[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ MDVSA-2010:215 ] python
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [ MDVSA-2010:215 ] python
- From: security@xxxxxxxxxxxx
- Date: Sat, 30 Oct 2010 15:42:01 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:215
http://www.mandriva.com/security/
_______________________________________________________________________
Package : python
Date : October 30, 2010
Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities was discovered and corrected in python:
Buffer underflow in the rgbimg module in Python 2.5 allows remote
attackers to cause a denial of service (application crash) via a large
ZSIZE value in a black-and-white (aka B/W) RGB image that triggers
an invalid pointer dereference (CVE-2009-4134).
Integer overflow in rgbimgmodule.c in the rgbimg module in Python
2.5 allows remote attackers to have an unspecified impact via a large
image that triggers a buffer overflow. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2008-3143.12 (CVE-2010-1449).
Multiple buffer overflows in the RLE decoder in the rgbimg module in
Python 2.5 allow remote attackers to have an unspecified impact via an
image file containing crafted data that triggers improper processing
within the (1) longimagedata or (2) expandrow function (CVE-2010-1450).
The asyncore module in Python before 3.2 does not properly handle
unsuccessful calls to the accept function, and does not have
accompanying documentation describing how daemon applications should
handle unsuccessful calls to the accept function, which makes it
easier for remote attackers to conduct denial of service attacks that
terminate these applications via network connections (CVE-2010-3492).
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,
2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of
service (daemon outage) by establishing and then immediately closing
a TCP connection, leading to the accept function having an unexpected
return value of None, an unexpected value of None for the address,
or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername
function having an ENOTCONN error, a related issue to CVE-2010-3492
(CVE-2010-3493).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
7a00126d581458ad3e1f9195cfe44b56
2009.0/i586/libpython2.5-2.5.2-5.9mdv2009.0.i586.rpm
821b23366eb5a1f2fe486b8b4876a17b
2009.0/i586/libpython2.5-devel-2.5.2-5.9mdv2009.0.i586.rpm
7cc4e06ec1539e65b18788216f5cfec2
2009.0/i586/python-2.5.2-5.9mdv2009.0.i586.rpm
0e2922c24b13b8428201d65dd3a5e69f
2009.0/i586/python-base-2.5.2-5.9mdv2009.0.i586.rpm
6aac8e518cf4fdcf5d11e41869b7cc23
2009.0/i586/python-docs-2.5.2-5.9mdv2009.0.i586.rpm
42f1cb02ad93c2871b7ef26d91dd084c
2009.0/i586/tkinter-2.5.2-5.9mdv2009.0.i586.rpm
89dd31e1bd79bfdcb773ae27b9a23eae
2009.0/i586/tkinter-apps-2.5.2-5.9mdv2009.0.i586.rpm
36eabc2f36f1fc3fee03beea40c5b3ff
2009.0/SRPMS/python-2.5.2-5.9mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
ab11f5dbfd4220284f65591a5e627a2f
2009.0/x86_64/lib64python2.5-2.5.2-5.9mdv2009.0.x86_64.rpm
b7bf0eb696e77af9a6f833a810cd691c
2009.0/x86_64/lib64python2.5-devel-2.5.2-5.9mdv2009.0.x86_64.rpm
f0fa937935849fa7b8ccfe9d0ad23a22
2009.0/x86_64/python-2.5.2-5.9mdv2009.0.x86_64.rpm
9b6094c0d9b8d7305c4dd6d1e9957793
2009.0/x86_64/python-base-2.5.2-5.9mdv2009.0.x86_64.rpm
4d29dc9f22c17f4ee5587aed6082d54f
2009.0/x86_64/python-docs-2.5.2-5.9mdv2009.0.x86_64.rpm
846f140203bc61160c8e9be21bec8caf
2009.0/x86_64/tkinter-2.5.2-5.9mdv2009.0.x86_64.rpm
d83f1ca9fb74bb6bc19f27bfca4565a2
2009.0/x86_64/tkinter-apps-2.5.2-5.9mdv2009.0.x86_64.rpm
36eabc2f36f1fc3fee03beea40c5b3ff
2009.0/SRPMS/python-2.5.2-5.9mdv2009.0.src.rpm
Corporate 4.0:
e3525726eb8b420b631c1e7293200f76
corporate/4.0/i586/libpython2.4-2.4.5-0.7.20060mlcs4.i586.rpm
62a30354a30738ee1d9c8e09fa781931
corporate/4.0/i586/libpython2.4-devel-2.4.5-0.7.20060mlcs4.i586.rpm
c12e4aee6ec61df748905ea3fbc683b1
corporate/4.0/i586/python-2.4.5-0.7.20060mlcs4.i586.rpm
cfa6231f5bd6d42b92e06be405979532
corporate/4.0/i586/python-base-2.4.5-0.7.20060mlcs4.i586.rpm
89bb605645f87975ea06cd0d0adb1242
corporate/4.0/i586/python-docs-2.4.5-0.7.20060mlcs4.i586.rpm
7112a9c89287d80edac65a2c9543de58
corporate/4.0/i586/tkinter-2.4.5-0.7.20060mlcs4.i586.rpm
af061ddc3fe400553ce48a986f1413c8
corporate/4.0/SRPMS/python-2.4.5-0.7.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
d4e789862c00c01d154cb676c958fc66
corporate/4.0/x86_64/lib64python2.4-2.4.5-0.7.20060mlcs4.x86_64.rpm
cc0e0a6797fadbce21133a706be2585e
corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.7.20060mlcs4.x86_64.rpm
63b408e0f3aa7324eda422232f57bbf8
corporate/4.0/x86_64/python-2.4.5-0.7.20060mlcs4.x86_64.rpm
0023db0a34e646a1fdd8803852ac6f1f
corporate/4.0/x86_64/python-base-2.4.5-0.7.20060mlcs4.x86_64.rpm
0e78fed213618878e55f3aee5e83b8df
corporate/4.0/x86_64/python-docs-2.4.5-0.7.20060mlcs4.x86_64.rpm
7ca482e628699e8d588fe64bdfd91257
corporate/4.0/x86_64/tkinter-2.4.5-0.7.20060mlcs4.x86_64.rpm
af061ddc3fe400553ce48a986f1413c8
corporate/4.0/SRPMS/python-2.4.5-0.7.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
0ec5bf2d929c006c683c9e8323655198
mes5/i586/libpython2.5-2.5.2-5.9mdvmes5.1.i586.rpm
2ce1526827f9a6b2cb6f1767b05fb468
mes5/i586/libpython2.5-devel-2.5.2-5.9mdvmes5.1.i586.rpm
0d8d0f8a937fbd2b29de19dd558aa9a3 mes5/i586/python-2.5.2-5.9mdvmes5.1.i586.rpm
0d5632de99d6f3a73a1d0f5b9c09fe60
mes5/i586/python-base-2.5.2-5.9mdvmes5.1.i586.rpm
ae17f9d8dd571e3867709fd2b3225de5
mes5/i586/python-docs-2.5.2-5.9mdvmes5.1.i586.rpm
03d2415da7afb9c4c0f7ac06ac76a5d2 mes5/i586/tkinter-2.5.2-5.9mdvmes5.1.i586.rpm
6a474c44ad872f18e61eb73c988f8c05
mes5/i586/tkinter-apps-2.5.2-5.9mdvmes5.1.i586.rpm
75ba289267fc9c02315cb2bb18d62aed mes5/SRPMS/python-2.5.2-5.9mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
d94d195ee2597a8cc65cbd156045da16
mes5/x86_64/lib64python2.5-2.5.2-5.9mdvmes5.1.x86_64.rpm
99b5668212ff8e4dd5d6798e8b96f5d6
mes5/x86_64/lib64python2.5-devel-2.5.2-5.9mdvmes5.1.x86_64.rpm
de021441be5c405a36ef2f9222afc186
mes5/x86_64/python-2.5.2-5.9mdvmes5.1.x86_64.rpm
1478b55d09d14e419afb4d15ae37958d
mes5/x86_64/python-base-2.5.2-5.9mdvmes5.1.x86_64.rpm
e479b97543e149706200d580bc76048c
mes5/x86_64/python-docs-2.5.2-5.9mdvmes5.1.x86_64.rpm
af465bc5f398ad142a32d4412e940ee9
mes5/x86_64/tkinter-2.5.2-5.9mdvmes5.1.x86_64.rpm
7839e25fcad9d3c55329b61c86a0cead
mes5/x86_64/tkinter-apps-2.5.2-5.9mdvmes5.1.x86_64.rpm
75ba289267fc9c02315cb2bb18d62aed mes5/SRPMS/python-2.5.2-5.9mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMy/LFmqjQ0CJFipgRAtxgAKCdMyuiPoFxjBEatV6KMLD/h7lF0gCfUdcP
GbmwC3tS9AGI9Pgd0KD5jjE=
=SLNl
-----END PGP SIGNATURE-----