[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MfHpJ-0004E2-Ew@titan.mandriva.com>
Date: Sun, 23 Aug 2009 20:30:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:212 ] python
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:212
http://www.mandriva.com/security/
_______________________________________________________________________
Package : python
Date : August 23, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625.
This update fixes this vulnerability.
_______________________________________________________________________
References:
https://bugs.gentoo.org/show_bug.cgi?id=280615
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
836ae8dca4ea5075570308601404f08b 2008.1/i586/libpython2.5-2.5.2-2.4mdv2008.1.i586.rpm
c0d2f284c5186fbeffbec54c87c3b16e 2008.1/i586/libpython2.5-devel-2.5.2-2.4mdv2008.1.i586.rpm
9dc6194d0725d98de504d43a6a6be8ee 2008.1/i586/python-2.5.2-2.4mdv2008.1.i586.rpm
ff9365c549641ceb5220b95ed839c5a1 2008.1/i586/python-base-2.5.2-2.4mdv2008.1.i586.rpm
eaa3f8eb68cb602d4844e49e243ca9cf 2008.1/i586/python-docs-2.5.2-2.4mdv2008.1.i586.rpm
3111537c56613f5597c57a524ed1636b 2008.1/i586/tkinter-2.5.2-2.4mdv2008.1.i586.rpm
c1ada1cf0e66f5108f43c72fb9955f72 2008.1/i586/tkinter-apps-2.5.2-2.4mdv2008.1.i586.rpm
7c3531beccdeba86834ab34353b0b63a 2008.1/SRPMS/python-2.5.2-2.4mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
5167564837a0738bbd75a291aff5f9ae 2008.1/x86_64/lib64python2.5-2.5.2-2.4mdv2008.1.x86_64.rpm
39ad271ea137fd9fe5fb7ae6463cd5ed 2008.1/x86_64/lib64python2.5-devel-2.5.2-2.4mdv2008.1.x86_64.rpm
8a3da29b65af4b47d7e6fd71b466b23a 2008.1/x86_64/python-2.5.2-2.4mdv2008.1.x86_64.rpm
48bbff9fdaa65b079be904c4b0605235 2008.1/x86_64/python-base-2.5.2-2.4mdv2008.1.x86_64.rpm
f0013decf0a71de2b9d170cffeb4aaf4 2008.1/x86_64/python-docs-2.5.2-2.4mdv2008.1.x86_64.rpm
b6503232d22add8000aa5492304299f5 2008.1/x86_64/tkinter-2.5.2-2.4mdv2008.1.x86_64.rpm
90bbc302ae26762062d3e8580765527e 2008.1/x86_64/tkinter-apps-2.5.2-2.4mdv2008.1.x86_64.rpm
7c3531beccdeba86834ab34353b0b63a 2008.1/SRPMS/python-2.5.2-2.4mdv2008.1.src.rpm
Mandriva Linux 2009.0:
41a6ff3352ec97287c6ab70e3bb8d2d7 2009.0/i586/libpython2.5-2.5.2-5.3mdv2009.0.i586.rpm
98a906e1203d5b5ca68c45880ed50792 2009.0/i586/libpython2.5-devel-2.5.2-5.3mdv2009.0.i586.rpm
79c828581618bd5595357ee6ff11eb46 2009.0/i586/python-2.5.2-5.3mdv2009.0.i586.rpm
ecec77d205b6cb0b573f480cf2ecf416 2009.0/i586/python-base-2.5.2-5.3mdv2009.0.i586.rpm
d7e0cba3770581d0ac3a553c85587f74 2009.0/i586/python-docs-2.5.2-5.3mdv2009.0.i586.rpm
39a114e0cffa3e7606cee245c3daa83a 2009.0/i586/tkinter-2.5.2-5.3mdv2009.0.i586.rpm
cb9c6dccfda79b7928535f9530554145 2009.0/i586/tkinter-apps-2.5.2-5.3mdv2009.0.i586.rpm
838505a65e7170253df7dd2c6bb2ce29 2009.0/SRPMS/python-2.5.2-5.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
cef3bdd63b557ac45c7fc1caeb7f93fb 2009.0/x86_64/lib64python2.5-2.5.2-5.3mdv2009.0.x86_64.rpm
494082f968c548878504954486de0472 2009.0/x86_64/lib64python2.5-devel-2.5.2-5.3mdv2009.0.x86_64.rpm
53066eba413c19255bff2f96d09fd71b 2009.0/x86_64/python-2.5.2-5.3mdv2009.0.x86_64.rpm
4882e3b56af0ccff57d323b0e81a0c86 2009.0/x86_64/python-base-2.5.2-5.3mdv2009.0.x86_64.rpm
9589abe6325301c18e630da640696925 2009.0/x86_64/python-docs-2.5.2-5.3mdv2009.0.x86_64.rpm
8a34b93f61e1aedd03bd42e80936e702 2009.0/x86_64/tkinter-2.5.2-5.3mdv2009.0.x86_64.rpm
aa5f5b193674a3566d599c48dd3bf198 2009.0/x86_64/tkinter-apps-2.5.2-5.3mdv2009.0.x86_64.rpm
838505a65e7170253df7dd2c6bb2ce29 2009.0/SRPMS/python-2.5.2-5.3mdv2009.0.src.rpm
Mandriva Linux 2009.1:
698f1c4fe930e04180f90066303f208c 2009.1/i586/libpython2.6-2.6.1-6.1mdv2009.1.i586.rpm
95f44487a6858e974cf7a69e81c4da30 2009.1/i586/libpython2.6-devel-2.6.1-6.1mdv2009.1.i586.rpm
f274ff8d9c684f958c792060c7d40377 2009.1/i586/python-2.6.1-6.1mdv2009.1.i586.rpm
80699827f57799ce3aa889cc96f1e370 2009.1/i586/python-docs-2.6.1-6.1mdv2009.1.i586.rpm
5377a66c3d6bb6cec81be0e75ca71f77 2009.1/i586/tkinter-2.6.1-6.1mdv2009.1.i586.rpm
be48b1e249242a193a41fb6e1920b1dc 2009.1/i586/tkinter-apps-2.6.1-6.1mdv2009.1.i586.rpm
6b7c29642be5f8aa998fc4bd5f571f9e 2009.1/SRPMS/python-2.6.1-6.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
32ed19f4b67a2740dd78edffef5483ee 2009.1/x86_64/lib64python2.6-2.6.1-6.1mdv2009.1.x86_64.rpm
f313d28183f7c0d69c37d5beaddc4e48 2009.1/x86_64/lib64python2.6-devel-2.6.1-6.1mdv2009.1.x86_64.rpm
d066fecdbb264e9ba2534b7284724d75 2009.1/x86_64/python-2.6.1-6.1mdv2009.1.x86_64.rpm
9f08828ee1728ae00b1e356cc861b772 2009.1/x86_64/python-docs-2.6.1-6.1mdv2009.1.x86_64.rpm
833945b29fafdfd2dbab7495f101c5f7 2009.1/x86_64/tkinter-2.6.1-6.1mdv2009.1.x86_64.rpm
6f693f90697406427c09f8312ca2bd04 2009.1/x86_64/tkinter-apps-2.6.1-6.1mdv2009.1.x86_64.rpm
6b7c29642be5f8aa998fc4bd5f571f9e 2009.1/SRPMS/python-2.6.1-6.1mdv2009.1.src.rpm
Corporate 3.0:
91e05c8b6f93cb16180aa4a843e765c2 corporate/3.0/i586/libpython2.3-2.3.7-0.3.C30mdk.i586.rpm
d4ac68c7582712187691bc746ccbff3d corporate/3.0/i586/libpython2.3-devel-2.3.7-0.3.C30mdk.i586.rpm
0b5d65e56944135be61affe8005883d0 corporate/3.0/i586/python-2.3.7-0.3.C30mdk.i586.rpm
f75ff9f728b94997571a8d0d74a7ab21 corporate/3.0/i586/python-base-2.3.7-0.3.C30mdk.i586.rpm
a8d1dca0dc331ba20370693a40180b8a corporate/3.0/i586/python-docs-2.3.7-0.3.C30mdk.i586.rpm
da0d1cde85111104f754f2917c330d43 corporate/3.0/i586/tkinter-2.3.7-0.3.C30mdk.i586.rpm
2e721dd00daf3f183b0b2f08fda11d22 corporate/3.0/SRPMS/python-2.3.7-0.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
3cef00123723431a9b732de0d8f78d1d corporate/3.0/x86_64/lib64python2.3-2.3.7-0.3.C30mdk.x86_64.rpm
c8ae565114282532d176fdd6bbb57314 corporate/3.0/x86_64/lib64python2.3-devel-2.3.7-0.3.C30mdk.x86_64.rpm
9eef4396d6cf03ca83c1d5b7f7c9eeb3 corporate/3.0/x86_64/python-2.3.7-0.3.C30mdk.x86_64.rpm
ad4d0d1cced20b7fd37392f45f14500c corporate/3.0/x86_64/python-base-2.3.7-0.3.C30mdk.x86_64.rpm
6e62cd462a994074536e8aeb553696e2 corporate/3.0/x86_64/python-docs-2.3.7-0.3.C30mdk.x86_64.rpm
9861e393e4e17b014f7be8d6fac63a22 corporate/3.0/x86_64/tkinter-2.3.7-0.3.C30mdk.x86_64.rpm
2e721dd00daf3f183b0b2f08fda11d22 corporate/3.0/SRPMS/python-2.3.7-0.3.C30mdk.src.rpm
Corporate 4.0:
15bd9c5d9affc50459c8cd7f7ec1ee93 corporate/4.0/i586/libpython2.4-2.4.5-0.3.20060mlcs4.i586.rpm
0faa2120be98b8f31fd10d2a7175c91e corporate/4.0/i586/libpython2.4-devel-2.4.5-0.3.20060mlcs4.i586.rpm
2da3aeeb0e73febb0d92a41555a86a38 corporate/4.0/i586/python-2.4.5-0.3.20060mlcs4.i586.rpm
2c178dda7e62b4bf7a2f9970b11454ee corporate/4.0/i586/python-base-2.4.5-0.3.20060mlcs4.i586.rpm
2df404bd0b04f16860b1152cd00a52b2 corporate/4.0/i586/python-docs-2.4.5-0.3.20060mlcs4.i586.rpm
a095125a026ecaf9187c33a61aa50486 corporate/4.0/i586/tkinter-2.4.5-0.3.20060mlcs4.i586.rpm
86b2985d74be8c13e30372425bb3e549 corporate/4.0/SRPMS/python-2.4.5-0.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
0679e00d989009ec50021d94fc17e94b corporate/4.0/x86_64/lib64python2.4-2.4.5-0.3.20060mlcs4.x86_64.rpm
e31a1bc0d0d54e4cff074e168a18bc12 corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.3.20060mlcs4.x86_64.rpm
8bcdde1f348a729b287bc0046503b3ee corporate/4.0/x86_64/python-2.4.5-0.3.20060mlcs4.x86_64.rpm
5ba366f0cfd05b6c237fd54eafc36eb2 corporate/4.0/x86_64/python-base-2.4.5-0.3.20060mlcs4.x86_64.rpm
d2d906256924badff5042c8e37234130 corporate/4.0/x86_64/python-docs-2.4.5-0.3.20060mlcs4.x86_64.rpm
46b8d19e7b9538afb024e759de6c4dbb corporate/4.0/x86_64/tkinter-2.4.5-0.3.20060mlcs4.x86_64.rpm
86b2985d74be8c13e30372425bb3e549 corporate/4.0/SRPMS/python-2.4.5-0.3.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
6aeb5877fbf4d54183fbacda6ad9682e mes5/i586/libpython2.5-2.5.2-5.3mdvmes5.i586.rpm
1e9bfe0c30d17f3cf0607d44f9c92c16 mes5/i586/libpython2.5-devel-2.5.2-5.3mdvmes5.i586.rpm
c9418d922c8b2f5a8345cc4a392176a2 mes5/i586/python-2.5.2-5.3mdvmes5.i586.rpm
597d30dcf87da029d31a3e8f8c233c48 mes5/i586/python-base-2.5.2-5.3mdvmes5.i586.rpm
eedb70bf05cf65fdb630eb58e8e204bd mes5/i586/python-docs-2.5.2-5.3mdvmes5.i586.rpm
13ec4b95422075d9918301c33d436f77 mes5/i586/tkinter-2.5.2-5.3mdvmes5.i586.rpm
48593ff9af36df2463a7b93b734b8543 mes5/i586/tkinter-apps-2.5.2-5.3mdvmes5.i586.rpm
0330dea8c2ebbac05df306a559a73b21 mes5/SRPMS/python-2.5.2-5.3mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
4c0809b8bcf86cac61e822a81243b3b1 mes5/x86_64/lib64python2.5-2.5.2-5.3mdvmes5.x86_64.rpm
3927c5aab093995c5c6905823aa11788 mes5/x86_64/lib64python2.5-devel-2.5.2-5.3mdvmes5.x86_64.rpm
be5b5099bf96b950546aad1f7ecfc760 mes5/x86_64/python-2.5.2-5.3mdvmes5.x86_64.rpm
20e7190df22fef0732cbeb483153a263 mes5/x86_64/python-base-2.5.2-5.3mdvmes5.x86_64.rpm
eca0caa1153fee3826332d69e4c05d00 mes5/x86_64/python-docs-2.5.2-5.3mdvmes5.x86_64.rpm
0a4f9fdc713d24bc2507ac48b3db0a7b mes5/x86_64/tkinter-2.5.2-5.3mdvmes5.x86_64.rpm
04ca6bc6d763cf68d3e3705d8259172f mes5/x86_64/tkinter-apps-2.5.2-5.3mdvmes5.x86_64.rpm
0330dea8c2ebbac05df306a559a73b21 mes5/SRPMS/python-2.5.2-5.3mdvmes5.src.rpm
Multi Network Firewall 2.0:
1452617c693de8d4e955a0c5f743ce67 mnf/2.0/i586/libpython2.3-2.3.7-0.3.C30mdk.i586.rpm
07302c967d11fde4ffdbb6ff81b05b7c mnf/2.0/i586/libpython2.3-devel-2.3.7-0.3.C30mdk.i586.rpm
e5f65d271eb9e5793f57c407e2975e6c mnf/2.0/i586/python-2.3.7-0.3.C30mdk.i586.rpm
290432b9d3868acde4e90fa3fe4288f5 mnf/2.0/i586/python-base-2.3.7-0.3.C30mdk.i586.rpm
2d9797eda3b0eca2e6b92d28851fdc8f mnf/2.0/i586/python-docs-2.3.7-0.3.C30mdk.i586.rpm
690e1ebed6b23eb195dc2804249108dd mnf/2.0/i586/tkinter-2.3.7-0.3.C30mdk.i586.rpm
30bc1960b03bb97e3494a3466d878371 mnf/2.0/SRPMS/python-2.3.7-0.3.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKkWClmqjQ0CJFipgRArOMAKClykPz/75lQ1f8+wp1b7M+xUCTAgCg2GrW
7GlYAOU4/RM6do0tWhKZrmw=
=mj4E
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists