Debian: New python2.3 packages fix arbitrary code execution

    Date23 Oct 2006
    CategoryDebian
    2534
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1198-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    October 23rd, 2006                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : python2.3
    Vulnerability  : buffer overflow
    Problem-Type   : local(remote)
    Debian-specific: no
    CVE ID         : CVE-2006-4980
    Debian Bug     : 391589
    
    Benjamin C. Wiley Sittler discovered that the repr() of the Python 
    interpreter allocates insufficient memory when parsing UCS-4 Unicode
    strings, which might lead to execution of arbitrary code through
    a buffer overflow.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.3.5-3sarge2. Due to build problems this update lacks fixed
    packages for the Alpha and Sparc architectures. Once they are sorted
    out, fixed binaries will be released.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2.3.5-16.
    
    We recommend that you upgrade your Python 2.3 packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2.dsc
          Size/MD5 checksum:     1146 c38d235942cfb8afc2a134095983fcc3
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2.diff.gz
          Size/MD5 checksum:  2352797 40d9ed18456b48d968a245de572090f6
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5.orig.tar.gz
          Size/MD5 checksum:  8512566 9c35e5ca3c487e1c1f70f2fb1ccbfffe
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/p/python2.3/idle-python2.3_2.3.5-3sarge2_all.deb
          Size/MD5 checksum:   235662 ad56ea2b6e7020e58cca9d3a8119ad94
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-doc_2.3.5-3sarge2_all.deb
          Size/MD5 checksum:  2860658 beb68a0918006c0b8435429bdf679af6
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-examples_2.3.5-3sarge2_all.deb
          Size/MD5 checksum:   513034 38a28c4550fc4a8690e4d9a70f2c9029
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_amd64.deb
          Size/MD5 checksum:  3036816 7b448a5a3461e36baabefc85293ef617
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_amd64.deb
          Size/MD5 checksum:  1593430 36c9298f302d09612c2739723d2c2631
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_amd64.deb
          Size/MD5 checksum:    27150 cc6f50422763cb7e5181f44a9f9f454f
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_amd64.deb
          Size/MD5 checksum:    31950 06361f2059f7086e0d31641720ce689f
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_amd64.deb
          Size/MD5 checksum:   109784 273a79d36da2b54ccc79aeb84ff4c5a2
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_arm.deb
          Size/MD5 checksum:  2879682 5599d0414d3b126c4bfa9e6f767f6b68
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_arm.deb
          Size/MD5 checksum:  1647266 8ea66e2fef0442ae83b6ed65553494ad
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_arm.deb
          Size/MD5 checksum:    26630 36ba9ad6e492d47a65052d645ba01aaa
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_arm.deb
          Size/MD5 checksum:    30356 3037b21cb0196e315d5a97ca211f9f87
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_arm.deb
          Size/MD5 checksum:   107538 86fa9c7568a36645d532812da7dcb419
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_hppa.deb
          Size/MD5 checksum:  3330806 447ead4cd77babc3f8284b9092e211b3
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_hppa.deb
          Size/MD5 checksum:  1829560 0714c0d2161c2e91e6a351efb67d10dc
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_hppa.deb
          Size/MD5 checksum:    28092 1450042d3e4a8eca1625bacb98c7de17
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_hppa.deb
          Size/MD5 checksum:    33370 5cb7d8f3ac1f5d4bbcaa0193f7c195ae
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_hppa.deb
          Size/MD5 checksum:   113266 db3e135c5cd6284339e160edf10318ff
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_i386.deb
          Size/MD5 checksum:  2906440 b40ece1e119fc85f466b578f5700eae7
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_i386.deb
          Size/MD5 checksum:  1481330 755eb042dc40ed2c15d20fa1a3942a45
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_i386.deb
          Size/MD5 checksum:    26838 39e463e41b8549676f5a26817175b8be
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_i386.deb
          Size/MD5 checksum:    30858 db4e31d1080e22f793035a6a120149bf
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_i386.deb
          Size/MD5 checksum:   107838 f7b9484d801ce0fd6be92c982ca2bbc9
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_ia64.deb
          Size/MD5 checksum:  4096696 81296d4c46e6786fbdc9acbc40905525
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_ia64.deb
          Size/MD5 checksum:  2418066 82d24c68b07df05791043e3f939e99f9
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_ia64.deb
          Size/MD5 checksum:    29386 6a9fbe616324825e917a92c5634c38f2
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_ia64.deb
          Size/MD5 checksum:    37458 48ec20b980ef7e09b2f0d0b052e99113
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_ia64.deb
          Size/MD5 checksum:   120018 4d57a010b63e76bf7fdccb06bd52b01b
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_m68k.deb
          Size/MD5 checksum:  2823242 a4a39c247e4e473b09e01573b374f51b
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_m68k.deb
          Size/MD5 checksum:  1341414 fa15d6577fcf1ea6ca20bf0228a55d20
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_m68k.deb
          Size/MD5 checksum:    26590 783fe32ef96f08aaacfca50d7f8d0fc1
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_m68k.deb
          Size/MD5 checksum:    30060 702b8f8be5d982379a6364230f39c751
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_m68k.deb
          Size/MD5 checksum:   107474 b5f04378b09c9a34bdcfaf21eeb294e8
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_mips.deb
          Size/MD5 checksum:  3052172 7ac7c5d8d270150702e466bb5c814517
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_mips.deb
          Size/MD5 checksum:  1695342 34ef47dc93dc6d1ce1c829dbee841d7b
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_mips.deb
          Size/MD5 checksum:    26862 ca60174cb06a0a638a0703b93c86af21
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_mips.deb
          Size/MD5 checksum:    31152 ed2827e87081d1851e650cb14adc2386
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_mips.deb
          Size/MD5 checksum:   107276 7f3b152eed1dc3b6aeef3b6a5746d7b3
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_mipsel.deb
          Size/MD5 checksum:  3036094 a3f25da853d531161b7019aaa4f5f05a
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_mipsel.deb
          Size/MD5 checksum:  1697748 9215a9e9f3502a6fe596b36e529208ee
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_mipsel.deb
          Size/MD5 checksum:    26822 abc4892dd0c9e167ebf0bd26f5313cef
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_mipsel.deb
          Size/MD5 checksum:    31114 6df1a39d7b57105f34e9870dd2181662
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_mipsel.deb
          Size/MD5 checksum:   107150 e4bc43b4c8fe1f193e817bb0424a45d2
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_powerpc.deb
          Size/MD5 checksum:  3186320 a0c45ccf00464b8a37832e001c8f00dd
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_powerpc.deb
          Size/MD5 checksum:  1708732 f0056104734344449ff3ea913858cc7c
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_powerpc.deb
          Size/MD5 checksum:    28614 cab8ff677236328112eaa8a77c2c3083
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_powerpc.deb
          Size/MD5 checksum:    33018 d5fca5b2e1b2f6afd3f8f4af0a737e60
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_powerpc.deb
          Size/MD5 checksum:   110432 c240e0a094d25e12a4b8a4b7a1de0784
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_s390.deb
          Size/MD5 checksum:  3090690 4c21a5d11802ce96b43cf5acba06e4c2
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_s390.deb
          Size/MD5 checksum:  1622396 933b4fb4f123fa16259b97eaec3de4f4
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_s390.deb
          Size/MD5 checksum:    27690 d8f7a87bc7cb9c5464a22f6c4ac2c0ed
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_s390.deb
          Size/MD5 checksum:    32464 2bb049d44f17db564f79b40b4690797c
        http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_s390.deb
          Size/MD5 checksum:   112028 83abd579768a9c2294b4fad942571f3b
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.