MDVSA-2009:003

Package name

python

Date

2009-01-09

Advisory ID

MDVSA-2009:003

Affected versions

2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problem description

Multiple integer overflows in imageop.c in the imageop module in
Python 1.5.2 through 2.5.1 allow context-dependent attackers to
break out of the Python VM and execute arbitrary code via large
integer values in certain arguments to the crop function, leading to
a buffer overflow, a different vulnerability than CVE-2007-4965 and
CVE-2008-1679. (CVE-2008-4864)

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,
allow context-dependent attackers to have an unknown impact via
a large integer value in the tabsize argument to the expandtabs
method, as implemented by (1) the string_expandtabs function in
Objects/stringobject.c and (2) the unicode_expandtabs function in
Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists
because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)

The updated Python packages have been patched to correct these issues.

Updated packages

2009.0 x86_64

 249c3c16029878aee3d1caa472f5e4ac  2009.0/x86_64/lib64python2.5-2.5.2-5.2mdv2009.0.x86_64.rpm
 b4dd9a5a8dc045d14334d97c6a622b37  2009.0/x86_64/lib64python2.5-devel-2.5.2-5.2mdv2009.0.x86_64.rpm
 d2a63e5bb9bdb6e41cad4eade829a216  2009.0/x86_64/python-2.5.2-5.2mdv2009.0.x86_64.rpm
 37c9f721a515ce3dc4b35e1b1ca151b9  2009.0/x86_64/python-base-2.5.2-5.2mdv2009.0.x86_64.rpm
 f0bce4774ab8ed100db5d10a5026c08e  2009.0/x86_64/python-docs-2.5.2-5.2mdv2009.0.x86_64.rpm
 af23d67129dd5240e47d55af94ea8d55  2009.0/x86_64/tkinter-2.5.2-5.2mdv2009.0.x86_64.rpm
 b60b54a0262e012f3cd5a6340b4e8b26  2009.0/x86_64/tkinter-apps-2.5.2-5.2mdv2009.0.x86_64.rpm 
 8100e2244219ae77265854c0d90f5b2a  2009.0/SRPMS/python-2.5.2-5.2mdv2009.0.src.rpm

2008.0 i586

 4db6b77cd12cba0d94bc9020a65cd5d9  2008.0/i586/libpython2.5-2.5.2-2.3mdv2008.0.i586.rpm
 31ecfb9d9d6a36e74554ea5035f7fc24  2008.0/i586/libpython2.5-devel-2.5.2-2.3mdv2008.0.i586.rpm
 a97d9856000256787f7353d0b6eb3512  2008.0/i586/python-2.5.2-2.3mdv2008.0.i586.rpm
 9303e40346a04fa967c42e9882807755  2008.0/i586/python-base-2.5.2-2.3mdv2008.0.i586.rpm
 a00f69c06f1e4cfe6b8558cd4ff8c5cb  2008.0/i586/python-docs-2.5.2-2.3mdv2008.0.i586.rpm
 0c5db752edd05d062d2832a7f0f6048c  2008.0/i586/tkinter-2.5.2-2.3mdv2008.0.i586.rpm
 dee07c320db8ca787dc80d5e18b30477  2008.0/i586/tkinter-apps-2.5.2-2.3mdv2008.0.i586.rpm 
 3ed71e8d1faf1be8bab1ed4403b9e8fe  2008.0/SRPMS/python-2.5.2-2.3mdv2008.0.src.rpm

2009.0 i586

 d8fa05c62a851ae63b3babc481f591fe  2009.0/i586/libpython2.5-2.5.2-5.2mdv2009.0.i586.rpm
 03dedb71bf5e9e6521c08d878a3de069  2009.0/i586/libpython2.5-devel-2.5.2-5.2mdv2009.0.i586.rpm
 0a00af83349164dfcb707fe61b5b4fe0  2009.0/i586/python-2.5.2-5.2mdv2009.0.i586.rpm
 cdb43ff339d9b5a2966cea93690b1582  2009.0/i586/python-base-2.5.2-5.2mdv2009.0.i586.rpm
 8ef5499238c98068b895b6e78b89dcd7  2009.0/i586/python-docs-2.5.2-5.2mdv2009.0.i586.rpm
 f1de7b663407e3264603ae21c41c62f6  2009.0/i586/tkinter-2.5.2-5.2mdv2009.0.i586.rpm
 fd556041ec0e689d85f3114b1b238917  2009.0/i586/tkinter-apps-2.5.2-5.2mdv2009.0.i586.rpm 
 8100e2244219ae77265854c0d90f5b2a  2009.0/SRPMS/python-2.5.2-5.2mdv2009.0.src.rpm

CS4.0 i586

 5cd68b7c31f75a4110604c5e9536e6d2  corporate/4.0/i586/libpython2.4-2.4.5-0.2.20060mlcs4.i586.rpm
 7076a855e03d853c7034897f2c96f307  corporate/4.0/i586/libpython2.4-devel-2.4.5-0.2.20060mlcs4.i586.rpm
 424d555c8562ec30c92b1f7702b9a1b4  corporate/4.0/i586/python-2.4.5-0.2.20060mlcs4.i586.rpm
 62f159cd3197a63b9c6cbd50dedfb435  corporate/4.0/i586/python-base-2.4.5-0.2.20060mlcs4.i586.rpm
 d680c7e1b4bb8922b1e8fb68d385a6d7  corporate/4.0/i586/python-docs-2.4.5-0.2.20060mlcs4.i586.rpm
 05692bd128e9d28a06d2b65209ee6568  corporate/4.0/i586/tkinter-2.4.5-0.2.20060mlcs4.i586.rpm 
 ac928ffc9455e399be3285ed9300b6c9  corporate/4.0/SRPMS/python-2.4.5-0.2.20060mlcs4.src.rpm

2008.0 x86_64

 7757d34578a0416c4f917afab8bd9c52  2008.0/x86_64/lib64python2.5-2.5.2-2.3mdv2008.0.x86_64.rpm
 6c88bc5d65718d27157703fc00ac4043  2008.0/x86_64/lib64python2.5-devel-2.5.2-2.3mdv2008.0.x86_64.rpm
 9b47ae389de12121314f89054a64f47a  2008.0/x86_64/python-2.5.2-2.3mdv2008.0.x86_64.rpm
 b87fb4e1180388e5c308d93c5d9e73ae  2008.0/x86_64/python-base-2.5.2-2.3mdv2008.0.x86_64.rpm
 42f0f8f5ff22c15e4750358e75924b10  2008.0/x86_64/python-docs-2.5.2-2.3mdv2008.0.x86_64.rpm
 b672e252efdb5a8a869d8058beef65fc  2008.0/x86_64/tkinter-2.5.2-2.3mdv2008.0.x86_64.rpm
 85c929e0948ca70894b0536dfbc088bb  2008.0/x86_64/tkinter-apps-2.5.2-2.3mdv2008.0.x86_64.rpm 
 3ed71e8d1faf1be8bab1ed4403b9e8fe  2008.0/SRPMS/python-2.5.2-2.3mdv2008.0.src.rpm

CS4.0 x86_64

 0374499309a6323ea74de8be1e67109a  corporate/4.0/x86_64/lib64python2.4-2.4.5-0.2.20060mlcs4.x86_64.rpm
 6b71e6005d6151cdc32f2d86d7a1d7e7  corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.2.20060mlcs4.x86_64.rpm
 1b666de5081b9af0bfd1c71c997b69b0  corporate/4.0/x86_64/python-2.4.5-0.2.20060mlcs4.x86_64.rpm
 ae7e66b3d8edebe12f6e3f9f0d5c0c08  corporate/4.0/x86_64/python-base-2.4.5-0.2.20060mlcs4.x86_64.rpm
 9ec8ef86789cab6f52df225cf605a876  corporate/4.0/x86_64/python-docs-2.4.5-0.2.20060mlcs4.x86_64.rpm
 26434a8ae83e58817265257e4b6ddef6  corporate/4.0/x86_64/tkinter-2.4.5-0.2.20060mlcs4.x86_64.rpm 
 ac928ffc9455e399be3285ed9300b6c9  corporate/4.0/SRPMS/python-2.4.5-0.2.20060mlcs4.src.rpm

2008.1 x86_64

 aa6b0467b5e30a46c2867b56129d53be  2008.1/x86_64/lib64python2.5-2.5.2-2.3mdv2008.1.x86_64.rpm
 6cbbba55f71444cbb50c4cb85e824159  2008.1/x86_64/lib64python2.5-devel-2.5.2-2.3mdv2008.1.x86_64.rpm
 7aa9a636b7239bf77c7d19a81a35f766  2008.1/x86_64/python-2.5.2-2.3mdv2008.1.x86_64.rpm
 b79517bc88cf834604c704aad9ee6a36  2008.1/x86_64/python-base-2.5.2-2.3mdv2008.1.x86_64.rpm
 cf169724d962b9b9e445afae2180e169  2008.1/x86_64/python-docs-2.5.2-2.3mdv2008.1.x86_64.rpm
 9245faca7bbb8d5b3c22b858dfaaf0b8  2008.1/x86_64/tkinter-2.5.2-2.3mdv2008.1.x86_64.rpm
 765534a8479ca3a4fd75466ed62ee416  2008.1/x86_64/tkinter-apps-2.5.2-2.3mdv2008.1.x86_64.rpm 
 8715c361e5635f5be4a73e9f64444c0d  2008.1/SRPMS/python-2.5.2-2.3mdv2008.1.src.rpm

2008.1 i586

 bed95f9d4629c8a9d942754fdc47248b  2008.1/i586/libpython2.5-2.5.2-2.3mdv2008.1.i586.rpm
 0e4893a111a7eaa1032e616d2d2b2947  2008.1/i586/libpython2.5-devel-2.5.2-2.3mdv2008.1.i586.rpm
 ba9e3173a1de78a878c2cb938adf4e01  2008.1/i586/python-2.5.2-2.3mdv2008.1.i586.rpm
 16819516655a0ecb03c3f13cf7d7e540  2008.1/i586/python-base-2.5.2-2.3mdv2008.1.i586.rpm
 2810ba70358157ea8471bee42f49bd28  2008.1/i586/python-docs-2.5.2-2.3mdv2008.1.i586.rpm
 b065c8e61cff35a126c1884f3fb03fec  2008.1/i586/tkinter-2.5.2-2.3mdv2008.1.i586.rpm
 3464f36ee818730d13accb9d836ccd68  2008.1/i586/tkinter-apps-2.5.2-2.3mdv2008.1.i586.rpm 
 8715c361e5635f5be4a73e9f64444c0d  2008.1/SRPMS/python-2.5.2-2.3mdv2008.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864