x86_64/python-2.5-4.3mdv2007.1.x86_64.rpm
 6329e55974fb9dcf0a326a5535bccd7f  2007.1/x86_64/python-base-2.5-4.3mdv2007.1.x86_64.rpm
 51abb3bd7c674e075b94313ee2c25e34  2007.1/x86_64/python-docs-2.5-4.3mdv2007.1.x86_64.rpm
 819a9ec6f5e5a875f217763405f00734  2007.1/x86_64/tkinter-2.5-4.3mdv2007.1.x86_64.rpm 
 d1c1500f11921e027dc1e84bd731d86c  2007.1/SRPMS/python-2.5-4.3mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 b9282fc19b011a9b43f020f818e6f5d9  2008.0/i586/libpython2.5-2.5.1-5.2mdv2008.0.i586.rpm
 bc5a47bd0868f980a93a50a66914659b  2008.0/i586/libpython2.5-devel-2.5.1-5.2mdv2008.0.i586.rpm
 2e9a41c20c32f8f603e7647fb8c078ad  2008.0/i586/python-2.5.1-5.2mdv2008.0.i586.rpm
 a754a2f3173faef023ab6ef2b28accd1  2008.0/i586/python-base-2.5.1-5.2mdv2008.0.i586.rpm
 7d0e443b4ad27f61168de7324f1abb15  2008.0/i586/python-docs-2.5.1-5.2mdv2008.0.i586.rpm
 8a06ec0b5558ad0145157f63be1aa1f8  2008.0/i586/tkinter-2.5.1-5.2mdv2008.0.i586.rpm
 ea387f81431c29c2ddf572bf81a2d27e  2008.0/i586/tkinter-apps-2.5.1-5.2mdv2008.0.i586.rpm 
 75d0dc8f3cf8525827277937eb290b5a  2008.0/SRPMS/python-2.5.1-5.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 760186761b14ec8caf69d12cbe1addb9  2008.0/x86_64/lib64python2.5-2.5.1-5.2mdv2008.0.x86_64.rpm
 8984e11f060c41701d543cdf4c3e5d64  2008.0/x86_64/lib64python2.5-devel-2.5.1-5.2mdv2008.0.x86_64.rpm
 959bf382deca1676ef6ba2b3c822e2d9  2008.0/x86_64/python-2.5.1-5.2mdv2008.0.x86_64.rpm
 ec86c6c883320f391a4ce21723232910  2008.0/x86_64/python-base-2.5.1-5.2mdv2008.0.x86_64.rpm
 8bc0bd727053aeb53167afb222e51c9f  2008.0/x86_64/python-docs-2.5.1-5.2mdv2008.0.x86_64.rpm
 ba4a22d3512b03e3cae9c3bd0fd71a04  2008.0/x86_64/tkinter-2.5.1-5.2mdv2008.0.x86_64.rpm
 ab687389eb62b10f7982098a6f6c6e21  2008.0/x86_64/tkinter-apps-2.5.1-5.2mdv2008.0.x86_64.rpm 
 75d0dc8f3cf8525827277937eb290b5a  2008.0/SRPMS/python-2.5.1-5.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 a2347d1f0b230414da44a5097e0f8a32  2008.1/i586/libpython2.5-2.5.2-2.1mdv2008.1.i586.rpm
 ea4af4cfec51a91394898f81f8a7fa00  2008.1/i586/libpython2.5-devel-2.5.2-2.1mdv2008.1.i586.rpm
 0ff272fb044538a38b667921f4e3b68d  2008.1/i586/python-2.5.2-2.1mdv2008.1.i586.rpm
 39c4d2740ae5ab10c900de38516f22a9  2008.1/i586/python-base-2.5.2-2.1mdv2008.1.i586.rpm
 398e79bf4049c5a4daa78e9e6d79c1fa  2008.1/i586/python-docs-2.5.2-2.1mdv2008.1.i586.rpm
 19ec255c149be19420f1f92cfd48f7c7  2008.1/i586/tkinter-2.5.2-2.1mdv2008.1.i586.rpm
 f8f679dca16457be4cfe245c8479ae68  2008.1/i586/tkinter-apps-2.5.2-2.1mdv2008.1.i586.rpm 
 8a5d085ec03be926d64a0662ee339dfd  2008.1/SRPMS/python-2.5.2-2.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 201857de10171d62491b22decde12ed9  2008.1/x86_64/lib64python2.5-2.5.2-2.1mdv2008.1.x86_64.rpm
 a8338dd0b2ba9885325010d6bab22c07  2008.1/x86_64/lib64python2.5-devel-2.5.2-2.1mdv2008.1.x86_64.rpm
 90160e5fbf2609cb627e5c473ba505b9  2008.1/x86_64/python-2.5.2-2.1mdv2008.1.x86_64.rpm
 6f53f6bfc053d7c4f8aba17cf24e9b09  2008.1/x86_64/python-base-2.5.2-2.1mdv2008.1.x86_64.rpm
 fc956cd4c279b0b708b7ddf0300dd854  2008.1/x86_64/python-docs-2.5.2-2.1mdv2008.1.x86_64.rpm
 10c2c200fb3ba68841111683a4cd2d1d  2008.1/x86_64/tkinter-2.5.2-2.1mdv2008.1.x86_64.rpm
 780eb4fde8b103f81af4a1038db720ca  2008.1/x86_64/tkinter-apps-2.5.2-2.1mdv2008.1.x86_64.rpm 
 8a5d085ec03be926d64a0662ee339dfd  2008.1/SRPMS/python-2.5.2-2.1mdv2008.1.src.rpm

 Corporate 3.0:
 507662f734c26973c04e3443299c00c1  corporate/3.0/i586/libpython2.3-2.3.3-2.6.C30mdk.i586.rpm
 1d9310361901c48226dcd4f57ff8fdd1  corporate/3.0/i586/libpython2.3-devel-2.3.3-2.6.C30mdk.i586.rpm
 2759e37bcf5ff3f5d8f7c2771cb9c5c2  corporate/3.0/i586/python-2.3.3-2.6.C30mdk.i586.rpm
 e5f6fe7be314d4fda29604915aef00da  corporate/3.0/i586/python-base-2.3.3-2.6.C30mdk.i586.rpm
 d25cee9658e37217100859b6a660e890  corporate/3.0/i586/python-docs-2.3.3-2.6.C30mdk.i586.rpm
 bfcd20c1020cf2605084468b3d489c38  corporate/3.0/i586/tkinter-2.3.3-2.6.C30mdk.i586.rpm 
 64e71a3e92e2bafa19a91314ca24cd78  corporate/3.0/SRPMS/python-2.3.3-2.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 b509d155a74fd23c23ee0de7f392c80d  corporate/3.0/x86_64/lib64python2.3-2.3.3-2.6.C30mdk.x86_64.rpm
 fafc422d07ae0dbc9a6262db82f6d566  corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.6.C30mdk.x86_64.rpm
 0e6831dcfb2fa5ebeee2dbc7a2446cd2  corporate/3.0/x86_64/python-2.3.3-2.6.C30mdk.x86_64.rpm
 7cb4cb33c9df667389af2acf7ed4516f  corporate/3.0/x86_64/python-base-2.3.3-2.6.C30mdk.x86_64.rpm
 d742fec7cf99137338f9c34eb4f7a236  corporate/3.0/x86_64/python-docs-2.3.3-2.6.C30mdk.x86_64.rpm
 28026636183e6b04b3f49e47ec3db488  corporate/3.0/x86_64/tkinter-2.3.3-2.6.C30mdk.x86_64.rpm 
 64e71a3e92e2bafa19a91314ca24cd78  corporate/3.0/SRPMS/python-2.3.3-2.6.C30mdk.src.rpm

 Corporate 4.0:
 2961bff452ffe89fe03ca816003673c2  corporate/4.0/i586/libpython2.4-2.4.1-5.4.20060mlcs4.i586.rpm
 fd76f53b14a83d43f620684c01983030  corporate/4.0/i586/libpython2.4-devel-2.4.1-5.4.20060mlcs4.i586.rpm
 fae94c51aac855a363b952a50797554a  corporate/4.0/i586/python-2.4.1-5.4.20060mlcs4.i586.rpm
 588102686dae7023e9bf25539e4e2b12  corporate/4.0/i586/python-base-2.4.1-5.4.20060mlcs4.i586.rpm
 0e45305806fa29fdd3d05a1f29158b96  corporate/4.0/i586/python-docs-2.4.1-5.4.20060mlcs4.i586.rpm
 8306274c8c1a7cdb111c8b1ee0db4917  corporate/4.0/i586/tkinter-2.4.1-5.4.20060mlcs4.i586.rpm 
 e9f7157f6b42fb228b3e74cba3e8d0a2  corporate/4.0/SRPMS/python-2.4.1-5.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 689360a709e3e2de95300a4eaa9ef1c4  corporate/4.0/x86_64/lib64python2.4-2.4.1-5.4.20060mlcs4.x86_64.rpm
 45021f6321ba4922c9c9494a3ac96698  corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.4.20060mlcs4.x86_64.rpm
 923176fd1fd9cccf9953e6eee50b1acb  corporate/4.0/x86_64/python-2.4.1-5.4.20060mlcs4.x86_64.rpm
 af91588191d79ccbe1e2fd4efe37f1cc  corporate/4.0/x86_64/python-base-2.4.1-5.4.20060mlcs4.x86_64.rpm
 6a2f4518e0bfa766b1fbe6569c354e4e  corporate/4.0/x86_64/python-docs-2.4.1-5.4.20060mlcs4.x86_64.rpm
 0da11e3e53f8ee50863061ef077530c9  corporate/4.0/x86_64/tkinter-2.4.1-5.4.20060mlcs4.x86_64.rpm 
 e9f7157f6b42fb228b3e74cba3e8d0a2  corporate/4.0/SRPMS/python-2.4.1-5.4.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 a31e5592f6ffe93f38db4e152643a54a  mnf/2.0/i586/libpython2.3-2.3.3-2.6.M20mdk.i586.rpm
 ec792a125b774dc32e0705a2ea1876b3  mnf/2.0/i586/libpython2.3-devel-2.3.3-2.6.M20mdk.i586.rpm
 f4572438fa53a1bbd4a897d442bdaa28  mnf/2.0/i586/python-2.3.3-2.6.M20mdk.i586.rpm
 036db5b3815d43302bb0e4a20b5ab7ce  mnf/2.0/i586/python-base-2.3.3-2.6.M20mdk.i586.rpm
 24e6a4bb249b08ee63b25fe65f5acc59  mnf/2.0/i586/python-docs-2.3.3-2.6.M20mdk.i586.rpm
 291662a5b5dff227bbed5af2443799a4  mnf/2.0/i586/tkinter-2.3.3-2.6.M20mdk.i586.rpm 
 ff669a40592d615b743d0f5c83b52c2f  mnf/2.0/SRPMS/python-2.3.3-2.6.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFIBEqamqjQ0CJFipgRAlipAJ4ySo/Nvq85TmkZEkXG961CO5ZWsQCgvSQc
ivIPYMVOOM10F1l2Shk8zF0=
=Q9fp
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ