Debian: DSA-1977-1 Moderate: Python DoS And Integer Overflow Risks
debian
January 25, 2010
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XM...
Topics Covered
Summary
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy
in the interpreter for the Python language, does not properly process malformed or
crafted XML files. (CVE-2009-3560 CVE-2009-3720)
This vulnerability could allow an attacker to cause a denial of service while parsing
a malformed XML file.
In addition, this update fixes an integer overflow in the hashlib module in python2.5.
This vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316)
It only affects the oldstable distribution (etch).
For the oldstable distribution (etch), these problems have been fixed in
version 2.4.4-3+etch3 for python2.4 and version 2.5-5+etch2 for python2.5.
For the stable distribution (lenny), these problems have been fixed in
version 2.4.6-1+lenny1 for python2.4 and version 2.5.2-15+lenny1 for python2.5.
For the unstable distribution (sid), these problems have been fixed in
version 2.5.4-3.1 for python2.5, and will migrate to the testing distribution (sque...
PREVIOUS
NEXT
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!