- ------------------------------------------------------------------------Debian Security Advisory DSA-1667-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 19, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : python2.4
Vulnerability  : several
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144

Several vulnerabilities have been discovered in the interpreter for the
Python language. The Common Vulnerabilities and Exposures project
identifies the following problems:


    David Remahl discovered several integer overflows in the
    stringobject, unicodeobject,  bufferobject, longobject,
    tupleobject, stropmodule, gcmodule, and mmapmodule modules.


    Justin Ferguson discovered that incorrect memory allocation in
    the unicode_resize() function can lead to buffer overflows.

    Several integer overflows were discovered in various Python core


    Several integer oberflows were discovered in the PyOS_vsnprintf()

For the stable distribution (etch), these problems have been fixed in
version 2.4.4-3+etch2.

For the unstable distribution (sid) and the upcoming stable
distribution (lenny), these problems have been fixed in
version 2.4.5-5.

We recommend that you upgrade your python2.4 packages.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:  9508940 f74ef9de91918f8927e75e8c3024263a
      Size/MD5 checksum:     1201 0b3898b3477ae37a81d28f9539c50de6
      Size/MD5 checksum:   205713 ac023a02c39a7e70b10c268e7169cbc7

Architecture independent packages:

      Size/MD5 checksum:   589678 9c6aef28fb1ff9a804fa1a147ce69d9e
      Size/MD5 checksum:    60906 f03f5452778817758dfce037ba571001

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   965736 6f3adc06d80c3fdeda48e3bc0b12e5d9
      Size/MD5 checksum:  5238160 680f07c3e87cb20b05b37745cf80f39a
      Size/MD5 checksum:  2970930 e9f0951b39f36de2bd288aa34ca0dbc4
      Size/MD5 checksum:  1850704 3ccfc06ca31ae9f7f6cb631e8ee3a000

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:   967804 0b594b7a4e03004672043d5c58019f80
      Size/MD5 checksum:  1637308 bcb8e0ccd455c2487ee2721d3d84aca1
      Size/MD5 checksum:  5592228 441466ec5cbe0a3bf5b7d55a6fed7d8b
      Size/MD5 checksum:  2968524 145a0af7bfaaae7d9ad2203241ec4ee8

arm architecture (ARM)

      Size/MD5 checksum:  5358352 bb915c2a61cdc006db13a8d0c440c56d
      Size/MD5 checksum:  1502304 84153862216da31338aba857c90871d4
      Size/MD5 checksum:   902236 6427dc210675b5cce39ab5f928b298db
      Size/MD5 checksum:  2882452 b6bf0e5f6b4ea813a5bccc567b6e408e

hppa architecture (HP PA RISC)

      Size/MD5 checksum:  3076702 001c94d6dba8fb9ba08d29ca5ceca65f
      Size/MD5 checksum:  1799642 95b811cadf540cc3b3f31a0134d18661
      Size/MD5 checksum:  1020124 9c8431097766633b45cfa35bf71761f5
      Size/MD5 checksum:  5529414 67fb9036f49688d82b6ee93addc3c3fe

i386 architecture (Intel ia32)

      Size/MD5 checksum:   901636 b198116fc5425e7fd48dba6d992a0c06
      Size/MD5 checksum:  2850824 4c7b173a4ebb3444201fe3f45f9e9fd2
      Size/MD5 checksum:  1511532 4fd6d3f340893f233f674a73642330b0
      Size/MD5 checksum:  5185158 da92623d224f45bd929b778864f98991

ia64 architecture (Intel ia64)

      Size/MD5 checksum:  3373186 bf8c76edf3d0c95deaa7bdf81a178a83
      Size/MD5 checksum:  6069872 e4dfd4adc2e602334f0896f7424f0575
      Size/MD5 checksum:  2271712 46e48abc5e37875a427752c82d8a0f7b
      Size/MD5 checksum:  1290446 9c85ea026775b8a4789a3e46816d0d5e

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   957252 d38814f00e5f99329484248c184b24b3
      Size/MD5 checksum:  5660920 84bacdccb5955980efe7a6b59e5238fa
      Size/MD5 checksum:  1726146 c4312205f75f0bf6393ff2c7bd70fd2f
      Size/MD5 checksum:  2907332 db94b5cd8acca9f475f5f6965a66761a

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:  2864392 a17779986991285abab3391244d9c1e3
      Size/MD5 checksum:  5511232 b92e2004fb01967d4f7014970171e9a9
      Size/MD5 checksum:  1717876 a98897dc330a1a6effa05ff29af9bfab
      Size/MD5 checksum:   939778 6aeb1ef0ed1589b20009b0f7428a2dda

powerpc architecture (PowerPC)

      Size/MD5 checksum:  1642534 468c97ebc8403c556c36da596e31d20f
      Size/MD5 checksum:  2958248 bc7f2d52549e520a9843945dd282bfad
      Size/MD5 checksum:  5786768 370c7b6f933f98308416924f13da6f94
      Size/MD5 checksum:   979280 a25aeb78de7b33b8b2cfe316f3f0a834

s390 architecture (IBM S/390)

      Size/MD5 checksum:  2977268 a4dcf614e277d8c0f70b4737e53aaf5c
      Size/MD5 checksum:   974928 a3bd80007cd56a79472b42db039ece4f
      Size/MD5 checksum:  5674618 cb969a4cc4fda848ebee50528d3c570d
      Size/MD5 checksum:  1648202 72ebac2aefa5ca8c8e2ef9675e0c6052

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:  2902784 21032174db6897e8828e34ce01fa017d
      Size/MD5 checksum:   918976 694c6c564222cff16c9069c6ee8c24bf
      Size/MD5 checksum:  1586720 bf9d1414434a21b314535fc6df13103b
      Size/MD5 checksum:  5199576 c5bb7eb8ecc15a633d7045d284d3d93d

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New python2.4 packages fix several vulnerabilities

November 19, 2008
David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule mo...