lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OZ60z-0008Os-Ja@titan.mandriva.com>
Date: Wed, 14 Jul 2010 19:45:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:132 ] python


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:132
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : python
 Date    : July 14, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in python:
 
 Multiple integer overflows in audioop.c in the audioop module in
 Ptthon allow context-dependent attackers to cause a denial of service
 (application crash) via a large fragment, as demonstrated by a call
 to audioop.lin2lin with a long string in the first argument, leading
 to a buffer overflow.  NOTE: this vulnerability exists because of an
 incorrect fix for CVE-2008-3143.5 (CVE-2010-1634).
 
 The audioop module in Python does not verify the relationships between
 size arguments and byte string lengths, which allows context-dependent
 attackers to cause a denial of service (memory corruption and
 application crash) via crafted arguments, as demonstrated by a call
 to audioop.reverse with a one-byte string, a different vulnerability
 than CVE-2010-1634 (CVE-2010-2089).
 
 Packages for 2008.0 and 2009.0 are provided as of the Extended
 Maintenance Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 4f913679ea6f154f0d7c84c8bafd3fe3  2008.0/i586/libpython2.5-2.5.2-2.7mdv2008.0.i586.rpm
 dfab01f9210fa284ad3b4dd271bfb3dd  2008.0/i586/libpython2.5-devel-2.5.2-2.7mdv2008.0.i586.rpm
 b6245a9dc5423d14ba96f4f388dd0fe6  2008.0/i586/python-2.5.2-2.7mdv2008.0.i586.rpm
 15c39b51c66cc78aec157eaed0267a7b  2008.0/i586/python-base-2.5.2-2.7mdv2008.0.i586.rpm
 e38a9894712bf82a8dcc1eee1265592c  2008.0/i586/python-docs-2.5.2-2.7mdv2008.0.i586.rpm
 2f2100e6dd35a4aef8e503394a723e81  2008.0/i586/tkinter-2.5.2-2.7mdv2008.0.i586.rpm
 29b96d4b84a7241fc78f55671f1a33f0  2008.0/i586/tkinter-apps-2.5.2-2.7mdv2008.0.i586.rpm 
 211a673f3cd2e1b7d153d6f40291ad86  2008.0/SRPMS/python-2.5.2-2.7mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 5f9e4e0e27dfa80a7fa2bf62998edf25  2008.0/x86_64/lib64python2.5-2.5.2-2.7mdv2008.0.x86_64.rpm
 36bfe236a350a8e9a0e2657eefadd299  2008.0/x86_64/lib64python2.5-devel-2.5.2-2.7mdv2008.0.x86_64.rpm
 c03cc44dac5ecdf49d7bf2ca5ad5477a  2008.0/x86_64/python-2.5.2-2.7mdv2008.0.x86_64.rpm
 1965d6962b5cfe7349f4369bceda2ce4  2008.0/x86_64/python-base-2.5.2-2.7mdv2008.0.x86_64.rpm
 e13c770d7ddcc045251733d69865a3ae  2008.0/x86_64/python-docs-2.5.2-2.7mdv2008.0.x86_64.rpm
 cff8d5ef80f29b2f9e32e171420ede11  2008.0/x86_64/tkinter-2.5.2-2.7mdv2008.0.x86_64.rpm
 e8d3db4327d427c9451bf604e5cd1bb7  2008.0/x86_64/tkinter-apps-2.5.2-2.7mdv2008.0.x86_64.rpm 
 211a673f3cd2e1b7d153d6f40291ad86  2008.0/SRPMS/python-2.5.2-2.7mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 598630ce234cff98465351b4af90d664  2009.0/i586/libpython2.5-2.5.2-5.6mdv2009.0.i586.rpm
 44a691ffb51a47dd653fbf03d5a9be00  2009.0/i586/libpython2.5-devel-2.5.2-5.6mdv2009.0.i586.rpm
 ea55908df10ad9e82a5d361612bcbca7  2009.0/i586/python-2.5.2-5.6mdv2009.0.i586.rpm
 cb25c56f6f68e0bb036cd1be0360595d  2009.0/i586/python-base-2.5.2-5.6mdv2009.0.i586.rpm
 0161f8c43b4fbf019ef24a72760d3113  2009.0/i586/python-docs-2.5.2-5.6mdv2009.0.i586.rpm
 987651d11ca710910a89e52330873187  2009.0/i586/tkinter-2.5.2-5.6mdv2009.0.i586.rpm
 a73ba0fa7adcb1ebe2806335e575e8b2  2009.0/i586/tkinter-apps-2.5.2-5.6mdv2009.0.i586.rpm 
 a6602a71f4573ecb82951a861165fee8  2009.0/SRPMS/python-2.5.2-5.6mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 f22f06db4cc4e8f431aadeaa552f0891  2009.0/x86_64/lib64python2.5-2.5.2-5.6mdv2009.0.x86_64.rpm
 a15984e4b2e6821789ba36760aa08a79  2009.0/x86_64/lib64python2.5-devel-2.5.2-5.6mdv2009.0.x86_64.rpm
 329f34c1eb9cbf68805edcbb0efda8a2  2009.0/x86_64/python-2.5.2-5.6mdv2009.0.x86_64.rpm
 5404e1caa073784bbcb6aab8dff592bf  2009.0/x86_64/python-base-2.5.2-5.6mdv2009.0.x86_64.rpm
 59e2bbd0517468929db90ad4e9448dc7  2009.0/x86_64/python-docs-2.5.2-5.6mdv2009.0.x86_64.rpm
 b9821ba18b02ad9ae3b5831ac4893fee  2009.0/x86_64/tkinter-2.5.2-5.6mdv2009.0.x86_64.rpm
 3593d6bdf3fbc698301edee3d0906e58  2009.0/x86_64/tkinter-apps-2.5.2-5.6mdv2009.0.x86_64.rpm 
 a6602a71f4573ecb82951a861165fee8  2009.0/SRPMS/python-2.5.2-5.6mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 3404f9ddf0f432a2ba81e78ce0408fd8  2009.1/i586/libpython2.6-2.6.1-6.4mdv2009.1.i586.rpm
 1642bfa7d7c8c2979f80491cd592447b  2009.1/i586/libpython2.6-devel-2.6.1-6.4mdv2009.1.i586.rpm
 e32c4080ae403710eb91bf8508430ecb  2009.1/i586/python-2.6.1-6.4mdv2009.1.i586.rpm
 f8221639b02160a28dc7c96d48050195  2009.1/i586/python-docs-2.6.1-6.4mdv2009.1.i586.rpm
 d1488967010eb649113916a3eef85213  2009.1/i586/tkinter-2.6.1-6.4mdv2009.1.i586.rpm
 c6c3a71a9efa1b8f010027a6d1418fa6  2009.1/i586/tkinter-apps-2.6.1-6.4mdv2009.1.i586.rpm 
 08fb9cd480e9a5ffa2efe603c17b0e71  2009.1/SRPMS/python-2.6.1-6.4mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 363de5386b3df783c2d599295b6c9fd9  2009.1/x86_64/lib64python2.6-2.6.1-6.4mdv2009.1.x86_64.rpm
 f09af1e423ba5755b7b0b524d0a4fada  2009.1/x86_64/lib64python2.6-devel-2.6.1-6.4mdv2009.1.x86_64.rpm
 ce6deed593b82a1b973de15001f79362  2009.1/x86_64/python-2.6.1-6.4mdv2009.1.x86_64.rpm
 a58bbe02634432f582b8b433287863e5  2009.1/x86_64/python-docs-2.6.1-6.4mdv2009.1.x86_64.rpm
 35868acab80516ebb52b08feeff616bb  2009.1/x86_64/tkinter-2.6.1-6.4mdv2009.1.x86_64.rpm
 ccb5413b65fd391a8d0fa553ec28b513  2009.1/x86_64/tkinter-apps-2.6.1-6.4mdv2009.1.x86_64.rpm 
 08fb9cd480e9a5ffa2efe603c17b0e71  2009.1/SRPMS/python-2.6.1-6.4mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 5f0ff97a0a93f7dd724156b4c75a189f  2010.0/i586/libpython2.6-2.6.4-1.3mdv2010.0.i586.rpm
 ed6881e0fbf01066dfd29ce5b415931c  2010.0/i586/libpython2.6-devel-2.6.4-1.3mdv2010.0.i586.rpm
 3324fa6ce72997b71417b7425e3c8caf  2010.0/i586/python-2.6.4-1.3mdv2010.0.i586.rpm
 6d842db0d14e29b1c007b99b78926e5d  2010.0/i586/python-docs-2.6.4-1.3mdv2010.0.i586.rpm
 bd34f1e94486390acff010381d08da03  2010.0/i586/tkinter-2.6.4-1.3mdv2010.0.i586.rpm
 02521a044b36eb44ef9854f38b83364a  2010.0/i586/tkinter-apps-2.6.4-1.3mdv2010.0.i586.rpm 
 b8341a9e215e7986ff904d7fdf74804c  2010.0/SRPMS/python-2.6.4-1.3mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 213ec645079b9cf5e32898fcbfc28fad  2010.0/x86_64/lib64python2.6-2.6.4-1.3mdv2010.0.x86_64.rpm
 37b43ce708c77e503c1f93b26a168605  2010.0/x86_64/lib64python2.6-devel-2.6.4-1.3mdv2010.0.x86_64.rpm
 9a3a70fe1762ee70dbc8262ee662c39b  2010.0/x86_64/python-2.6.4-1.3mdv2010.0.x86_64.rpm
 ded2b20c7d903a2294425222d5e9ca62  2010.0/x86_64/python-docs-2.6.4-1.3mdv2010.0.x86_64.rpm
 0be4dcaea55b6c0b7e6876d62ec7e7b6  2010.0/x86_64/tkinter-2.6.4-1.3mdv2010.0.x86_64.rpm
 cee4059bb748ee05150955eb4e2167f6  2010.0/x86_64/tkinter-apps-2.6.4-1.3mdv2010.0.x86_64.rpm 
 b8341a9e215e7986ff904d7fdf74804c  2010.0/SRPMS/python-2.6.4-1.3mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 77685502f90b113db3ba22822b3cf9fc  2010.1/i586/libpython2.6-2.6.5-2.1mdv2010.1.i586.rpm
 bf9e3d224cf0059ec9344b034ec077af  2010.1/i586/libpython2.6-devel-2.6.5-2.1mdv2010.1.i586.rpm
 5d7158a82859935be01a4be3d9ab13d8  2010.1/i586/python-2.6.5-2.1mdv2010.1.i586.rpm
 b6a754e44856a2f3cef1c27cda7607d6  2010.1/i586/python-docs-2.6.5-2.1mdv2010.1.i586.rpm
 0f4fa85de1e74e999e32231d09a9a8f2  2010.1/i586/tkinter-2.6.5-2.1mdv2010.1.i586.rpm
 dca56ed98ff41e72884d1f0d06d77f40  2010.1/i586/tkinter-apps-2.6.5-2.1mdv2010.1.i586.rpm 
 107556cf0daafd475511abb2b598b7e3  2010.1/SRPMS/python-2.6.5-2.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 14bcbf073fc47d3a423c6fefe15b5939  2010.1/x86_64/lib64python2.6-2.6.5-2.1mdv2010.1.x86_64.rpm
 9acea2705dc72a6ad717fbcd961db368  2010.1/x86_64/lib64python2.6-devel-2.6.5-2.1mdv2010.1.x86_64.rpm
 3e2047db297a58cef19bd3a22bab1953  2010.1/x86_64/python-2.6.5-2.1mdv2010.1.x86_64.rpm
 618c9b3e812d73ae236a409ce1453a89  2010.1/x86_64/python-docs-2.6.5-2.1mdv2010.1.x86_64.rpm
 8ad00fe7d002305ac26ff720ca3fc3ff  2010.1/x86_64/tkinter-2.6.5-2.1mdv2010.1.x86_64.rpm
 3a8fdef37c200ca7b74f7e263dbaf04b  2010.1/x86_64/tkinter-apps-2.6.5-2.1mdv2010.1.x86_64.rpm 
 107556cf0daafd475511abb2b598b7e3  2010.1/SRPMS/python-2.6.5-2.1mdv2010.1.src.rpm

 Corporate 4.0:
 24663decfe6c6ba75771371777834d6a  corporate/4.0/i586/libpython2.4-2.4.5-0.6.20060mlcs4.i586.rpm
 2d362036a85055bcae84aa30e320425b  corporate/4.0/i586/libpython2.4-devel-2.4.5-0.6.20060mlcs4.i586.rpm
 07a94afed3c78c4e071197ba7dba676b  corporate/4.0/i586/python-2.4.5-0.6.20060mlcs4.i586.rpm
 b46bc657628e0790dc68c0298d0fa8c2  corporate/4.0/i586/python-base-2.4.5-0.6.20060mlcs4.i586.rpm
 00fea68fc4a04885a56d4979dbcd4805  corporate/4.0/i586/python-docs-2.4.5-0.6.20060mlcs4.i586.rpm
 e7f1dd4a85e67c89d9053bbd5a0dcb1d  corporate/4.0/i586/tkinter-2.4.5-0.6.20060mlcs4.i586.rpm 
 2bd3365c9ce6ef9caf80b7824e5cdba2  corporate/4.0/SRPMS/python-2.4.5-0.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6a321e2d0675667c4a20ca9eef9e659f  corporate/4.0/x86_64/lib64python2.4-2.4.5-0.6.20060mlcs4.x86_64.rpm
 c4747b33200becebdf06b999233d2d85  corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.6.20060mlcs4.x86_64.rpm
 f0e7f6603385328327f62613820d09ad  corporate/4.0/x86_64/python-2.4.5-0.6.20060mlcs4.x86_64.rpm
 fab004a4528c0ea88257c28f68767232  corporate/4.0/x86_64/python-base-2.4.5-0.6.20060mlcs4.x86_64.rpm
 949f7e382bebc814c821d619abfd5d57  corporate/4.0/x86_64/python-docs-2.4.5-0.6.20060mlcs4.x86_64.rpm
 f61e8d55e2a2be3c0dc62903fce980d5  corporate/4.0/x86_64/tkinter-2.4.5-0.6.20060mlcs4.x86_64.rpm 
 2bd3365c9ce6ef9caf80b7824e5cdba2  corporate/4.0/SRPMS/python-2.4.5-0.6.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 28d975daaf5f623144e20493dd451745  mes5/i586/libpython2.5-2.5.2-5.7mdvmes5.1.i586.rpm
 2aff847d8b904ded1e3af26f2104959c  mes5/i586/libpython2.5-devel-2.5.2-5.7mdvmes5.1.i586.rpm
 7453da455746ae242478602e28f8ad54  mes5/i586/python-2.5.2-5.7mdvmes5.1.i586.rpm
 50ef79c0fe2a2ddb0768e9e42cd1a78d  mes5/i586/python-base-2.5.2-5.7mdvmes5.1.i586.rpm
 eaba93ba9f5a77fdcd23b199c81ecf10  mes5/i586/python-docs-2.5.2-5.7mdvmes5.1.i586.rpm
 6c0014be0c8647ac1c0ad4e6a5d48c92  mes5/i586/tkinter-2.5.2-5.7mdvmes5.1.i586.rpm
 78fe0ba52d451894a19be61b1b41a8f7  mes5/i586/tkinter-apps-2.5.2-5.7mdvmes5.1.i586.rpm 
 49d1708b056d60fb851ce89033d84224  mes5/SRPMS/python-2.5.2-5.7mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 ad5c6abd37cd342183f540370bbbb03b  mes5/x86_64/lib64python2.5-2.5.2-5.7mdvmes5.1.x86_64.rpm
 2722a15a452703ff5b5ef6d6542e56d3  mes5/x86_64/lib64python2.5-devel-2.5.2-5.7mdvmes5.1.x86_64.rpm
 2cac9f75b9cb85182e8a420329dfaccd  mes5/x86_64/python-2.5.2-5.7mdvmes5.1.x86_64.rpm
 e04fdf9d4f629dd51b3bb27e22e4a152  mes5/x86_64/python-base-2.5.2-5.7mdvmes5.1.x86_64.rpm
 77b9ee5a5be480ce55eccee414c0f4d5  mes5/x86_64/python-docs-2.5.2-5.7mdvmes5.1.x86_64.rpm
 8de9bb41acd3ed981b9b44dbf7d139a5  mes5/x86_64/tkinter-2.5.2-5.7mdvmes5.1.x86_64.rpm
 6d1a1b1173907b8602d7ca0ad71bc537  mes5/x86_64/tkinter-apps-2.5.2-5.7mdvmes5.1.x86_64.rpm 
 49d1708b056d60fb851ce89033d84224  mes5/SRPMS/python-2.5.2-5.7mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMPcWfmqjQ0CJFipgRAgC9AKCCg+mLAWCbtfXJCQPNEYsjz1BzogCg5B8+
nyO+UGRvVtbkbK42OCE47C4=
=DtKJ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ