[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JlhZ7-0001n8-HA@artemis.annvix.ca>
Date: Tue, 15 Apr 2008 03:35:01 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:085 ] - Updated python packages fix
arbitrary code execution vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:085
http://www.mandriva.com/security/
_______________________________________________________________________
Package : python
Date : April 15, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Integer signedness error in the zlib extension module in Python 2.5.2
and earlier allows remote attackers to execute arbitrary code via a
negative signed integer, which triggers insufficient memory allocation
and a buffer overflow.
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
9ecc4c94fe365970d42278e55bc02b73 2007.1/i586/libpython2.5-2.5-4.3mdv2007.1.i586.rpm
47b7294690cc9a34714394602ec52fe3 2007.1/i586/libpython2.5-devel-2.5-4.3mdv2007.1.i586.rpm
eebd7eb038b8b8e8646f660a1979919c 2007.1/i586/python-2.5-4.3mdv2007.1.i586.rpm
35e7b42b7537d448d10266aff4c4d8e8 2007.1/i586/python-base-2.5-4.3mdv2007.1.i586.rpm
8af1b52823f5c185e317ad1284b2466b 2007.1/i586/python-docs-2.5-4.3mdv2007.1.i586.rpm
29a99c607e0890685053959399368dbd 2007.1/i586/tkinter-2.5-4.3mdv2007.1.i586.rpm
d1c1500f11921e027dc1e84bd731d86c 2007.1/SRPMS/python-2.5-4.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
dfea89865b1020c76acc6f3df20613a5 2007.1/x86_64/lib64python2.5-2.5-4.3mdv2007.1.x86_64.rpm
53a6e2ffe62fc8872a45383c237a9144 2007.1/x86_64/lib64python2.5-devel-2.5-4.3mdv2007.1.x86_64.rpm
2f519a0aa522130441d6fc714e6e5a1f 2007.1/x86_64/python-2.5-4.3mdv2007.1.x86_64.rpm
6329e55974fb9dcf0a326a5535bccd7f 2007.1/x86_64/python-base-2.5-4.3mdv2007.1.x86_64.rpm
51abb3bd7c674e075b94313ee2c25e34 2007.1/x86_64/python-docs-2.5-4.3mdv2007.1.x86_64.rpm
819a9ec6f5e5a875f217763405f00734 2007.1/x86_64/tkinter-2.5-4.3mdv2007.1.x86_64.rpm
d1c1500f11921e027dc1e84bd731d86c 2007.1/SRPMS/python-2.5-4.3mdv2007.1.src.rpm
Mandriva Linux 2008.0:
b9282fc19b011a9b43f020f818e6f5d9 2008.0/i586/libpython2.5-2.5.1-5.2mdv2008.0.i586.rpm
bc5a47bd0868f980a93a50a66914659b 2008.0/i586/libpython2.5-devel-2.5.1-5.2mdv2008.0.i586.rpm
2e9a41c20c32f8f603e7647fb8c078ad 2008.0/i586/python-2.5.1-5.2mdv2008.0.i586.rpm
a754a2f3173faef023ab6ef2b28accd1 2008.0/i586/python-base-2.5.1-5.2mdv2008.0.i586.rpm
7d0e443b4ad27f61168de7324f1abb15 2008.0/i586/python-docs-2.5.1-5.2mdv2008.0.i586.rpm
8a06ec0b5558ad0145157f63be1aa1f8 2008.0/i586/tkinter-2.5.1-5.2mdv2008.0.i586.rpm
ea387f81431c29c2ddf572bf81a2d27e 2008.0/i586/tkinter-apps-2.5.1-5.2mdv2008.0.i586.rpm
75d0dc8f3cf8525827277937eb290b5a 2008.0/SRPMS/python-2.5.1-5.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
760186761b14ec8caf69d12cbe1addb9 2008.0/x86_64/lib64python2.5-2.5.1-5.2mdv2008.0.x86_64.rpm
8984e11f060c41701d543cdf4c3e5d64 2008.0/x86_64/lib64python2.5-devel-2.5.1-5.2mdv2008.0.x86_64.rpm
959bf382deca1676ef6ba2b3c822e2d9 2008.0/x86_64/python-2.5.1-5.2mdv2008.0.x86_64.rpm
ec86c6c883320f391a4ce21723232910 2008.0/x86_64/python-base-2.5.1-5.2mdv2008.0.x86_64.rpm
8bc0bd727053aeb53167afb222e51c9f 2008.0/x86_64/python-docs-2.5.1-5.2mdv2008.0.x86_64.rpm
ba4a22d3512b03e3cae9c3bd0fd71a04 2008.0/x86_64/tkinter-2.5.1-5.2mdv2008.0.x86_64.rpm
ab687389eb62b10f7982098a6f6c6e21 2008.0/x86_64/tkinter-apps-2.5.1-5.2mdv2008.0.x86_64.rpm
75d0dc8f3cf8525827277937eb290b5a 2008.0/SRPMS/python-2.5.1-5.2mdv2008.0.src.rpm
Mandriva Linux 2008.1:
a2347d1f0b230414da44a5097e0f8a32 2008.1/i586/libpython2.5-2.5.2-2.1mdv2008.1.i586.rpm
ea4af4cfec51a91394898f81f8a7fa00 2008.1/i586/libpython2.5-devel-2.5.2-2.1mdv2008.1.i586.rpm
0ff272fb044538a38b667921f4e3b68d 2008.1/i586/python-2.5.2-2.1mdv2008.1.i586.rpm
39c4d2740ae5ab10c900de38516f22a9 2008.1/i586/python-base-2.5.2-2.1mdv2008.1.i586.rpm
398e79bf4049c5a4daa78e9e6d79c1fa 2008.1/i586/python-docs-2.5.2-2.1mdv2008.1.i586.rpm
19ec255c149be19420f1f92cfd48f7c7 2008.1/i586/tkinter-2.5.2-2.1mdv2008.1.i586.rpm
f8f679dca16457be4cfe245c8479ae68 2008.1/i586/tkinter-apps-2.5.2-2.1mdv2008.1.i586.rpm
8a5d085ec03be926d64a0662ee339dfd 2008.1/SRPMS/python-2.5.2-2.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
201857de10171d62491b22decde12ed9 2008.1/x86_64/lib64python2.5-2.5.2-2.1mdv2008.1.x86_64.rpm
a8338dd0b2ba9885325010d6bab22c07 2008.1/x86_64/lib64python2.5-devel-2.5.2-2.1mdv2008.1.x86_64.rpm
90160e5fbf2609cb627e5c473ba505b9 2008.1/x86_64/python-2.5.2-2.1mdv2008.1.x86_64.rpm
6f53f6bfc053d7c4f8aba17cf24e9b09 2008.1/x86_64/python-base-2.5.2-2.1mdv2008.1.x86_64.rpm
fc956cd4c279b0b708b7ddf0300dd854 2008.1/x86_64/python-docs-2.5.2-2.1mdv2008.1.x86_64.rpm
10c2c200fb3ba68841111683a4cd2d1d 2008.1/x86_64/tkinter-2.5.2-2.1mdv2008.1.x86_64.rpm
780eb4fde8b103f81af4a1038db720ca 2008.1/x86_64/tkinter-apps-2.5.2-2.1mdv2008.1.x86_64.rpm
8a5d085ec03be926d64a0662ee339dfd 2008.1/SRPMS/python-2.5.2-2.1mdv2008.1.src.rpm
Corporate 3.0:
507662f734c26973c04e3443299c00c1 corporate/3.0/i586/libpython2.3-2.3.3-2.6.C30mdk.i586.rpm
1d9310361901c48226dcd4f57ff8fdd1 corporate/3.0/i586/libpython2.3-devel-2.3.3-2.6.C30mdk.i586.rpm
2759e37bcf5ff3f5d8f7c2771cb9c5c2 corporate/3.0/i586/python-2.3.3-2.6.C30mdk.i586.rpm
e5f6fe7be314d4fda29604915aef00da corporate/3.0/i586/python-base-2.3.3-2.6.C30mdk.i586.rpm
d25cee9658e37217100859b6a660e890 corporate/3.0/i586/python-docs-2.3.3-2.6.C30mdk.i586.rpm
bfcd20c1020cf2605084468b3d489c38 corporate/3.0/i586/tkinter-2.3.3-2.6.C30mdk.i586.rpm
64e71a3e92e2bafa19a91314ca24cd78 corporate/3.0/SRPMS/python-2.3.3-2.6.C30mdk.src.rpm
Corporate 3.0/X86_64:
b509d155a74fd23c23ee0de7f392c80d corporate/3.0/x86_64/lib64python2.3-2.3.3-2.6.C30mdk.x86_64.rpm
fafc422d07ae0dbc9a6262db82f6d566 corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.6.C30mdk.x86_64.rpm
0e6831dcfb2fa5ebeee2dbc7a2446cd2 corporate/3.0/x86_64/python-2.3.3-2.6.C30mdk.x86_64.rpm
7cb4cb33c9df667389af2acf7ed4516f corporate/3.0/x86_64/python-base-2.3.3-2.6.C30mdk.x86_64.rpm
d742fec7cf99137338f9c34eb4f7a236 corporate/3.0/x86_64/python-docs-2.3.3-2.6.C30mdk.x86_64.rpm
28026636183e6b04b3f49e47ec3db488 corporate/3.0/x86_64/tkinter-2.3.3-2.6.C30mdk.x86_64.rpm
64e71a3e92e2bafa19a91314ca24cd78 corporate/3.0/SRPMS/python-2.3.3-2.6.C30mdk.src.rpm
Corporate 4.0:
2961bff452ffe89fe03ca816003673c2 corporate/4.0/i586/libpython2.4-2.4.1-5.4.20060mlcs4.i586.rpm
fd76f53b14a83d43f620684c01983030 corporate/4.0/i586/libpython2.4-devel-2.4.1-5.4.20060mlcs4.i586.rpm
fae94c51aac855a363b952a50797554a corporate/4.0/i586/python-2.4.1-5.4.20060mlcs4.i586.rpm
588102686dae7023e9bf25539e4e2b12 corporate/4.0/i586/python-base-2.4.1-5.4.20060mlcs4.i586.rpm
0e45305806fa29fdd3d05a1f29158b96 corporate/4.0/i586/python-docs-2.4.1-5.4.20060mlcs4.i586.rpm
8306274c8c1a7cdb111c8b1ee0db4917 corporate/4.0/i586/tkinter-2.4.1-5.4.20060mlcs4.i586.rpm
e9f7157f6b42fb228b3e74cba3e8d0a2 corporate/4.0/SRPMS/python-2.4.1-5.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
689360a709e3e2de95300a4eaa9ef1c4 corporate/4.0/x86_64/lib64python2.4-2.4.1-5.4.20060mlcs4.x86_64.rpm
45021f6321ba4922c9c9494a3ac96698 corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.4.20060mlcs4.x86_64.rpm
923176fd1fd9cccf9953e6eee50b1acb corporate/4.0/x86_64/python-2.4.1-5.4.20060mlcs4.x86_64.rpm
af91588191d79ccbe1e2fd4efe37f1cc corporate/4.0/x86_64/python-base-2.4.1-5.4.20060mlcs4.x86_64.rpm
6a2f4518e0bfa766b1fbe6569c354e4e corporate/4.0/x86_64/python-docs-2.4.1-5.4.20060mlcs4.x86_64.rpm
0da11e3e53f8ee50863061ef077530c9 corporate/4.0/x86_64/tkinter-2.4.1-5.4.20060mlcs4.x86_64.rpm
e9f7157f6b42fb228b3e74cba3e8d0a2 corporate/4.0/SRPMS/python-2.4.1-5.4.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
a31e5592f6ffe93f38db4e152643a54a mnf/2.0/i586/libpython2.3-2.3.3-2.6.M20mdk.i586.rpm
ec792a125b774dc32e0705a2ea1876b3 mnf/2.0/i586/libpython2.3-devel-2.3.3-2.6.M20mdk.i586.rpm
f4572438fa53a1bbd4a897d442bdaa28 mnf/2.0/i586/python-2.3.3-2.6.M20mdk.i586.rpm
036db5b3815d43302bb0e4a20b5ab7ce mnf/2.0/i586/python-base-2.3.3-2.6.M20mdk.i586.rpm
24e6a4bb249b08ee63b25fe65f5acc59 mnf/2.0/i586/python-docs-2.3.3-2.6.M20mdk.i586.rpm
291662a5b5dff227bbed5af2443799a4 mnf/2.0/i586/tkinter-2.3.3-2.6.M20mdk.i586.rpm
ff669a40592d615b743d0f5c83b52c2f mnf/2.0/SRPMS/python-2.3.3-2.6.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFIBEqamqjQ0CJFipgRAlipAJ4ySo/Nvq85TmkZEkXG961CO5ZWsQCgvSQc
ivIPYMVOOM10F1l2Shk8zF0=
=Q9fp
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists