Debian: New python2.4 packages fix several vulnerabilities

    Date19 Nov 2008
    CategoryDebian
    3215
    Posted ByLinuxSecurity Advisories
    David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1667-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    November 19, 2008                     http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : python2.4
    Vulnerability  : several
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144
    
    Several vulnerabilities have been discovered in the interpreter for the
    Python language. The Common Vulnerabilities and Exposures project
    identifies the following problems:
    
    CVE-2008-2315
    
        David Remahl discovered several integer overflows in the
        stringobject, unicodeobject,  bufferobject, longobject,
        tupleobject, stropmodule, gcmodule, and mmapmodule modules.
    
    CVE-2008-3142
    
        Justin Ferguson discovered that incorrect memory allocation in
        the unicode_resize() function can lead to buffer overflows.
    
    CVE-2008-3143
     
        Several integer overflows were discovered in various Python core
        modules.
    
    CVE-2008-3144
    
        Several integer oberflows were discovered in the PyOS_vsnprintf()
        function.  
    
    For the stable distribution (etch), these problems have been fixed in
    version 2.4.4-3+etch2.
    
    For the unstable distribution (sid) and the upcoming stable
    distribution (lenny), these problems have been fixed in
    version 2.4.5-5.
    
    We recommend that you upgrade your python2.4 packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz
        Size/MD5 checksum:  9508940 f74ef9de91918f8927e75e8c3024263a
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.dsc
        Size/MD5 checksum:     1201 0b3898b3477ae37a81d28f9539c50de6
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.diff.gz
        Size/MD5 checksum:   205713 ac023a02c39a7e70b10c268e7169cbc7
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch2_all.deb
        Size/MD5 checksum:   589678 9c6aef28fb1ff9a804fa1a147ce69d9e
      http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch2_all.deb
        Size/MD5 checksum:    60906 f03f5452778817758dfce037ba571001
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_alpha.deb
        Size/MD5 checksum:   965736 6f3adc06d80c3fdeda48e3bc0b12e5d9
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_alpha.deb
        Size/MD5 checksum:  5238160 680f07c3e87cb20b05b37745cf80f39a
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_alpha.deb
        Size/MD5 checksum:  2970930 e9f0951b39f36de2bd288aa34ca0dbc4
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_alpha.deb
        Size/MD5 checksum:  1850704 3ccfc06ca31ae9f7f6cb631e8ee3a000
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_amd64.deb
        Size/MD5 checksum:   967804 0b594b7a4e03004672043d5c58019f80
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_amd64.deb
        Size/MD5 checksum:  1637308 bcb8e0ccd455c2487ee2721d3d84aca1
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_amd64.deb
        Size/MD5 checksum:  5592228 441466ec5cbe0a3bf5b7d55a6fed7d8b
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_amd64.deb
        Size/MD5 checksum:  2968524 145a0af7bfaaae7d9ad2203241ec4ee8
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_arm.deb
        Size/MD5 checksum:  5358352 bb915c2a61cdc006db13a8d0c440c56d
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_arm.deb
        Size/MD5 checksum:  1502304 84153862216da31338aba857c90871d4
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_arm.deb
        Size/MD5 checksum:   902236 6427dc210675b5cce39ab5f928b298db
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_arm.deb
        Size/MD5 checksum:  2882452 b6bf0e5f6b4ea813a5bccc567b6e408e
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_hppa.deb
        Size/MD5 checksum:  3076702 001c94d6dba8fb9ba08d29ca5ceca65f
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_hppa.deb
        Size/MD5 checksum:  1799642 95b811cadf540cc3b3f31a0134d18661
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_hppa.deb
        Size/MD5 checksum:  1020124 9c8431097766633b45cfa35bf71761f5
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_hppa.deb
        Size/MD5 checksum:  5529414 67fb9036f49688d82b6ee93addc3c3fe
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_i386.deb
        Size/MD5 checksum:   901636 b198116fc5425e7fd48dba6d992a0c06
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_i386.deb
        Size/MD5 checksum:  2850824 4c7b173a4ebb3444201fe3f45f9e9fd2
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_i386.deb
        Size/MD5 checksum:  1511532 4fd6d3f340893f233f674a73642330b0
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_i386.deb
        Size/MD5 checksum:  5185158 da92623d224f45bd929b778864f98991
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_ia64.deb
        Size/MD5 checksum:  3373186 bf8c76edf3d0c95deaa7bdf81a178a83
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_ia64.deb
        Size/MD5 checksum:  6069872 e4dfd4adc2e602334f0896f7424f0575
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_ia64.deb
        Size/MD5 checksum:  2271712 46e48abc5e37875a427752c82d8a0f7b
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_ia64.deb
        Size/MD5 checksum:  1290446 9c85ea026775b8a4789a3e46816d0d5e
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_mips.deb
        Size/MD5 checksum:   957252 d38814f00e5f99329484248c184b24b3
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_mips.deb
        Size/MD5 checksum:  5660920 84bacdccb5955980efe7a6b59e5238fa
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_mips.deb
        Size/MD5 checksum:  1726146 c4312205f75f0bf6393ff2c7bd70fd2f
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_mips.deb
        Size/MD5 checksum:  2907332 db94b5cd8acca9f475f5f6965a66761a
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_mipsel.deb
        Size/MD5 checksum:  2864392 a17779986991285abab3391244d9c1e3
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_mipsel.deb
        Size/MD5 checksum:  5511232 b92e2004fb01967d4f7014970171e9a9
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_mipsel.deb
        Size/MD5 checksum:  1717876 a98897dc330a1a6effa05ff29af9bfab
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_mipsel.deb
        Size/MD5 checksum:   939778 6aeb1ef0ed1589b20009b0f7428a2dda
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_powerpc.deb
        Size/MD5 checksum:  1642534 468c97ebc8403c556c36da596e31d20f
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_powerpc.deb
        Size/MD5 checksum:  2958248 bc7f2d52549e520a9843945dd282bfad
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_powerpc.deb
        Size/MD5 checksum:  5786768 370c7b6f933f98308416924f13da6f94
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_powerpc.deb
        Size/MD5 checksum:   979280 a25aeb78de7b33b8b2cfe316f3f0a834
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_s390.deb
        Size/MD5 checksum:  2977268 a4dcf614e277d8c0f70b4737e53aaf5c
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_s390.deb
        Size/MD5 checksum:   974928 a3bd80007cd56a79472b42db039ece4f
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_s390.deb
        Size/MD5 checksum:  5674618 cb969a4cc4fda848ebee50528d3c570d
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_s390.deb
        Size/MD5 checksum:  1648202 72ebac2aefa5ca8c8e2ef9675e0c6052
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_sparc.deb
        Size/MD5 checksum:  2902784 21032174db6897e8828e34ce01fa017d
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_sparc.deb
        Size/MD5 checksum:   918976 694c6c564222cff16c9069c6ee8c24bf
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_sparc.deb
        Size/MD5 checksum:  1586720 bf9d1414434a21b314535fc6df13103b
      http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_sparc.deb
        Size/MD5 checksum:  5199576 c5bb7eb8ecc15a633d7045d284d3d93d
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.