lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MfHpJ-0004E2-Ew@titan.mandriva.com>
Date: Sun, 23 Aug 2009 20:30:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:212 ] python


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:212
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : python
 Date    : August 23, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Enterprise Server 5.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was found in xmltok_impl.c (expat) that with
 specially crafted XML could be exploited and lead to a denial of
 service attack. Related to CVE-2009-2625.
 
 This update fixes this vulnerability.
 _______________________________________________________________________

 References:

 https://bugs.gentoo.org/show_bug.cgi?id=280615
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 836ae8dca4ea5075570308601404f08b  2008.1/i586/libpython2.5-2.5.2-2.4mdv2008.1.i586.rpm
 c0d2f284c5186fbeffbec54c87c3b16e  2008.1/i586/libpython2.5-devel-2.5.2-2.4mdv2008.1.i586.rpm
 9dc6194d0725d98de504d43a6a6be8ee  2008.1/i586/python-2.5.2-2.4mdv2008.1.i586.rpm
 ff9365c549641ceb5220b95ed839c5a1  2008.1/i586/python-base-2.5.2-2.4mdv2008.1.i586.rpm
 eaa3f8eb68cb602d4844e49e243ca9cf  2008.1/i586/python-docs-2.5.2-2.4mdv2008.1.i586.rpm
 3111537c56613f5597c57a524ed1636b  2008.1/i586/tkinter-2.5.2-2.4mdv2008.1.i586.rpm
 c1ada1cf0e66f5108f43c72fb9955f72  2008.1/i586/tkinter-apps-2.5.2-2.4mdv2008.1.i586.rpm 
 7c3531beccdeba86834ab34353b0b63a  2008.1/SRPMS/python-2.5.2-2.4mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 5167564837a0738bbd75a291aff5f9ae  2008.1/x86_64/lib64python2.5-2.5.2-2.4mdv2008.1.x86_64.rpm
 39ad271ea137fd9fe5fb7ae6463cd5ed  2008.1/x86_64/lib64python2.5-devel-2.5.2-2.4mdv2008.1.x86_64.rpm
 8a3da29b65af4b47d7e6fd71b466b23a  2008.1/x86_64/python-2.5.2-2.4mdv2008.1.x86_64.rpm
 48bbff9fdaa65b079be904c4b0605235  2008.1/x86_64/python-base-2.5.2-2.4mdv2008.1.x86_64.rpm
 f0013decf0a71de2b9d170cffeb4aaf4  2008.1/x86_64/python-docs-2.5.2-2.4mdv2008.1.x86_64.rpm
 b6503232d22add8000aa5492304299f5  2008.1/x86_64/tkinter-2.5.2-2.4mdv2008.1.x86_64.rpm
 90bbc302ae26762062d3e8580765527e  2008.1/x86_64/tkinter-apps-2.5.2-2.4mdv2008.1.x86_64.rpm 
 7c3531beccdeba86834ab34353b0b63a  2008.1/SRPMS/python-2.5.2-2.4mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 41a6ff3352ec97287c6ab70e3bb8d2d7  2009.0/i586/libpython2.5-2.5.2-5.3mdv2009.0.i586.rpm
 98a906e1203d5b5ca68c45880ed50792  2009.0/i586/libpython2.5-devel-2.5.2-5.3mdv2009.0.i586.rpm
 79c828581618bd5595357ee6ff11eb46  2009.0/i586/python-2.5.2-5.3mdv2009.0.i586.rpm
 ecec77d205b6cb0b573f480cf2ecf416  2009.0/i586/python-base-2.5.2-5.3mdv2009.0.i586.rpm
 d7e0cba3770581d0ac3a553c85587f74  2009.0/i586/python-docs-2.5.2-5.3mdv2009.0.i586.rpm
 39a114e0cffa3e7606cee245c3daa83a  2009.0/i586/tkinter-2.5.2-5.3mdv2009.0.i586.rpm
 cb9c6dccfda79b7928535f9530554145  2009.0/i586/tkinter-apps-2.5.2-5.3mdv2009.0.i586.rpm 
 838505a65e7170253df7dd2c6bb2ce29  2009.0/SRPMS/python-2.5.2-5.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 cef3bdd63b557ac45c7fc1caeb7f93fb  2009.0/x86_64/lib64python2.5-2.5.2-5.3mdv2009.0.x86_64.rpm
 494082f968c548878504954486de0472  2009.0/x86_64/lib64python2.5-devel-2.5.2-5.3mdv2009.0.x86_64.rpm
 53066eba413c19255bff2f96d09fd71b  2009.0/x86_64/python-2.5.2-5.3mdv2009.0.x86_64.rpm
 4882e3b56af0ccff57d323b0e81a0c86  2009.0/x86_64/python-base-2.5.2-5.3mdv2009.0.x86_64.rpm
 9589abe6325301c18e630da640696925  2009.0/x86_64/python-docs-2.5.2-5.3mdv2009.0.x86_64.rpm
 8a34b93f61e1aedd03bd42e80936e702  2009.0/x86_64/tkinter-2.5.2-5.3mdv2009.0.x86_64.rpm
 aa5f5b193674a3566d599c48dd3bf198  2009.0/x86_64/tkinter-apps-2.5.2-5.3mdv2009.0.x86_64.rpm 
 838505a65e7170253df7dd2c6bb2ce29  2009.0/SRPMS/python-2.5.2-5.3mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 698f1c4fe930e04180f90066303f208c  2009.1/i586/libpython2.6-2.6.1-6.1mdv2009.1.i586.rpm
 95f44487a6858e974cf7a69e81c4da30  2009.1/i586/libpython2.6-devel-2.6.1-6.1mdv2009.1.i586.rpm
 f274ff8d9c684f958c792060c7d40377  2009.1/i586/python-2.6.1-6.1mdv2009.1.i586.rpm
 80699827f57799ce3aa889cc96f1e370  2009.1/i586/python-docs-2.6.1-6.1mdv2009.1.i586.rpm
 5377a66c3d6bb6cec81be0e75ca71f77  2009.1/i586/tkinter-2.6.1-6.1mdv2009.1.i586.rpm
 be48b1e249242a193a41fb6e1920b1dc  2009.1/i586/tkinter-apps-2.6.1-6.1mdv2009.1.i586.rpm 
 6b7c29642be5f8aa998fc4bd5f571f9e  2009.1/SRPMS/python-2.6.1-6.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 32ed19f4b67a2740dd78edffef5483ee  2009.1/x86_64/lib64python2.6-2.6.1-6.1mdv2009.1.x86_64.rpm
 f313d28183f7c0d69c37d5beaddc4e48  2009.1/x86_64/lib64python2.6-devel-2.6.1-6.1mdv2009.1.x86_64.rpm
 d066fecdbb264e9ba2534b7284724d75  2009.1/x86_64/python-2.6.1-6.1mdv2009.1.x86_64.rpm
 9f08828ee1728ae00b1e356cc861b772  2009.1/x86_64/python-docs-2.6.1-6.1mdv2009.1.x86_64.rpm
 833945b29fafdfd2dbab7495f101c5f7  2009.1/x86_64/tkinter-2.6.1-6.1mdv2009.1.x86_64.rpm
 6f693f90697406427c09f8312ca2bd04  2009.1/x86_64/tkinter-apps-2.6.1-6.1mdv2009.1.x86_64.rpm 
 6b7c29642be5f8aa998fc4bd5f571f9e  2009.1/SRPMS/python-2.6.1-6.1mdv2009.1.src.rpm

 Corporate 3.0:
 91e05c8b6f93cb16180aa4a843e765c2  corporate/3.0/i586/libpython2.3-2.3.7-0.3.C30mdk.i586.rpm
 d4ac68c7582712187691bc746ccbff3d  corporate/3.0/i586/libpython2.3-devel-2.3.7-0.3.C30mdk.i586.rpm
 0b5d65e56944135be61affe8005883d0  corporate/3.0/i586/python-2.3.7-0.3.C30mdk.i586.rpm
 f75ff9f728b94997571a8d0d74a7ab21  corporate/3.0/i586/python-base-2.3.7-0.3.C30mdk.i586.rpm
 a8d1dca0dc331ba20370693a40180b8a  corporate/3.0/i586/python-docs-2.3.7-0.3.C30mdk.i586.rpm
 da0d1cde85111104f754f2917c330d43  corporate/3.0/i586/tkinter-2.3.7-0.3.C30mdk.i586.rpm 
 2e721dd00daf3f183b0b2f08fda11d22  corporate/3.0/SRPMS/python-2.3.7-0.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3cef00123723431a9b732de0d8f78d1d  corporate/3.0/x86_64/lib64python2.3-2.3.7-0.3.C30mdk.x86_64.rpm
 c8ae565114282532d176fdd6bbb57314  corporate/3.0/x86_64/lib64python2.3-devel-2.3.7-0.3.C30mdk.x86_64.rpm
 9eef4396d6cf03ca83c1d5b7f7c9eeb3  corporate/3.0/x86_64/python-2.3.7-0.3.C30mdk.x86_64.rpm
 ad4d0d1cced20b7fd37392f45f14500c  corporate/3.0/x86_64/python-base-2.3.7-0.3.C30mdk.x86_64.rpm
 6e62cd462a994074536e8aeb553696e2  corporate/3.0/x86_64/python-docs-2.3.7-0.3.C30mdk.x86_64.rpm
 9861e393e4e17b014f7be8d6fac63a22  corporate/3.0/x86_64/tkinter-2.3.7-0.3.C30mdk.x86_64.rpm 
 2e721dd00daf3f183b0b2f08fda11d22  corporate/3.0/SRPMS/python-2.3.7-0.3.C30mdk.src.rpm

 Corporate 4.0:
 15bd9c5d9affc50459c8cd7f7ec1ee93  corporate/4.0/i586/libpython2.4-2.4.5-0.3.20060mlcs4.i586.rpm
 0faa2120be98b8f31fd10d2a7175c91e  corporate/4.0/i586/libpython2.4-devel-2.4.5-0.3.20060mlcs4.i586.rpm
 2da3aeeb0e73febb0d92a41555a86a38  corporate/4.0/i586/python-2.4.5-0.3.20060mlcs4.i586.rpm
 2c178dda7e62b4bf7a2f9970b11454ee  corporate/4.0/i586/python-base-2.4.5-0.3.20060mlcs4.i586.rpm
 2df404bd0b04f16860b1152cd00a52b2  corporate/4.0/i586/python-docs-2.4.5-0.3.20060mlcs4.i586.rpm
 a095125a026ecaf9187c33a61aa50486  corporate/4.0/i586/tkinter-2.4.5-0.3.20060mlcs4.i586.rpm 
 86b2985d74be8c13e30372425bb3e549  corporate/4.0/SRPMS/python-2.4.5-0.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0679e00d989009ec50021d94fc17e94b  corporate/4.0/x86_64/lib64python2.4-2.4.5-0.3.20060mlcs4.x86_64.rpm
 e31a1bc0d0d54e4cff074e168a18bc12  corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.3.20060mlcs4.x86_64.rpm
 8bcdde1f348a729b287bc0046503b3ee  corporate/4.0/x86_64/python-2.4.5-0.3.20060mlcs4.x86_64.rpm
 5ba366f0cfd05b6c237fd54eafc36eb2  corporate/4.0/x86_64/python-base-2.4.5-0.3.20060mlcs4.x86_64.rpm
 d2d906256924badff5042c8e37234130  corporate/4.0/x86_64/python-docs-2.4.5-0.3.20060mlcs4.x86_64.rpm
 46b8d19e7b9538afb024e759de6c4dbb  corporate/4.0/x86_64/tkinter-2.4.5-0.3.20060mlcs4.x86_64.rpm 
 86b2985d74be8c13e30372425bb3e549  corporate/4.0/SRPMS/python-2.4.5-0.3.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 6aeb5877fbf4d54183fbacda6ad9682e  mes5/i586/libpython2.5-2.5.2-5.3mdvmes5.i586.rpm
 1e9bfe0c30d17f3cf0607d44f9c92c16  mes5/i586/libpython2.5-devel-2.5.2-5.3mdvmes5.i586.rpm
 c9418d922c8b2f5a8345cc4a392176a2  mes5/i586/python-2.5.2-5.3mdvmes5.i586.rpm
 597d30dcf87da029d31a3e8f8c233c48  mes5/i586/python-base-2.5.2-5.3mdvmes5.i586.rpm
 eedb70bf05cf65fdb630eb58e8e204bd  mes5/i586/python-docs-2.5.2-5.3mdvmes5.i586.rpm
 13ec4b95422075d9918301c33d436f77  mes5/i586/tkinter-2.5.2-5.3mdvmes5.i586.rpm
 48593ff9af36df2463a7b93b734b8543  mes5/i586/tkinter-apps-2.5.2-5.3mdvmes5.i586.rpm 
 0330dea8c2ebbac05df306a559a73b21  mes5/SRPMS/python-2.5.2-5.3mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 4c0809b8bcf86cac61e822a81243b3b1  mes5/x86_64/lib64python2.5-2.5.2-5.3mdvmes5.x86_64.rpm
 3927c5aab093995c5c6905823aa11788  mes5/x86_64/lib64python2.5-devel-2.5.2-5.3mdvmes5.x86_64.rpm
 be5b5099bf96b950546aad1f7ecfc760  mes5/x86_64/python-2.5.2-5.3mdvmes5.x86_64.rpm
 20e7190df22fef0732cbeb483153a263  mes5/x86_64/python-base-2.5.2-5.3mdvmes5.x86_64.rpm
 eca0caa1153fee3826332d69e4c05d00  mes5/x86_64/python-docs-2.5.2-5.3mdvmes5.x86_64.rpm
 0a4f9fdc713d24bc2507ac48b3db0a7b  mes5/x86_64/tkinter-2.5.2-5.3mdvmes5.x86_64.rpm
 04ca6bc6d763cf68d3e3705d8259172f  mes5/x86_64/tkinter-apps-2.5.2-5.3mdvmes5.x86_64.rpm 
 0330dea8c2ebbac05df306a559a73b21  mes5/SRPMS/python-2.5.2-5.3mdvmes5.src.rpm

 Multi Network Firewall 2.0:
 1452617c693de8d4e955a0c5f743ce67  mnf/2.0/i586/libpython2.3-2.3.7-0.3.C30mdk.i586.rpm
 07302c967d11fde4ffdbb6ff81b05b7c  mnf/2.0/i586/libpython2.3-devel-2.3.7-0.3.C30mdk.i586.rpm
 e5f65d271eb9e5793f57c407e2975e6c  mnf/2.0/i586/python-2.3.7-0.3.C30mdk.i586.rpm
 290432b9d3868acde4e90fa3fe4288f5  mnf/2.0/i586/python-base-2.3.7-0.3.C30mdk.i586.rpm
 2d9797eda3b0eca2e6b92d28851fdc8f  mnf/2.0/i586/python-docs-2.3.7-0.3.C30mdk.i586.rpm
 690e1ebed6b23eb195dc2804249108dd  mnf/2.0/i586/tkinter-2.3.7-0.3.C30mdk.i586.rpm 
 30bc1960b03bb97e3494a3466d878371  mnf/2.0/SRPMS/python-2.3.7-0.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKkWClmqjQ0CJFipgRArOMAKClykPz/75lQ1f8+wp1b7M+xUCTAgCg2GrW
7GlYAOU4/RM6do0tWhKZrmw=
=mj4E
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ