[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20081119182335.GA4900@galadriel.inutil.org>
Date: Wed, 19 Nov 2008 19:23:36 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1667-1] New python2.4 packages
fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1667-1 security@...ian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 19, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : python2.4
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144
Several vulnerabilities have been discovered in the interpreter for the
Python language. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2008-2315
David Remahl discovered several integer overflows in the
stringobject, unicodeobject, bufferobject, longobject,
tupleobject, stropmodule, gcmodule, and mmapmodule modules.
CVE-2008-3142
Justin Ferguson discovered that incorrect memory allocation in
the unicode_resize() function can lead to buffer overflows.
CVE-2008-3143
Several integer overflows were discovered in various Python core
modules.
CVE-2008-3144
Several integer oberflows were discovered in the PyOS_vsnprintf()
function.
For the stable distribution (etch), these problems have been fixed in
version 2.4.4-3+etch2.
For the unstable distribution (sid) and the upcoming stable
distribution (lenny), these problems have been fixed in
version 2.4.5-5.
We recommend that you upgrade your python2.4 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz
Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.dsc
Size/MD5 checksum: 1201 0b3898b3477ae37a81d28f9539c50de6
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.diff.gz
Size/MD5 checksum: 205713 ac023a02c39a7e70b10c268e7169cbc7
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch2_all.deb
Size/MD5 checksum: 589678 9c6aef28fb1ff9a804fa1a147ce69d9e
http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch2_all.deb
Size/MD5 checksum: 60906 f03f5452778817758dfce037ba571001
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 965736 6f3adc06d80c3fdeda48e3bc0b12e5d9
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 5238160 680f07c3e87cb20b05b37745cf80f39a
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 2970930 e9f0951b39f36de2bd288aa34ca0dbc4
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 1850704 3ccfc06ca31ae9f7f6cb631e8ee3a000
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 967804 0b594b7a4e03004672043d5c58019f80
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 1637308 bcb8e0ccd455c2487ee2721d3d84aca1
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 5592228 441466ec5cbe0a3bf5b7d55a6fed7d8b
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 2968524 145a0af7bfaaae7d9ad2203241ec4ee8
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_arm.deb
Size/MD5 checksum: 5358352 bb915c2a61cdc006db13a8d0c440c56d
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_arm.deb
Size/MD5 checksum: 1502304 84153862216da31338aba857c90871d4
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_arm.deb
Size/MD5 checksum: 902236 6427dc210675b5cce39ab5f928b298db
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_arm.deb
Size/MD5 checksum: 2882452 b6bf0e5f6b4ea813a5bccc567b6e408e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 3076702 001c94d6dba8fb9ba08d29ca5ceca65f
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 1799642 95b811cadf540cc3b3f31a0134d18661
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 1020124 9c8431097766633b45cfa35bf71761f5
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 5529414 67fb9036f49688d82b6ee93addc3c3fe
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_i386.deb
Size/MD5 checksum: 901636 b198116fc5425e7fd48dba6d992a0c06
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_i386.deb
Size/MD5 checksum: 2850824 4c7b173a4ebb3444201fe3f45f9e9fd2
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_i386.deb
Size/MD5 checksum: 1511532 4fd6d3f340893f233f674a73642330b0
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_i386.deb
Size/MD5 checksum: 5185158 da92623d224f45bd929b778864f98991
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_ia64.deb
Size/MD5 checksum: 3373186 bf8c76edf3d0c95deaa7bdf81a178a83
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_ia64.deb
Size/MD5 checksum: 6069872 e4dfd4adc2e602334f0896f7424f0575
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_ia64.deb
Size/MD5 checksum: 2271712 46e48abc5e37875a427752c82d8a0f7b
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_ia64.deb
Size/MD5 checksum: 1290446 9c85ea026775b8a4789a3e46816d0d5e
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_mips.deb
Size/MD5 checksum: 957252 d38814f00e5f99329484248c184b24b3
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_mips.deb
Size/MD5 checksum: 5660920 84bacdccb5955980efe7a6b59e5238fa
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_mips.deb
Size/MD5 checksum: 1726146 c4312205f75f0bf6393ff2c7bd70fd2f
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_mips.deb
Size/MD5 checksum: 2907332 db94b5cd8acca9f475f5f6965a66761a
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_mipsel.deb
Size/MD5 checksum: 2864392 a17779986991285abab3391244d9c1e3
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_mipsel.deb
Size/MD5 checksum: 5511232 b92e2004fb01967d4f7014970171e9a9
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_mipsel.deb
Size/MD5 checksum: 1717876 a98897dc330a1a6effa05ff29af9bfab
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_mipsel.deb
Size/MD5 checksum: 939778 6aeb1ef0ed1589b20009b0f7428a2dda
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_powerpc.deb
Size/MD5 checksum: 1642534 468c97ebc8403c556c36da596e31d20f
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_powerpc.deb
Size/MD5 checksum: 2958248 bc7f2d52549e520a9843945dd282bfad
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_powerpc.deb
Size/MD5 checksum: 5786768 370c7b6f933f98308416924f13da6f94
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_powerpc.deb
Size/MD5 checksum: 979280 a25aeb78de7b33b8b2cfe316f3f0a834
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_s390.deb
Size/MD5 checksum: 2977268 a4dcf614e277d8c0f70b4737e53aaf5c
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_s390.deb
Size/MD5 checksum: 974928 a3bd80007cd56a79472b42db039ece4f
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_s390.deb
Size/MD5 checksum: 5674618 cb969a4cc4fda848ebee50528d3c570d
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_s390.deb
Size/MD5 checksum: 1648202 72ebac2aefa5ca8c8e2ef9675e0c6052
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_sparc.deb
Size/MD5 checksum: 2902784 21032174db6897e8828e34ce01fa017d
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_sparc.deb
Size/MD5 checksum: 918976 694c6c564222cff16c9069c6ee8c24bf
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_sparc.deb
Size/MD5 checksum: 1586720 bf9d1414434a21b314535fc6df13103b
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_sparc.deb
Size/MD5 checksum: 5199576 c5bb7eb8ecc15a633d7045d284d3d93d
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkkWV0ACgkQXm3vHE4uyloD4ACg4wZplFaYb8wMXtR+cJGEMv3/
ElgAoOQNvTliC+c5EvAqNoXldGpUvwmX
=23CL
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists