Package name
python
Date
2010-10-30
Advisory ID
MDVSA-2010:215
Affected versions
2009.0 x86_64 , MES5 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64

Problem description

Multiple vulnerabilities was discovered and corrected in python:

Buffer underflow in the rgbimg module in Python 2.5 allows remote
attackers to cause a denial of service (application crash) via a large
ZSIZE value in a black-and-white (aka B/W) RGB image that triggers
an invalid pointer dereference (CVE-2009-4134).

Integer overflow in rgbimgmodule.c in the rgbimg module in Python
2.5 allows remote attackers to have an unspecified impact via a large
image that triggers a buffer overflow. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2008-3143.12 (CVE-2010-1449).

Multiple buffer overflows in the RLE decoder in the rgbimg module in
Python 2.5 allow remote attackers to have an unspecified impact via an
image file containing crafted data that triggers improper processing
within the (1) longimagedata or (2) expandrow function (CVE-2010-1450).

The asyncore module in Python before 3.2 does not properly handle
unsuccessful calls to the accept function, and does not have
accompanying documentation describing how daemon applications should
handle unsuccessful calls to the accept function, which makes it
easier for remote attackers to conduct denial of service attacks that
terminate these applications via network connections (CVE-2010-3492).

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,
2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of
service (daemon outage) by establishing and then immediately closing
a TCP connection, leading to the accept function having an unexpected
return value of None, an unexpected value of None for the address,
or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername
function having an ENOTCONN error, a related issue to CVE-2010-3492
(CVE-2010-3493).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Updated packages

2009.0 x86_64

 ab11f5dbfd4220284f65591a5e627a2f  2009.0/x86_64/lib64python2.5-2.5.2-5.9mdv2009.0.x86_64.rpm
 b7bf0eb696e77af9a6f833a810cd691c  2009.0/x86_64/lib64python2.5-devel-2.5.2-5.9mdv2009.0.x86_64.rpm
 f0fa937935849fa7b8ccfe9d0ad23a22  2009.0/x86_64/python-2.5.2-5.9mdv2009.0.x86_64.rpm
 9b6094c0d9b8d7305c4dd6d1e9957793  2009.0/x86_64/python-base-2.5.2-5.9mdv2009.0.x86_64.rpm
 4d29dc9f22c17f4ee5587aed6082d54f  2009.0/x86_64/python-docs-2.5.2-5.9mdv2009.0.x86_64.rpm
 846f140203bc61160c8e9be21bec8caf  2009.0/x86_64/tkinter-2.5.2-5.9mdv2009.0.x86_64.rpm
 d83f1ca9fb74bb6bc19f27bfca4565a2  2009.0/x86_64/tkinter-apps-2.5.2-5.9mdv2009.0.x86_64.rpm 
 36eabc2f36f1fc3fee03beea40c5b3ff  2009.0/SRPMS/python-2.5.2-5.9mdv2009.0.src.rpm

MES5 i586

 0ec5bf2d929c006c683c9e8323655198  mes5/i586/libpython2.5-2.5.2-5.9mdvmes5.1.i586.rpm
 2ce1526827f9a6b2cb6f1767b05fb468  mes5/i586/libpython2.5-devel-2.5.2-5.9mdvmes5.1.i586.rpm
 0d8d0f8a937fbd2b29de19dd558aa9a3  mes5/i586/python-2.5.2-5.9mdvmes5.1.i586.rpm
 0d5632de99d6f3a73a1d0f5b9c09fe60  mes5/i586/python-base-2.5.2-5.9mdvmes5.1.i586.rpm
 ae17f9d8dd571e3867709fd2b3225de5  mes5/i586/python-docs-2.5.2-5.9mdvmes5.1.i586.rpm
 03d2415da7afb9c4c0f7ac06ac76a5d2  mes5/i586/tkinter-2.5.2-5.9mdvmes5.1.i586.rpm
 6a474c44ad872f18e61eb73c988f8c05  mes5/i586/tkinter-apps-2.5.2-5.9mdvmes5.1.i586.rpm 
 75ba289267fc9c02315cb2bb18d62aed  mes5/SRPMS/python-2.5.2-5.9mdvmes5.1.src.rpm

2009.0 i586

 7a00126d581458ad3e1f9195cfe44b56  2009.0/i586/libpython2.5-2.5.2-5.9mdv2009.0.i586.rpm
 821b23366eb5a1f2fe486b8b4876a17b  2009.0/i586/libpython2.5-devel-2.5.2-5.9mdv2009.0.i586.rpm
 7cc4e06ec1539e65b18788216f5cfec2  2009.0/i586/python-2.5.2-5.9mdv2009.0.i586.rpm
 0e2922c24b13b8428201d65dd3a5e69f  2009.0/i586/python-base-2.5.2-5.9mdv2009.0.i586.rpm
 6aac8e518cf4fdcf5d11e41869b7cc23  2009.0/i586/python-docs-2.5.2-5.9mdv2009.0.i586.rpm
 42f1cb02ad93c2871b7ef26d91dd084c  2009.0/i586/tkinter-2.5.2-5.9mdv2009.0.i586.rpm
 89dd31e1bd79bfdcb773ae27b9a23eae  2009.0/i586/tkinter-apps-2.5.2-5.9mdv2009.0.i586.rpm 
 36eabc2f36f1fc3fee03beea40c5b3ff  2009.0/SRPMS/python-2.5.2-5.9mdv2009.0.src.rpm

CS4.0 i586

 e3525726eb8b420b631c1e7293200f76  corporate/4.0/i586/libpython2.4-2.4.5-0.7.20060mlcs4.i586.rpm
 62a30354a30738ee1d9c8e09fa781931  corporate/4.0/i586/libpython2.4-devel-2.4.5-0.7.20060mlcs4.i586.rpm
 c12e4aee6ec61df748905ea3fbc683b1  corporate/4.0/i586/python-2.4.5-0.7.20060mlcs4.i586.rpm
 cfa6231f5bd6d42b92e06be405979532  corporate/4.0/i586/python-base-2.4.5-0.7.20060mlcs4.i586.rpm
 89bb605645f87975ea06cd0d0adb1242  corporate/4.0/i586/python-docs-2.4.5-0.7.20060mlcs4.i586.rpm
 7112a9c89287d80edac65a2c9543de58  corporate/4.0/i586/tkinter-2.4.5-0.7.20060mlcs4.i586.rpm 
 af061ddc3fe400553ce48a986f1413c8  corporate/4.0/SRPMS/python-2.4.5-0.7.20060mlcs4.src.rpm

CS4.0 x86_64

 d4e789862c00c01d154cb676c958fc66  corporate/4.0/x86_64/lib64python2.4-2.4.5-0.7.20060mlcs4.x86_64.rpm
 cc0e0a6797fadbce21133a706be2585e  corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.7.20060mlcs4.x86_64.rpm
 63b408e0f3aa7324eda422232f57bbf8  corporate/4.0/x86_64/python-2.4.5-0.7.20060mlcs4.x86_64.rpm
 0023db0a34e646a1fdd8803852ac6f1f  corporate/4.0/x86_64/python-base-2.4.5-0.7.20060mlcs4.x86_64.rpm
 0e78fed213618878e55f3aee5e83b8df  corporate/4.0/x86_64/python-docs-2.4.5-0.7.20060mlcs4.x86_64.rpm
 7ca482e628699e8d588fe64bdfd91257  corporate/4.0/x86_64/tkinter-2.4.5-0.7.20060mlcs4.x86_64.rpm 
 af061ddc3fe400553ce48a986f1413c8  corporate/4.0/SRPMS/python-2.4.5-0.7.20060mlcs4.src.rpm

MES5 x86_64

 d94d195ee2597a8cc65cbd156045da16  mes5/x86_64/lib64python2.5-2.5.2-5.9mdvmes5.1.x86_64.rpm
 99b5668212ff8e4dd5d6798e8b96f5d6  mes5/x86_64/lib64python2.5-devel-2.5.2-5.9mdvmes5.1.x86_64.rpm
 de021441be5c405a36ef2f9222afc186  mes5/x86_64/python-2.5.2-5.9mdvmes5.1.x86_64.rpm
 1478b55d09d14e419afb4d15ae37958d  mes5/x86_64/python-base-2.5.2-5.9mdvmes5.1.x86_64.rpm
 e479b97543e149706200d580bc76048c  mes5/x86_64/python-docs-2.5.2-5.9mdvmes5.1.x86_64.rpm
 af465bc5f398ad142a32d4412e940ee9  mes5/x86_64/tkinter-2.5.2-5.9mdvmes5.1.x86_64.rpm
 7839e25fcad9d3c55329b61c86a0cead  mes5/x86_64/tkinter-apps-2.5.2-5.9mdvmes5.1.x86_64.rpm 
 75ba289267fc9c02315cb2bb18d62aed  mes5/SRPMS/python-2.5.2-5.9mdvmes5.1.src.rpm

References