Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2009:003 ] python

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1231550114-14940-7265

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:003

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : python

Date : January 9, 2009

Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0

_______________________________________________________________________

 

Problem Description:

 

Multiple integer overflows in imageop.c in the imageop module in

Python 1.5.2 through 2.5.1 allow context-dependent attackers to

break out of the Python VM and execute arbitrary code via large

integer values in certain arguments to the crop function, leading to

a buffer overflow, a different vulnerability than CVE-2007-4965 and

CVE-2008-1679. (CVE-2008-4864)

 

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,

allow context-dependent attackers to have an unknown impact via

a large integer value in the tabsize argument to the expandtabs

method, as implemented by (1) the string_expandtabs function in

Objects/stringobject.c and (2) the unicode_expandtabs function in

Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists

because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)

 

The updated Python packages have been patched to correct these issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

99e168ac1b7ae4bd0d340c2aac462e19 2008.0/i586/libpython2.5-2.5.2-2.3mdv2008.0.i586.rpm

8ddb89d22f9456e52758bdfc060cede1 2008.0/i586/libpython2.5-devel-2.5.2-2.3mdv2008.0.i586.rpm

c5b19e98a095f6000d5adc2009246ebb 2008.0/i586/python-2.5.2-2.3mdv2008.0.i586.rpm

4ce7cec71582068f7d5a00e1b53d9b2d 2008.0/i586/python-base-2.5.2-2.3mdv2008.0.i586.rpm

ad15a443a4f832e44864a83c2a6d6e4c 2008.0/i586/python-docs-2.5.2-2.3mdv2008.0.i586.rpm

1983242f6100f957af9d264de98119ec 2008.0/i586/tkinter-2.5.2-2.3mdv2008.0.i586.rpm

e99d03ebb07f9e6fc47f8619ea8cb832 2008.0/i586/tkinter-apps-2.5.2-2.3mdv2008.0.i586.rpm

2f8ff50c56f46c191b63878f11f7f606 2008.0/SRPMS/python-2.5.2-2.3mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

7b80a39d64b3a62eabd72cd63df8f2b4 2008.0/x86_64/lib64python2.5-2.5.2-2.3mdv2008.0.x86_64.rpm

bcb2d996aa22e004a8d1c142a62b852f 2008.0/x86_64/lib64python2.5-devel-2.5.2-2.3mdv2008.0.x86_64.rpm

75b8005ecb4df3d51da30a308ff7864b 2008.0/x86_64/python-2.5.2-2.3mdv2008.0.x86_64.rpm

1ee083182c06c5661a2d49e378fe314a 2008.0/x86_64/python-base-2.5.2-2.3mdv2008.0.x86_64.rpm

71659dba30fb79c8890992ff77cfae08 2008.0/x86_64/python-docs-2.5.2-2.3mdv2008.0.x86_64.rpm

f03df81a9505fc5480f717267eb4f59c 2008.0/x86_64/tkinter-2.5.2-2.3mdv2008.0.x86_64.rpm

8bbf6f28976deb9dc9c1651f4179bf3c 2008.0/x86_64/tkinter-apps-2.5.2-2.3mdv2008.0.x86_64.rpm

2f8ff50c56f46c191b63878f11f7f606 2008.0/SRPMS/python-2.5.2-2.3mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

40768be47280f91652106cae7d52bac3 2008.1/i586/libpython2.5-2.5.2-2.3mdv2008.1.i586.rpm

f740a094492e495a7058324c9d7fe5c0 2008.1/i586/libpython2.5-devel-2.5.2-2.3mdv2008.1.i586.rpm

8a3a54d6633b1067a303266551fbf11c 2008.1/i586/python-2.5.2-2.3mdv2008.1.i586.rpm

6ec33343842298ff0e8719cb69d8d8dd 2008.1/i586/python-base-2.5.2-2.3mdv2008.1.i586.rpm

6cf93281ad513c769a27e1a0aed24d89 2008.1/i586/python-docs-2.5.2-2.3mdv2008.1.i586.rpm

13b6d462c97fae761f889a9ef1f00445 2008.1/i586/tkinter-2.5.2-2.3mdv2008.1.i586.rpm

7503eb04531c6705d544a029575d5ba1 2008.1/i586/tkinter-apps-2.5.2-2.3mdv2008.1.i586.rpm

befe989985d13d16f6f23b9c44300010 2008.1/SRPMS/python-2.5.2-2.3mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

51bf8e6e9cfe26fc06540fb2e9c89a97 2008.1/x86_64/lib64python2.5-2.5.2-2.3mdv2008.1.x86_64.rpm

bdf744158bd3d0e856d34341db8f9766 2008.1/x86_64/lib64python2.5-devel-2.5.2-2.3mdv2008.1.x86_64.rpm

2e48265c3457815f1d8079bbbf289415 2008.1/x86_64/python-2.5.2-2.3mdv2008.1.x86_64.rpm

c6b77afb3b6f1263602d1ddcbb010582 2008.1/x86_64/python-base-2.5.2-2.3mdv2008.1.x86_64.rpm

d771f65c3c683e15688e243d7f6b5b31 2008.1/x86_64/python-docs-2.5.2-2.3mdv2008.1.x86_64.rpm

d392466b1043ed47431e26780402a923 2008.1/x86_64/tkinter-2.5.2-2.3mdv2008.1.x86_64.rpm

0c333970463f34e01192f50025e5418a 2008.1/x86_64/tkinter-apps-2.5.2-2.3mdv2008.1.x86_64.rpm

befe989985d13d16f6f23b9c44300010 2008.1/SRPMS/python-2.5.2-2.3mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

51130cd5a5075d3ba29c3b65393950fe 2009.0/i586/libpython2.5-2.5.2-5.2mdv2009.0.i586.rpm

e9a3c47de92e69dc45ee78ec09fdcdf7 2009.0/i586/libpython2.5-devel-2.5.2-5.2mdv2009.0.i586.rpm

1512cc21647372972d62143538110f0b 2009.0/i586/python-2.5.2-5.2mdv2009.0.i586.rpm

1ee69545d6e690add84393551b3008fb 2009.0/i586/python-base-2.5.2-5.2mdv2009.0.i586.rpm

4c2cf514d3bb03dc5690341ef8b57345 2009.0/i586/python-docs-2.5.2-5.2mdv2009.0.i586.rpm

7f3d125f0c601fbc650441e9d3d84660 2009.0/i586/tkinter-2.5.2-5.2mdv2009.0.i586.rpm

a5de9edf44334b6bd10914b29875b79d 2009.0/i586/tkinter-apps-2.5.2-5.2mdv2009.0.i586.rpm

a693a961c64a55661ff434db34514e54 2009.0/SRPMS/python-2.5.2-5.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

6c08e75992d0dbcc0588486ba110b7d0 2009.0/x86_64/lib64python2.5-2.5.2-5.2mdv2009.0.x86_64.rpm

14b108a893efbe023251b153d1e82510 2009.0/x86_64/lib64python2.5-devel-2.5.2-5.2mdv2009.0.x86_64.rpm

993aae03321911db6a6658b1d9c59770 2009.0/x86_64/python-2.5.2-5.2mdv2009.0.x86_64.rpm

2b7c1156968c717a439bc0f09cae6377 2009.0/x86_64/python-base-2.5.2-5.2mdv2009.0.x86_64.rpm

0d3827f4b2abd8d8708374a10f3d6a29 2009.0/x86_64/python-docs-2.5.2-5.2mdv2009.0.x86_64.rpm

850ba6348ca56583ac9d9cdcfe363cf9 2009.0/x86_64/tkinter-2.5.2-5.2mdv2009.0.x86_64.rpm

36bd4ed23029a5c85846306722c5c539 2009.0/x86_64/tkinter-apps-2.5.2-5.2mdv2009.0.x86_64.rpm

a693a961c64a55661ff434db34514e54 2009.0/SRPMS/python-2.5.2-5.2mdv2009.0.src.rpm

 

Corporate 4.0:

d1aaa4775604a3de987ea812484cbbe4 corporate/4.0/i586/libpython2.4-2.4.5-0.2.20060mlcs4.i586.rpm

044319e405c74c74ada649911fea096b corporate/4.0/i586/libpython2.4-devel-2.4.5-0.2.20060mlcs4.i586.rpm

70a92760d7ee37150357fd5eed43d0cd corporate/4.0/i586/python-2.4.5-0.2.20060mlcs4.i586.rpm

dd69e4feb812394c47140b42ec319dad corporate/4.0/i586/python-base-2.4.5-0.2.20060mlcs4.i586.rpm

40137c85bd8f45948823be862da2c224 corporate/4.0/i586/python-docs-2.4.5-0.2.20060mlcs4.i586.rpm

2f226b42cb832b2c9860f18528a71936 corporate/4.0/i586/tkinter-2.4.5-0.2.20060mlcs4.i586.rpm

83a6e83bb1b31cb4b5a43628e6a762d4 corporate/4.0/SRPMS/python-2.4.5-0.2.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

496d164ca85142afa629e3ea374810d2 corporate/4.0/x86_64/lib64python2.4-2.4.5-0.2.20060mlcs4.x86_64.rpm

0ee91a3adf261607b8df677d98b45704 corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.2.20060mlcs4.x86_64.rpm

05be6f567bd0ae454878fbc91950d5e0 corporate/4.0/x86_64/python-2.4.5-0.2.20060mlcs4.x86_64.rpm

5fcaa1f9cc19b6c7a69422fee87081cb corporate/4.0/x86_64/python-base-2.4.5-0.2.20060mlcs4.x86_64.rpm

e449b5dc09573a81c2d46305c0dcc641 corporate/4.0/x86_64/python-docs-2.4.5-0.2.20060mlcs4.x86_64.rpm

7e41ff74e33e237c319c36d7de726f3c corporate/4.0/x86_64/tkinter-2.4.5-0.2.20060mlcs4.x86_64.rpm

83a6e83bb1b31cb4b5a43628e6a762d4 corporate/4.0/SRPMS/python-2.4.5-0.2.20060mlcs4.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJZ8kcmqjQ0CJFipgRAid1AJ4r2XGu3/mwmj94DeibPLPf3SLhcQCeLATO

i4D9EZtmJCdN/0XK3eWOBnc=

=iXWH

-----END PGP SIGNATURE-----

 

 

------------=_1231550114-14940-7265

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1231550114-14940-7265--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×