Debian: New python2.4 packages fix arbitrary code execution

    Date22 Oct 2006
    CategoryDebian
    4101
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1197-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    October 22nd, 2006                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : python2.4
    Vulnerability  : buffer overflow
    Problem-Type   : local(remote)
    Debian-specific: no
    CVE ID         : CVE-2006-4980
    Debian Bug     : 391589
    
    Benjamin C. Wiley Sittler discovered that the repr() of the Python 
    interpreter allocates insufficient memory when parsing UCS-4 Unicode
    strings, which might lead to execution of arbitrary code through
    a buffer overflow.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.4.1-2sarge1. Due to build problems this update lacks fixed
    packages for the m68k architecture. Once they are sorted out, binaries
    for m68k will be released.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2.4.4-1.
    
    We recommend that you upgrade your Python 2.4 packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1.dsc
          Size/MD5 checksum:     1094 c32c8fdbdc8579afa65a35811fd0f447
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1.diff.gz
          Size/MD5 checksum:  2588405 b06709694f4fd3b04ddd0316403f3528
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1.orig.tar.gz
          Size/MD5 checksum:  9205762 0475655d5c6f7919fc977c42c1103af8
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.1-2sarge1_all.deb
          Size/MD5 checksum:   239606 7bfff5388898e8fa7696f34e59035779
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-doc_2.4.1-2sarge1_all.deb
          Size/MD5 checksum:  3217000 0a26b7cfe7aa6666c553b0f9e5fdd228
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.1-2sarge1_all.deb
          Size/MD5 checksum:   578596 e789e6a59b4110f986614157d83ac1ec
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_alpha.deb
          Size/MD5 checksum:  3610318 cdf1d11305fee01f3eeea87bbae45266
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_alpha.deb
          Size/MD5 checksum:  6995312 a00b457959904c463a227389b5ee2d1b
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_alpha.deb
          Size/MD5 checksum:  1846778 4200b817da114fbf781d0e2ee7c3f125
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_alpha.deb
          Size/MD5 checksum:    27158 c8214711b8b8c020fa6fe1c5b430857d
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_alpha.deb
          Size/MD5 checksum:   111724 78583460f1f16a560346416dafdd1e97
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_amd64.deb
          Size/MD5 checksum:  3644420 f1e366e9de8c4583201db00823e740b0
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_amd64.deb
          Size/MD5 checksum:  7596356 656640c35bcf86aef6af768b754191f8
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_amd64.deb
          Size/MD5 checksum:  1680266 56874b34d708320d9563bf322c009950
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_amd64.deb
          Size/MD5 checksum:    26752 5c432a87748ebf5c1299684a5b995bcf
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_amd64.deb
          Size/MD5 checksum:   110664 1abaea30247985cecb0f0c394a532bbc
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_arm.deb
          Size/MD5 checksum:  3476134 d9122efe777d8782fde2a8ed06db0456
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_arm.deb
          Size/MD5 checksum:  7773024 0cfac06be44113fc5328878559265408
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_arm.deb
          Size/MD5 checksum:  1740512 f2dbd9a91f0168c2a54ff5e85991f797
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_arm.deb
          Size/MD5 checksum:    26216 58d858bb9b10ba2b7a8381dba62fccab
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_arm.deb
          Size/MD5 checksum:   108414 7aada40e9df512d388fd0c372a0f96e4
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_hppa.deb
          Size/MD5 checksum:  3967042 1179251a4c152791bce6190f14f50029
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_hppa.deb
          Size/MD5 checksum:  7506806 ee1f489786abb4d05cc6cd6049d09d44
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_hppa.deb
          Size/MD5 checksum:  1930440 42270cb0ab8332455f33b42c0e209ea8
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_hppa.deb
          Size/MD5 checksum:    27692 0f161e2821a24dab07b5c31c628f1f35
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_hppa.deb
          Size/MD5 checksum:   114356 d9b62f50ef9869899503bf11e3c7ba71
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_i386.deb
          Size/MD5 checksum:  3498752 2195fedd87ce153be461795974e4816d
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_i386.deb
          Size/MD5 checksum:  7486790 67a1ae83b45af4fcd0ea04d27df0caab
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_i386.deb
          Size/MD5 checksum:  1560084 a4c6fed23893734aa0b745ebcdf0506b
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_i386.deb
          Size/MD5 checksum:    26442 76de5a0d786eed213f22b32b9dcd8057
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_i386.deb
          Size/MD5 checksum:   108746 dc99596f18cf8d10a52d0d81083b62cc
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_ia64.deb
          Size/MD5 checksum:  4793736 cb9eeb3af5105dede1690b5eb11336f1
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_ia64.deb
          Size/MD5 checksum:  8167732 ecbe13d1a7e9fc7fa9dd3523040628bb
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_ia64.deb
          Size/MD5 checksum:  2569956 81850f114647dada515407a15daa52a1
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_ia64.deb
          Size/MD5 checksum:    28960 79e3b59f0042bb107a989b66c130b26d
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_ia64.deb
          Size/MD5 checksum:   121118 9d33f567b038361b8d23cf0275674799
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_mips.deb
          Size/MD5 checksum:  3669214 06b8ba760797fe08f252e25e9af856db
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_mips.deb
          Size/MD5 checksum:  7589004 e6198a6685c9508afda6dd08e1dee888
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_mips.deb
          Size/MD5 checksum:  1793540 e14db41b525691a3b502c51d805bf5f9
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_mips.deb
          Size/MD5 checksum:    26444 014cb1eb51f4f4889221399c20c1e9a3
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_mips.deb
          Size/MD5 checksum:   108174 6b99bf799321674e04f561f4584fcd15
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_mipsel.deb
          Size/MD5 checksum:  3647276 65573507ed3184680910bb53af7adae0
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_mipsel.deb
          Size/MD5 checksum:  7529236 fe2591c7be7bc3da6d1426b0419b2129
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_mipsel.deb
          Size/MD5 checksum:  1796408 3da2ad04d9a0b88b6809ce376f46fdbc
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_mipsel.deb
          Size/MD5 checksum:    26406 00bd7ffd924803a5226c82bff8a3e1ad
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_mipsel.deb
          Size/MD5 checksum:   108036 7a7c6c10b32d86302cdb418fa148cbfc
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_powerpc.deb
          Size/MD5 checksum:  3814752 b9be9ccb59126a9a83365aef93e27ad3
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_powerpc.deb
          Size/MD5 checksum:  9396504 278a5f89d8201ffaeca9fe4501ad5ae0
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_powerpc.deb
          Size/MD5 checksum:  1806198 2db0437733c5801d00c4b5fd82fbdebd
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_powerpc.deb
          Size/MD5 checksum:    28204 b7b47dc9d2532c3abc06e0c1bf6e9597
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_powerpc.deb
          Size/MD5 checksum:   111358 fa58349527c32f6bd6126441274b5583
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_s390.deb
          Size/MD5 checksum:  3712336 2761bb55f4ac0a934476394bef538357
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_s390.deb
          Size/MD5 checksum:  8222234 dfc770cac7f3e481b4969e7be2a8d629
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_s390.deb
          Size/MD5 checksum:  1713588 d5ed9763362eee3dfba73ec19de652cb
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_s390.deb
          Size/MD5 checksum:    27276 5ee293e901f42bafa79a0a37a4ce233d
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_s390.deb
          Size/MD5 checksum:   112968 2c4689078758091ccfae1057fda09e9e
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_sparc.deb
          Size/MD5 checksum:  3715424 81908a631feaa110610a58410f950d91
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_sparc.deb
          Size/MD5 checksum:  7449766 854b2894343dcc66c5b0a88b5216052b
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_sparc.deb
          Size/MD5 checksum:  1758642 f883d25bbe9787e852a7f6b3d09d9d2c
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_sparc.deb
          Size/MD5 checksum:    26518 2444845126380cc59835d88ade744687
        http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_sparc.deb
          Size/MD5 checksum:   110710 cd0d19aa95b3acad587ae7097ecc391e
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.