Mandriva Linux Security Advisory - An off-by-one error was discovered in the PyLocale_strxfrm function in Python 2.4 and 2.5 that could allow context-dependent attackers the ability to read portions of memory via special manipulations that trigger a buffer over-read due to missing null termination.
dd41e54ae7130a49a2fbead064931c74e417371e6cec07091d882cda95862338
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:099
http://www.mandriva.com/security/
_______________________________________________________________________
Package : python
Date : May 8, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
An off-by-one error was discovered in the PyLocale_strxfrm function
in Python 2.4 and 2.5 that could allow context-dependent attackers
the ability to read portions of memory via special manipulations that
trigger a buffer over-read due to missing null termination.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
fe74992a7b6f6e6831ad12a4ddf1efab 2007.0/i586/libpython2.4-2.4.3-3.2mdv2007.0.i586.rpm
486ad94946de0c154806149e32fc5377 2007.0/i586/libpython2.4-devel-2.4.3-3.2mdv2007.0.i586.rpm
06da4fbb8161ad8d2d041a765c9bd3a4 2007.0/i586/python-2.4.3-3.2mdv2007.0.i586.rpm
e2b9a0e926a031064c679f96ab56a549 2007.0/i586/python-base-2.4.3-3.2mdv2007.0.i586.rpm
69662a908b2b58e7566775e33c0f7c04 2007.0/i586/python-docs-2.4.3-3.2mdv2007.0.i586.rpm
05e7ec9f4c6e8ac87300bcaad74e88c7 2007.0/i586/tkinter-2.4.3-3.2mdv2007.0.i586.rpm
2e8ead2656b638871f73330c544a5359 2007.0/SRPMS/python-2.4.3-3.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
512d998bab61c40a8258ad88fc5ba01e 2007.0/x86_64/lib64python2.4-2.4.3-3.2mdv2007.0.x86_64.rpm
a3c06fa92f8f122591e71af4c1560a2f 2007.0/x86_64/lib64python2.4-devel-2.4.3-3.2mdv2007.0.x86_64.rpm
a8a6809b466a84f0b9a3b54f118b4cc4 2007.0/x86_64/python-2.4.3-3.2mdv2007.0.x86_64.rpm
66a8d0ec2bcf38269f9e8b7680834ed8 2007.0/x86_64/python-base-2.4.3-3.2mdv2007.0.x86_64.rpm
1008036e8043cc5a6a16692f727962b1 2007.0/x86_64/python-docs-2.4.3-3.2mdv2007.0.x86_64.rpm
64f804575b72200ce7a0e63bbe48a603 2007.0/x86_64/tkinter-2.4.3-3.2mdv2007.0.x86_64.rpm
2e8ead2656b638871f73330c544a5359 2007.0/SRPMS/python-2.4.3-3.2mdv2007.0.src.rpm
Mandriva Linux 2007.1:
48e57e010f2c6d4bc40e8ab694f36227 2007.1/i586/libpython2.5-2.5-4.1mdv2007.1.i586.rpm
e349b0a6060e9a884b635cdc5eea1aa1 2007.1/i586/libpython2.5-devel-2.5-4.1mdv2007.1.i586.rpm
7d4a063c40b0974328294c6c38a49301 2007.1/i586/python-2.5-4.1mdv2007.1.i586.rpm
7731c37d3e20151bd5e3558a151027de 2007.1/i586/python-base-2.5-4.1mdv2007.1.i586.rpm
8bf51da0f03fd148480bbf0a06498aac 2007.1/i586/python-docs-2.5-4.1mdv2007.1.i586.rpm
7314c9500b0e494f3d8cd3204f1fbb0e 2007.1/i586/tkinter-2.5-4.1mdv2007.1.i586.rpm
9aee44decebb69373673aa4b31f2bfef 2007.1/SRPMS/python-2.5-4.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
37f375c1ceef5fe9182a2e293dd35cc2 2007.1/x86_64/lib64python2.5-2.5-4.1mdv2007.1.x86_64.rpm
864eb9b480c4961252f8c1ee954a088e 2007.1/x86_64/lib64python2.5-devel-2.5-4.1mdv2007.1.x86_64.rpm
c01eaebf2839c29f14b9c1a24897a47e 2007.1/x86_64/python-2.5-4.1mdv2007.1.x86_64.rpm
00fdd58a1aaf31c3745e2a62bd4cf67d 2007.1/x86_64/python-base-2.5-4.1mdv2007.1.x86_64.rpm
1d6f01a7176b1a7f0f93decc61767b70 2007.1/x86_64/python-docs-2.5-4.1mdv2007.1.x86_64.rpm
c32da2ed04805eac862afc9f6ba82779 2007.1/x86_64/tkinter-2.5-4.1mdv2007.1.x86_64.rpm
9aee44decebb69373673aa4b31f2bfef 2007.1/SRPMS/python-2.5-4.1mdv2007.1.src.rpm
Corporate 3.0:
22141898464fda308a2f91516e1426cb corporate/3.0/i586/libpython2.3-2.3.3-2.4.C30mdk.i586.rpm
0f112257db4e383b87e0d9a30ea44d3f corporate/3.0/i586/libpython2.3-devel-2.3.3-2.4.C30mdk.i586.rpm
c13b11f924c8586b7a9a113597094d26 corporate/3.0/i586/python-2.3.3-2.4.C30mdk.i586.rpm
74bb3c949621a653976fae5fe3d3a479 corporate/3.0/i586/python-base-2.3.3-2.4.C30mdk.i586.rpm
121571a9f17d42f84489fa5f59f92d15 corporate/3.0/i586/python-docs-2.3.3-2.4.C30mdk.i586.rpm
2a4bb4733f6b08ab310cdfe709222c57 corporate/3.0/i586/tkinter-2.3.3-2.4.C30mdk.i586.rpm
410c1764fce544f9d6928b4277d4eb0a corporate/3.0/SRPMS/python-2.3.3-2.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
0bacb2fc09a53bd79b3ca5a7e1466293 corporate/3.0/x86_64/lib64python2.3-2.3.3-2.4.C30mdk.x86_64.rpm
7b16e0f0487b3f2b8df9d5466235d762 corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.4.C30mdk.x86_64.rpm
788307fb0fc1210e21f5101d833c7e06 corporate/3.0/x86_64/python-2.3.3-2.4.C30mdk.x86_64.rpm
22876f4caaba1b887a6f91fc42e7dc82 corporate/3.0/x86_64/python-base-2.3.3-2.4.C30mdk.x86_64.rpm
241da835482fc4d3662760f54c3ee60b corporate/3.0/x86_64/python-docs-2.3.3-2.4.C30mdk.x86_64.rpm
5494ce601d236eeba65cae815dfff20d corporate/3.0/x86_64/tkinter-2.3.3-2.4.C30mdk.x86_64.rpm
410c1764fce544f9d6928b4277d4eb0a corporate/3.0/SRPMS/python-2.3.3-2.4.C30mdk.src.rpm
Corporate 4.0:
6a896ef81fbf3575160141f4957bc562 corporate/4.0/i586/libpython2.4-2.4.1-5.2.20060mlcs4.i586.rpm
77fcfe6d35783de11d215c756655967d corporate/4.0/i586/libpython2.4-devel-2.4.1-5.2.20060mlcs4.i586.rpm
670254207d969b1ea7941d3af74a92f3 corporate/4.0/i586/python-2.4.1-5.2.20060mlcs4.i586.rpm
7a3d1475a93f18cc39e6d40d6b11ed00 corporate/4.0/i586/python-base-2.4.1-5.2.20060mlcs4.i586.rpm
9b1a19d23ef58cf8bac99777d32a81e4 corporate/4.0/i586/python-docs-2.4.1-5.2.20060mlcs4.i586.rpm
8cac9fb2582c7829c5dc0f63e850de79 corporate/4.0/i586/tkinter-2.4.1-5.2.20060mlcs4.i586.rpm
c93d08d3be64f3296a6002dd18162bf7 corporate/4.0/SRPMS/python-2.4.1-5.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
12e5b0f59a6b5f13d94cabd7daa72398 corporate/4.0/x86_64/lib64python2.4-2.4.1-5.2.20060mlcs4.x86_64.rpm
1c16599348b73153c9085d15b6242ed5 corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.2.20060mlcs4.x86_64.rpm
182624751d942ffcc4707d54828d8be0 corporate/4.0/x86_64/python-2.4.1-5.2.20060mlcs4.x86_64.rpm
5c8f306b3d864db59e3e5ea4bf9cb762 corporate/4.0/x86_64/python-base-2.4.1-5.2.20060mlcs4.x86_64.rpm
6211da765373858436fe62a318aa1666 corporate/4.0/x86_64/python-docs-2.4.1-5.2.20060mlcs4.x86_64.rpm
805952c88f6b51596be704f7d68a401b corporate/4.0/x86_64/tkinter-2.4.1-5.2.20060mlcs4.x86_64.rpm
c93d08d3be64f3296a6002dd18162bf7 corporate/4.0/SRPMS/python-2.4.1-5.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
2d3ec003329f84d36fd6cf64c3e3ccc5 mnf/2.0/i586/libpython2.3-2.3.3-2.4.M20mdk.i586.rpm
116908107bda1a9940ccc34e0f34cd19 mnf/2.0/i586/libpython2.3-devel-2.3.3-2.4.M20mdk.i586.rpm
f94e5be67c898f21384411738f3bfe13 mnf/2.0/i586/python-2.3.3-2.4.M20mdk.i586.rpm
0647fb2e63071375d64e5eb964f1a22c mnf/2.0/i586/python-base-2.3.3-2.4.M20mdk.i586.rpm
cb6386daf24ae543ba84b774971676e0 mnf/2.0/i586/python-docs-2.3.3-2.4.M20mdk.i586.rpm
70775ea2a5c73577a015c80179b694d0 mnf/2.0/i586/tkinter-2.3.3-2.4.M20mdk.i586.rpm
7dedeefe7a1d7a1ff337bb8a5927960f mnf/2.0/SRPMS/python-2.3.3-2.4.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGQN+BmqjQ0CJFipgRArIbAKCLNrYWFLCeZJXc70zI0UtYNowbawCfSAzT
53lNoS58O0jjxWqTHqmbzjA=
=tPEF
-----END PGP SIGNATURE-----