Mandriva Linux Security Advisory 2009-003 - Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow. Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. The updated Python packages have been patched to correct these issues.
28d63a5f76ce1c5a97ac6618dfcd9bf320b89e89ddb038a765988adc6e0b6471
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:003
http://www.mandriva.com/security/
_______________________________________________________________________
Package : python
Date : January 9, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple integer overflows in imageop.c in the imageop module in
Python 1.5.2 through 2.5.1 allow context-dependent attackers to
break out of the Python VM and execute arbitrary code via large
integer values in certain arguments to the crop function, leading to
a buffer overflow, a different vulnerability than CVE-2007-4965 and
CVE-2008-1679. (CVE-2008-4864)
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,
allow context-dependent attackers to have an unknown impact via
a large integer value in the tabsize argument to the expandtabs
method, as implemented by (1) the string_expandtabs function in
Objects/stringobject.c and (2) the unicode_expandtabs function in
Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists
because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)
The updated Python packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
99e168ac1b7ae4bd0d340c2aac462e19 2008.0/i586/libpython2.5-2.5.2-2.3mdv2008.0.i586.rpm
8ddb89d22f9456e52758bdfc060cede1 2008.0/i586/libpython2.5-devel-2.5.2-2.3mdv2008.0.i586.rpm
c5b19e98a095f6000d5adc2009246ebb 2008.0/i586/python-2.5.2-2.3mdv2008.0.i586.rpm
4ce7cec71582068f7d5a00e1b53d9b2d 2008.0/i586/python-base-2.5.2-2.3mdv2008.0.i586.rpm
ad15a443a4f832e44864a83c2a6d6e4c 2008.0/i586/python-docs-2.5.2-2.3mdv2008.0.i586.rpm
1983242f6100f957af9d264de98119ec 2008.0/i586/tkinter-2.5.2-2.3mdv2008.0.i586.rpm
e99d03ebb07f9e6fc47f8619ea8cb832 2008.0/i586/tkinter-apps-2.5.2-2.3mdv2008.0.i586.rpm
2f8ff50c56f46c191b63878f11f7f606 2008.0/SRPMS/python-2.5.2-2.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
7b80a39d64b3a62eabd72cd63df8f2b4 2008.0/x86_64/lib64python2.5-2.5.2-2.3mdv2008.0.x86_64.rpm
bcb2d996aa22e004a8d1c142a62b852f 2008.0/x86_64/lib64python2.5-devel-2.5.2-2.3mdv2008.0.x86_64.rpm
75b8005ecb4df3d51da30a308ff7864b 2008.0/x86_64/python-2.5.2-2.3mdv2008.0.x86_64.rpm
1ee083182c06c5661a2d49e378fe314a 2008.0/x86_64/python-base-2.5.2-2.3mdv2008.0.x86_64.rpm
71659dba30fb79c8890992ff77cfae08 2008.0/x86_64/python-docs-2.5.2-2.3mdv2008.0.x86_64.rpm
f03df81a9505fc5480f717267eb4f59c 2008.0/x86_64/tkinter-2.5.2-2.3mdv2008.0.x86_64.rpm
8bbf6f28976deb9dc9c1651f4179bf3c 2008.0/x86_64/tkinter-apps-2.5.2-2.3mdv2008.0.x86_64.rpm
2f8ff50c56f46c191b63878f11f7f606 2008.0/SRPMS/python-2.5.2-2.3mdv2008.0.src.rpm
Mandriva Linux 2008.1:
40768be47280f91652106cae7d52bac3 2008.1/i586/libpython2.5-2.5.2-2.3mdv2008.1.i586.rpm
f740a094492e495a7058324c9d7fe5c0 2008.1/i586/libpython2.5-devel-2.5.2-2.3mdv2008.1.i586.rpm
8a3a54d6633b1067a303266551fbf11c 2008.1/i586/python-2.5.2-2.3mdv2008.1.i586.rpm
6ec33343842298ff0e8719cb69d8d8dd 2008.1/i586/python-base-2.5.2-2.3mdv2008.1.i586.rpm
6cf93281ad513c769a27e1a0aed24d89 2008.1/i586/python-docs-2.5.2-2.3mdv2008.1.i586.rpm
13b6d462c97fae761f889a9ef1f00445 2008.1/i586/tkinter-2.5.2-2.3mdv2008.1.i586.rpm
7503eb04531c6705d544a029575d5ba1 2008.1/i586/tkinter-apps-2.5.2-2.3mdv2008.1.i586.rpm
befe989985d13d16f6f23b9c44300010 2008.1/SRPMS/python-2.5.2-2.3mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
51bf8e6e9cfe26fc06540fb2e9c89a97 2008.1/x86_64/lib64python2.5-2.5.2-2.3mdv2008.1.x86_64.rpm
bdf744158bd3d0e856d34341db8f9766 2008.1/x86_64/lib64python2.5-devel-2.5.2-2.3mdv2008.1.x86_64.rpm
2e48265c3457815f1d8079bbbf289415 2008.1/x86_64/python-2.5.2-2.3mdv2008.1.x86_64.rpm
c6b77afb3b6f1263602d1ddcbb010582 2008.1/x86_64/python-base-2.5.2-2.3mdv2008.1.x86_64.rpm
d771f65c3c683e15688e243d7f6b5b31 2008.1/x86_64/python-docs-2.5.2-2.3mdv2008.1.x86_64.rpm
d392466b1043ed47431e26780402a923 2008.1/x86_64/tkinter-2.5.2-2.3mdv2008.1.x86_64.rpm
0c333970463f34e01192f50025e5418a 2008.1/x86_64/tkinter-apps-2.5.2-2.3mdv2008.1.x86_64.rpm
befe989985d13d16f6f23b9c44300010 2008.1/SRPMS/python-2.5.2-2.3mdv2008.1.src.rpm
Mandriva Linux 2009.0:
51130cd5a5075d3ba29c3b65393950fe 2009.0/i586/libpython2.5-2.5.2-5.2mdv2009.0.i586.rpm
e9a3c47de92e69dc45ee78ec09fdcdf7 2009.0/i586/libpython2.5-devel-2.5.2-5.2mdv2009.0.i586.rpm
1512cc21647372972d62143538110f0b 2009.0/i586/python-2.5.2-5.2mdv2009.0.i586.rpm
1ee69545d6e690add84393551b3008fb 2009.0/i586/python-base-2.5.2-5.2mdv2009.0.i586.rpm
4c2cf514d3bb03dc5690341ef8b57345 2009.0/i586/python-docs-2.5.2-5.2mdv2009.0.i586.rpm
7f3d125f0c601fbc650441e9d3d84660 2009.0/i586/tkinter-2.5.2-5.2mdv2009.0.i586.rpm
a5de9edf44334b6bd10914b29875b79d 2009.0/i586/tkinter-apps-2.5.2-5.2mdv2009.0.i586.rpm
a693a961c64a55661ff434db34514e54 2009.0/SRPMS/python-2.5.2-5.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
6c08e75992d0dbcc0588486ba110b7d0 2009.0/x86_64/lib64python2.5-2.5.2-5.2mdv2009.0.x86_64.rpm
14b108a893efbe023251b153d1e82510 2009.0/x86_64/lib64python2.5-devel-2.5.2-5.2mdv2009.0.x86_64.rpm
993aae03321911db6a6658b1d9c59770 2009.0/x86_64/python-2.5.2-5.2mdv2009.0.x86_64.rpm
2b7c1156968c717a439bc0f09cae6377 2009.0/x86_64/python-base-2.5.2-5.2mdv2009.0.x86_64.rpm
0d3827f4b2abd8d8708374a10f3d6a29 2009.0/x86_64/python-docs-2.5.2-5.2mdv2009.0.x86_64.rpm
850ba6348ca56583ac9d9cdcfe363cf9 2009.0/x86_64/tkinter-2.5.2-5.2mdv2009.0.x86_64.rpm
36bd4ed23029a5c85846306722c5c539 2009.0/x86_64/tkinter-apps-2.5.2-5.2mdv2009.0.x86_64.rpm
a693a961c64a55661ff434db34514e54 2009.0/SRPMS/python-2.5.2-5.2mdv2009.0.src.rpm
Corporate 4.0:
d1aaa4775604a3de987ea812484cbbe4 corporate/4.0/i586/libpython2.4-2.4.5-0.2.20060mlcs4.i586.rpm
044319e405c74c74ada649911fea096b corporate/4.0/i586/libpython2.4-devel-2.4.5-0.2.20060mlcs4.i586.rpm
70a92760d7ee37150357fd5eed43d0cd corporate/4.0/i586/python-2.4.5-0.2.20060mlcs4.i586.rpm
dd69e4feb812394c47140b42ec319dad corporate/4.0/i586/python-base-2.4.5-0.2.20060mlcs4.i586.rpm
40137c85bd8f45948823be862da2c224 corporate/4.0/i586/python-docs-2.4.5-0.2.20060mlcs4.i586.rpm
2f226b42cb832b2c9860f18528a71936 corporate/4.0/i586/tkinter-2.4.5-0.2.20060mlcs4.i586.rpm
83a6e83bb1b31cb4b5a43628e6a762d4 corporate/4.0/SRPMS/python-2.4.5-0.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
496d164ca85142afa629e3ea374810d2 corporate/4.0/x86_64/lib64python2.4-2.4.5-0.2.20060mlcs4.x86_64.rpm
0ee91a3adf261607b8df677d98b45704 corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.2.20060mlcs4.x86_64.rpm
05be6f567bd0ae454878fbc91950d5e0 corporate/4.0/x86_64/python-2.4.5-0.2.20060mlcs4.x86_64.rpm
5fcaa1f9cc19b6c7a69422fee87081cb corporate/4.0/x86_64/python-base-2.4.5-0.2.20060mlcs4.x86_64.rpm
e449b5dc09573a81c2d46305c0dcc641 corporate/4.0/x86_64/python-docs-2.4.5-0.2.20060mlcs4.x86_64.rpm
7e41ff74e33e237c319c36d7de726f3c corporate/4.0/x86_64/tkinter-2.4.5-0.2.20060mlcs4.x86_64.rpm
83a6e83bb1b31cb4b5a43628e6a762d4 corporate/4.0/SRPMS/python-2.4.5-0.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJZ8kcmqjQ0CJFipgRAid1AJ4r2XGu3/mwmj94DeibPLPf3SLhcQCeLATO
i4D9EZtmJCdN/0XK3eWOBnc=
=iXWH
-----END PGP SIGNATURE-----