Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:163 ] python

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1218158738-11275-7980

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:163

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : python

Date : August 7, 2008

Affected: 2007.1, 2008.0, 2008.1

_______________________________________________________________________

 

Problem Description:

 

Multiple integer overflows in the imageop module in Python prior to

2.5.3 allowed context-dependent attackers to cause a denial of service

(crash) or possibly execute arbitrary code via crafted images that

trigger heap-based buffer overflows (CVE-2008-1679). This was due

to an incomplete fix for CVE-2007-4965.

 

David Remahl of Apple Product Security reported several integer

overflows in a number of core modules (CVE-2008-2315). He also

reported an integer overflow in the hashlib module on Python 2.5 that

lead to unreliable cryptographic digest results (CVE-2008-2316).

 

Justin Ferguson reported multiple buffer overflows in unicode string

processing that affected 32bit systems (CVE-2008-3142).

 

Multiple integer overflows were reported by the Google Security Team

that had been fixed in Python 2.5.2 (CVE-2008-3143).

 

Justin Ferguson reported a number of integer overflows and underflows

in the PyOS_vsnprintf() function, as well as an off-by-one error

when passing zero-length strings, that led to memory corruption

(CVE-2008-3144).

 

The updated packages have been patched to correct these issues.

As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have

been updated to version 2.5.2. Due to slight packaging changes on

Mandriva Linux 2007.1, a new package is available (tkinter-apps) that

contains binary files (such as /usr/bin/idle) that were previously

in the tkinter package.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2007.1:

3f7113a6a5d490df6f85e0c0cda33f7d 2007.1/i586/libpython2.5-2.5.2-2.2mdv2007.1.i586.rpm

e549b7461f58d893ff2551817753b957 2007.1/i586/libpython2.5-devel-2.5.2-2.2mdv2007.1.i586.rpm

63e6c2850a2dfae83143af927330bead 2007.1/i586/python-2.5.2-2.2mdv2007.1.i586.rpm

09abd3cca29e9fec2fe100cb9c3b76a0 2007.1/i586/python-base-2.5.2-2.2mdv2007.1.i586.rpm

7451141640a0dc4addedd0e233de7443 2007.1/i586/python-docs-2.5.2-2.2mdv2007.1.i586.rpm

eca0b6a144b5ec40371d894fd3f5529e 2007.1/i586/tkinter-2.5.2-2.2mdv2007.1.i586.rpm

119b4933f27a3b61da1d2c2903c452bb 2007.1/i586/tkinter-apps-2.5.2-2.2mdv2007.1.i586.rpm

c89404feb6ef4b19e66a3d3604fe0a60 2007.1/SRPMS/python-2.5.2-2.2mdv2007.1.src.rpm

 

Mandriva Linux 2007.1/X86_64:

fd913909f1168b57905b02bd61de5a61 2007.1/x86_64/lib64python2.5-2.5.2-2.2mdv2007.1.x86_64.rpm

95f373cdcefb6eda6e04e9be2b88d0a0 2007.1/x86_64/lib64python2.5-devel-2.5.2-2.2mdv2007.1.x86_64.rpm

f9e30868d33e7599bfe9e28e9eed9640 2007.1/x86_64/python-2.5.2-2.2mdv2007.1.x86_64.rpm

f4bb24e89d56e2809b9a2eaa5d55492b 2007.1/x86_64/python-base-2.5.2-2.2mdv2007.1.x86_64.rpm

8a5d0198ef4c70199de88ba6a269017d 2007.1/x86_64/python-docs-2.5.2-2.2mdv2007.1.x86_64.rpm

c7df1a1050d150998177b238955780d7 2007.1/x86_64/tkinter-2.5.2-2.2mdv2007.1.x86_64.rpm

07ebd022a054fe3f9635b190745dc9f7 2007.1/x86_64/tkinter-apps-2.5.2-2.2mdv2007.1.x86_64.rpm

c89404feb6ef4b19e66a3d3604fe0a60 2007.1/SRPMS/python-2.5.2-2.2mdv2007.1.src.rpm

 

Mandriva Linux 2008.0:

99f4eef4f5163f11f9067659c42f811b 2008.0/i586/libpython2.5-2.5.2-2.2mdv2008.0.i586.rpm

6f8409426cc9ed88bc8785ef4d07ed96 2008.0/i586/libpython2.5-devel-2.5.2-2.2mdv2008.0.i586.rpm

fcbf1b20aec5de9a5f7f96594976e542 2008.0/i586/python-2.5.2-2.2mdv2008.0.i586.rpm

e3efa64ed03f11d19785e46d66e623ea 2008.0/i586/python-base-2.5.2-2.2mdv2008.0.i586.rpm

35e89e01c2c563c4dcfd0744b34f5111 2008.0/i586/python-docs-2.5.2-2.2mdv2008.0.i586.rpm

54229dcb6cab48f55341b7b40978c67a 2008.0/i586/tkinter-2.5.2-2.2mdv2008.0.i586.rpm

0d0e64c81294dc857b3bffd20d07670d 2008.0/i586/tkinter-apps-2.5.2-2.2mdv2008.0.i586.rpm

185f9596bb1f04d6a5beadc6d2810c47 2008.0/SRPMS/python-2.5.2-2.2mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

9e64bc3895709a9979e627ecba57f5b9 2008.0/x86_64/lib64python2.5-2.5.2-2.2mdv2008.0.x86_64.rpm

cbe2920e5490565b997906339f4da2ea 2008.0/x86_64/lib64python2.5-devel-2.5.2-2.2mdv2008.0.x86_64.rpm

648d967823423618d5c6f2c5a65168b9 2008.0/x86_64/python-2.5.2-2.2mdv2008.0.x86_64.rpm

0f2f499ed3bc343d9ecaa5720f424b49 2008.0/x86_64/python-base-2.5.2-2.2mdv2008.0.x86_64.rpm

35688339d010308c5913811bcbb34766 2008.0/x86_64/python-docs-2.5.2-2.2mdv2008.0.x86_64.rpm

d54ab3f45ff8adad3094c215434f2f67 2008.0/x86_64/tkinter-2.5.2-2.2mdv2008.0.x86_64.rpm

83c24eab63935f9a1a7c5243de0b0561 2008.0/x86_64/tkinter-apps-2.5.2-2.2mdv2008.0.x86_64.rpm

185f9596bb1f04d6a5beadc6d2810c47 2008.0/SRPMS/python-2.5.2-2.2mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

210e4d43dd8f86fad41940826c8d37ca 2008.1/i586/libpython2.5-2.5.2-2.2mdv2008.1.i586.rpm

555f12cf8dcb4200feac0faf0a75eb43 2008.1/i586/libpython2.5-devel-2.5.2-2.2mdv2008.1.i586.rpm

2ba6a7df13618057bcc8a9af3e67f102 2008.1/i586/python-2.5.2-2.2mdv2008.1.i586.rpm

2ab608650d4f4209442a573c77e3dc22 2008.1/i586/python-base-2.5.2-2.2mdv2008.1.i586.rpm

5ce8d1853d7a0cb460b9fc999eb2d39c 2008.1/i586/python-docs-2.5.2-2.2mdv2008.1.i586.rpm

b90c8279714770b6d8c1f2fbb64cc02b 2008.1/i586/tkinter-2.5.2-2.2mdv2008.1.i586.rpm

dee30de58133025857e3234c7b127488 2008.1/i586/tkinter-apps-2.5.2-2.2mdv2008.1.i586.rpm

201dd1a84310d932a9af8f71adecba52 2008.1/SRPMS/python-2.5.2-2.2mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

1ee0a473977bbbbadb468aff7b687f98 2008.1/x86_64/lib64python2.5-2.5.2-2.2mdv2008.1.x86_64.rpm

3239b7f40e43014dd4ab804ffd6bd41b 2008.1/x86_64/lib64python2.5-devel-2.5.2-2.2mdv2008.1.x86_64.rpm

15dd487627ed7aec1c865a168e231dac 2008.1/x86_64/python-2.5.2-2.2mdv2008.1.x86_64.rpm

a967cd7ef1a7359702bde99e6fb3ad62 2008.1/x86_64/python-base-2.5.2-2.2mdv2008.1.x86_64.rpm

0738899657e59356e83dedbd5af7057d 2008.1/x86_64/python-docs-2.5.2-2.2mdv2008.1.x86_64.rpm

cc5fa54fcc28a977ee5172ede0059e47 2008.1/x86_64/tkinter-2.5.2-2.2mdv2008.1.x86_64.rpm

3fbb51d424beb86daaa3c55907069c86 2008.1/x86_64/tkinter-apps-2.5.2-2.2mdv2008.1.x86_64.rpm

201dd1a84310d932a9af8f71adecba52 2008.1/SRPMS/python-2.5.2-2.2mdv2008.1.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFIm3M8mqjQ0CJFipgRAuzeAKD0+Cp/pPYbpmZ7LDOp4lwbrbR1oACgtVRI

kzgNPYafPfQCZMGkyqFN8b4=

=lFBZ

-----END PGP SIGNATURE-----

 

 

------------=_1218158738-11275-7980

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1218158738-11275-7980--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×