lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20081119182335.GA4900@galadriel.inutil.org>
Date: Wed, 19 Nov 2008 19:23:36 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1667-1] New python2.4 packages
	fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1667-1                  security@...ian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 19, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : python2.4
Vulnerability  : several
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144

Several vulnerabilities have been discovered in the interpreter for the
Python language. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2008-2315

    David Remahl discovered several integer overflows in the
    stringobject, unicodeobject,  bufferobject, longobject,
    tupleobject, stropmodule, gcmodule, and mmapmodule modules.

CVE-2008-3142

    Justin Ferguson discovered that incorrect memory allocation in
    the unicode_resize() function can lead to buffer overflows.

CVE-2008-3143
 
    Several integer overflows were discovered in various Python core
    modules.

CVE-2008-3144

    Several integer oberflows were discovered in the PyOS_vsnprintf()
    function.  

For the stable distribution (etch), these problems have been fixed in
version 2.4.4-3+etch2.

For the unstable distribution (sid) and the upcoming stable
distribution (lenny), these problems have been fixed in
version 2.4.5-5.

We recommend that you upgrade your python2.4 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz
    Size/MD5 checksum:  9508940 f74ef9de91918f8927e75e8c3024263a
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.dsc
    Size/MD5 checksum:     1201 0b3898b3477ae37a81d28f9539c50de6
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.diff.gz
    Size/MD5 checksum:   205713 ac023a02c39a7e70b10c268e7169cbc7

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch2_all.deb
    Size/MD5 checksum:   589678 9c6aef28fb1ff9a804fa1a147ce69d9e
  http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch2_all.deb
    Size/MD5 checksum:    60906 f03f5452778817758dfce037ba571001

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_alpha.deb
    Size/MD5 checksum:   965736 6f3adc06d80c3fdeda48e3bc0b12e5d9
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_alpha.deb
    Size/MD5 checksum:  5238160 680f07c3e87cb20b05b37745cf80f39a
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_alpha.deb
    Size/MD5 checksum:  2970930 e9f0951b39f36de2bd288aa34ca0dbc4
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_alpha.deb
    Size/MD5 checksum:  1850704 3ccfc06ca31ae9f7f6cb631e8ee3a000

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_amd64.deb
    Size/MD5 checksum:   967804 0b594b7a4e03004672043d5c58019f80
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_amd64.deb
    Size/MD5 checksum:  1637308 bcb8e0ccd455c2487ee2721d3d84aca1
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_amd64.deb
    Size/MD5 checksum:  5592228 441466ec5cbe0a3bf5b7d55a6fed7d8b
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_amd64.deb
    Size/MD5 checksum:  2968524 145a0af7bfaaae7d9ad2203241ec4ee8

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_arm.deb
    Size/MD5 checksum:  5358352 bb915c2a61cdc006db13a8d0c440c56d
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_arm.deb
    Size/MD5 checksum:  1502304 84153862216da31338aba857c90871d4
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_arm.deb
    Size/MD5 checksum:   902236 6427dc210675b5cce39ab5f928b298db
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_arm.deb
    Size/MD5 checksum:  2882452 b6bf0e5f6b4ea813a5bccc567b6e408e

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_hppa.deb
    Size/MD5 checksum:  3076702 001c94d6dba8fb9ba08d29ca5ceca65f
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_hppa.deb
    Size/MD5 checksum:  1799642 95b811cadf540cc3b3f31a0134d18661
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_hppa.deb
    Size/MD5 checksum:  1020124 9c8431097766633b45cfa35bf71761f5
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_hppa.deb
    Size/MD5 checksum:  5529414 67fb9036f49688d82b6ee93addc3c3fe

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_i386.deb
    Size/MD5 checksum:   901636 b198116fc5425e7fd48dba6d992a0c06
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_i386.deb
    Size/MD5 checksum:  2850824 4c7b173a4ebb3444201fe3f45f9e9fd2
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_i386.deb
    Size/MD5 checksum:  1511532 4fd6d3f340893f233f674a73642330b0
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_i386.deb
    Size/MD5 checksum:  5185158 da92623d224f45bd929b778864f98991

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_ia64.deb
    Size/MD5 checksum:  3373186 bf8c76edf3d0c95deaa7bdf81a178a83
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_ia64.deb
    Size/MD5 checksum:  6069872 e4dfd4adc2e602334f0896f7424f0575
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_ia64.deb
    Size/MD5 checksum:  2271712 46e48abc5e37875a427752c82d8a0f7b
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_ia64.deb
    Size/MD5 checksum:  1290446 9c85ea026775b8a4789a3e46816d0d5e

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_mips.deb
    Size/MD5 checksum:   957252 d38814f00e5f99329484248c184b24b3
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_mips.deb
    Size/MD5 checksum:  5660920 84bacdccb5955980efe7a6b59e5238fa
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_mips.deb
    Size/MD5 checksum:  1726146 c4312205f75f0bf6393ff2c7bd70fd2f
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_mips.deb
    Size/MD5 checksum:  2907332 db94b5cd8acca9f475f5f6965a66761a

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_mipsel.deb
    Size/MD5 checksum:  2864392 a17779986991285abab3391244d9c1e3
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_mipsel.deb
    Size/MD5 checksum:  5511232 b92e2004fb01967d4f7014970171e9a9
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_mipsel.deb
    Size/MD5 checksum:  1717876 a98897dc330a1a6effa05ff29af9bfab
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_mipsel.deb
    Size/MD5 checksum:   939778 6aeb1ef0ed1589b20009b0f7428a2dda

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_powerpc.deb
    Size/MD5 checksum:  1642534 468c97ebc8403c556c36da596e31d20f
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_powerpc.deb
    Size/MD5 checksum:  2958248 bc7f2d52549e520a9843945dd282bfad
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_powerpc.deb
    Size/MD5 checksum:  5786768 370c7b6f933f98308416924f13da6f94
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_powerpc.deb
    Size/MD5 checksum:   979280 a25aeb78de7b33b8b2cfe316f3f0a834

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_s390.deb
    Size/MD5 checksum:  2977268 a4dcf614e277d8c0f70b4737e53aaf5c
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_s390.deb
    Size/MD5 checksum:   974928 a3bd80007cd56a79472b42db039ece4f
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_s390.deb
    Size/MD5 checksum:  5674618 cb969a4cc4fda848ebee50528d3c570d
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_s390.deb
    Size/MD5 checksum:  1648202 72ebac2aefa5ca8c8e2ef9675e0c6052

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_sparc.deb
    Size/MD5 checksum:  2902784 21032174db6897e8828e34ce01fa017d
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_sparc.deb
    Size/MD5 checksum:   918976 694c6c564222cff16c9069c6ee8c24bf
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_sparc.deb
    Size/MD5 checksum:  1586720 bf9d1414434a21b314535fc6df13103b
  http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_sparc.deb
    Size/MD5 checksum:  5199576 c5bb7eb8ecc15a633d7045d284d3d93d


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkkWV0ACgkQXm3vHE4uyloD4ACg4wZplFaYb8wMXtR+cJGEMv3/
ElgAoOQNvTliC+c5EvAqNoXldGpUvwmX
=23CL
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ