Paketname
python
Datum
2008-08-07
Advisory ID
MDVSA-2008:164
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

Multiple integer overflows in the imageop module in Python prior to
2.5.3 allowed context-dependent attackers to cause a denial of service
(crash) or possibly execute arbitrary code via crafted images that
trigger heap-based buffer overflows (CVE-2008-1679). This was due
to an incomplete fix for CVE-2007-4965.

David Remahl of Apple Product Security reported several integer
overflows in a number of core modules (CVE-2008-2315).

Justin Ferguson reported multiple buffer overflows in unicode string
processing that affected 32bit systems (CVE-2008-3142).

Multiple integer overflows were reported by the Google Security Team
that had been fixed in Python 2.5.2 (CVE-2008-3143).

Justin Ferguson reported a number of integer overflows and underflows
in the PyOS_vsnprintf() function, as well as an off-by-one error
when passing zero-length strings, that led to memory corruption
(CVE-2008-3144).

The updated packages have been patched to correct these issues.
As well, Python packages on Corporate Server 4 have been updated to
the latest version 2.4.5.

Aktualisierte Pakete

CS4.0 x86_64

 540b5dbd4692ba0d2a9e3b17785f8ea2  corporate/4.0/x86_64/lib64python2.4-2.4.5-0.1.20060mlcs4.x86_64.rpm
 551b23b1225cd32f7e41c118c3ee4faa  corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.1.20060mlcs4.x86_64.rpm
 1f03aadf3fb3319212969c95e6a12fce  corporate/4.0/x86_64/python-2.4.5-0.1.20060mlcs4.x86_64.rpm
 143ee3746b47d8a2eaeab35f828885fb  corporate/4.0/x86_64/python-base-2.4.5-0.1.20060mlcs4.x86_64.rpm
 ce41c796e4fa6d40fe9f987a46613f24  corporate/4.0/x86_64/python-docs-2.4.5-0.1.20060mlcs4.x86_64.rpm
 a77cc847126150d324f4c6f594f3bfbe  corporate/4.0/x86_64/tkinter-2.4.5-0.1.20060mlcs4.x86_64.rpm 
 f0043982cc31ea43c0957b8eaf72cddf  corporate/4.0/SRPMS/python-2.4.5-0.1.20060mlcs4.src.rpm

CS4.0 i586

 900137924c889fa7d005ab3d895243c8  corporate/4.0/i586/libpython2.4-2.4.5-0.1.20060mlcs4.i586.rpm
 7c3de61878f0c0bac533f9a51c0dea81  corporate/4.0/i586/libpython2.4-devel-2.4.5-0.1.20060mlcs4.i586.rpm
 490ccd940ea503dca0a761d9bfacc5da  corporate/4.0/i586/python-2.4.5-0.1.20060mlcs4.i586.rpm
 a4617bf6d939be01e0f114c1906ea66c  corporate/4.0/i586/python-base-2.4.5-0.1.20060mlcs4.i586.rpm
 8445ef65b15c5dea104e05f9090664e1  corporate/4.0/i586/python-docs-2.4.5-0.1.20060mlcs4.i586.rpm
 c1d2948b33c23fe810e462b92667901b  corporate/4.0/i586/tkinter-2.4.5-0.1.20060mlcs4.i586.rpm 
 f0043982cc31ea43c0957b8eaf72cddf  corporate/4.0/SRPMS/python-2.4.5-0.1.20060mlcs4.src.rpm

Referenzen