news 28 Posted February 12, 2009 This is a multi-part message in MIME format... ------------=_1234461625-6173-499 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:036 http://www.mandriva.com/security/ _______________________________________________________________________ Package : python Date : February 12, 2009 Affected: Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. (CVE-2008-4864) Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031) The updated Python packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 _______________________________________________________________________ Updated Packages: Corporate 3.0: c9668bc25f1306f610bfdfc94b4b944c corporate/3.0/i586/libpython2.3-2.3.7-0.2.C30mdk.i586.rpm f2720b0908488c72a4591c89a5d6be6e corporate/3.0/i586/libpython2.3-devel-2.3.7-0.2.C30mdk.i586.rpm 261fbcfe8cd18a217845051c7c2fdd75 corporate/3.0/i586/python-2.3.7-0.2.C30mdk.i586.rpm 1df9dfe4bacd9982da477f84daf4179e corporate/3.0/i586/python-base-2.3.7-0.2.C30mdk.i586.rpm c848a40db3729c5d730409cc8b53ede2 corporate/3.0/i586/python-docs-2.3.7-0.2.C30mdk.i586.rpm a6844df32103497417ed829693fb60f5 corporate/3.0/i586/tkinter-2.3.7-0.2.C30mdk.i586.rpm c5f2ad7e5986ab7232658b40e8dea295 corporate/3.0/SRPMS/python-2.3.7-0.2.C30mdk.src.rpm Corporate 3.0/X86_64: 0969a75152e437953cae2c309697536c corporate/3.0/x86_64/lib64python2.3-2.3.7-0.2.C30mdk.x86_64.rpm e297c080c4ab2cd7c5f536a5cda758b2 corporate/3.0/x86_64/lib64python2.3-devel-2.3.7-0.2.C30mdk.x86_64.rpm d6ddee2f8c6bbe82acb7d5fdaaa75913 corporate/3.0/x86_64/python-2.3.7-0.2.C30mdk.x86_64.rpm 1556e502527f22fad6771d95b288b9cc corporate/3.0/x86_64/python-base-2.3.7-0.2.C30mdk.x86_64.rpm acdefbc7a2ed2dd31b6569002e4253e3 corporate/3.0/x86_64/python-docs-2.3.7-0.2.C30mdk.x86_64.rpm 49fd4e84a697d91c64ac5d91b63bf43c corporate/3.0/x86_64/tkinter-2.3.7-0.2.C30mdk.x86_64.rpm c5f2ad7e5986ab7232658b40e8dea295 corporate/3.0/SRPMS/python-2.3.7-0.2.C30mdk.src.rpm Multi Network Firewall 2.0: cabb486b4f3c24c9fea9920db0576137 mnf/2.0/i586/libpython2.3-2.3.7-0.2.M20mdk.i586.rpm 60b4f62da866083a1c37ad42d532171b mnf/2.0/i586/libpython2.3-devel-2.3.7-0.2.M20mdk.i586.rpm b5a2dc2a80a304b2095549b1d0c7c4c8 mnf/2.0/i586/python-2.3.7-0.2.M20mdk.i586.rpm 5964fa32ade61fc6d217481252e75d92 mnf/2.0/i586/python-base-2.3.7-0.2.M20mdk.i586.rpm f8eb4c23e80dc5ee7cf4abdacc0d01cc mnf/2.0/i586/python-docs-2.3.7-0.2.M20mdk.i586.rpm 8ca87fc328dd2d3c4f21edc5f244e1cc mnf/2.0/i586/tkinter-2.3.7-0.2.M20mdk.i586.rpm 6bdfd7584a2e4094ce39424311368ce8 mnf/2.0/SRPMS/python-2.3.7-0.2.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJlDhYmqjQ0CJFipgRAjxAAJ9Ki28TLWrWrI/6ftj5bLVtNe4MsgCgoH19 A65A1tocyMcWLZBUV61a0KU= =UwnZ -----END PGP SIGNATURE----- ------------=_1234461625-6173-499 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________ ------------=_1234461625-6173-499-- Share this post Link to post