[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1LXfo5-0002ty-SL@titan.mandriva.com>
Date: Thu, 12 Feb 2009 18:57:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:036 ] python
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:036
http://www.mandriva.com/security/
_______________________________________________________________________
Package : python
Date : February 12, 2009
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Multiple integer overflows in imageop.c in the imageop module in
Python 1.5.2 through 2.5.1 allow context-dependent attackers to
break out of the Python VM and execute arbitrary code via large
integer values in certain arguments to the crop function, leading to
a buffer overflow, a different vulnerability than CVE-2007-4965 and
CVE-2008-1679. (CVE-2008-4864)
Multiple integer overflows in Python 2.5.2 and earlier allow
context-dependent attackers to have an unknown impact via vectors
related to the (1) stringobject, (2) unicodeobject, (3) bufferobject,
(4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and
(8) mmapmodule modules. NOTE: The expandtabs integer overflows in
stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,
allow context-dependent attackers to have an unknown impact via
a large integer value in the tabsize argument to the expandtabs
method, as implemented by (1) the string_expandtabs function in
Objects/stringobject.c and (2) the unicode_expandtabs function in
Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists
because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)
The updated Python packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
c9668bc25f1306f610bfdfc94b4b944c corporate/3.0/i586/libpython2.3-2.3.7-0.2.C30mdk.i586.rpm
f2720b0908488c72a4591c89a5d6be6e corporate/3.0/i586/libpython2.3-devel-2.3.7-0.2.C30mdk.i586.rpm
261fbcfe8cd18a217845051c7c2fdd75 corporate/3.0/i586/python-2.3.7-0.2.C30mdk.i586.rpm
1df9dfe4bacd9982da477f84daf4179e corporate/3.0/i586/python-base-2.3.7-0.2.C30mdk.i586.rpm
c848a40db3729c5d730409cc8b53ede2 corporate/3.0/i586/python-docs-2.3.7-0.2.C30mdk.i586.rpm
a6844df32103497417ed829693fb60f5 corporate/3.0/i586/tkinter-2.3.7-0.2.C30mdk.i586.rpm
c5f2ad7e5986ab7232658b40e8dea295 corporate/3.0/SRPMS/python-2.3.7-0.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
0969a75152e437953cae2c309697536c corporate/3.0/x86_64/lib64python2.3-2.3.7-0.2.C30mdk.x86_64.rpm
e297c080c4ab2cd7c5f536a5cda758b2 corporate/3.0/x86_64/lib64python2.3-devel-2.3.7-0.2.C30mdk.x86_64.rpm
d6ddee2f8c6bbe82acb7d5fdaaa75913 corporate/3.0/x86_64/python-2.3.7-0.2.C30mdk.x86_64.rpm
1556e502527f22fad6771d95b288b9cc corporate/3.0/x86_64/python-base-2.3.7-0.2.C30mdk.x86_64.rpm
acdefbc7a2ed2dd31b6569002e4253e3 corporate/3.0/x86_64/python-docs-2.3.7-0.2.C30mdk.x86_64.rpm
49fd4e84a697d91c64ac5d91b63bf43c corporate/3.0/x86_64/tkinter-2.3.7-0.2.C30mdk.x86_64.rpm
c5f2ad7e5986ab7232658b40e8dea295 corporate/3.0/SRPMS/python-2.3.7-0.2.C30mdk.src.rpm
Multi Network Firewall 2.0:
cabb486b4f3c24c9fea9920db0576137 mnf/2.0/i586/libpython2.3-2.3.7-0.2.M20mdk.i586.rpm
60b4f62da866083a1c37ad42d532171b mnf/2.0/i586/libpython2.3-devel-2.3.7-0.2.M20mdk.i586.rpm
b5a2dc2a80a304b2095549b1d0c7c4c8 mnf/2.0/i586/python-2.3.7-0.2.M20mdk.i586.rpm
5964fa32ade61fc6d217481252e75d92 mnf/2.0/i586/python-base-2.3.7-0.2.M20mdk.i586.rpm
f8eb4c23e80dc5ee7cf4abdacc0d01cc mnf/2.0/i586/python-docs-2.3.7-0.2.M20mdk.i586.rpm
8ca87fc328dd2d3c4f21edc5f244e1cc mnf/2.0/i586/tkinter-2.3.7-0.2.M20mdk.i586.rpm
6bdfd7584a2e4094ce39424311368ce8 mnf/2.0/SRPMS/python-2.3.7-0.2.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJlDhYmqjQ0CJFipgRAjxAAJ9Ki28TLWrWrI/6ftj5bLVtNe4MsgCgoH19
A65A1tocyMcWLZBUV61a0KU=
=UwnZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists