Linux Security
Linux Security
Linux Security

Debian: New python2.4 packages fix several vulnerabilities

Date 19 Nov 2008
Posted By LinuxSecurity Advisories
David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1667-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
November 19, 2008           
- ------------------------------------------------------------------------

Package        : python2.4
Vulnerability  : several
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144

Several vulnerabilities have been discovered in the interpreter for the
Python language. The Common Vulnerabilities and Exposures project
identifies the following problems:


    David Remahl discovered several integer overflows in the
    stringobject, unicodeobject,  bufferobject, longobject,
    tupleobject, stropmodule, gcmodule, and mmapmodule modules.


    Justin Ferguson discovered that incorrect memory allocation in
    the unicode_resize() function can lead to buffer overflows.

    Several integer overflows were discovered in various Python core


    Several integer oberflows were discovered in the PyOS_vsnprintf()

For the stable distribution (etch), these problems have been fixed in
version 2.4.4-3+etch2.

For the unstable distribution (sid) and the upcoming stable
distribution (lenny), these problems have been fixed in
version 2.4.5-5.

We recommend that you upgrade your python2.4 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:  9508940 f74ef9de91918f8927e75e8c3024263a
    Size/MD5 checksum:     1201 0b3898b3477ae37a81d28f9539c50de6
    Size/MD5 checksum:   205713 ac023a02c39a7e70b10c268e7169cbc7

Architecture independent packages:
    Size/MD5 checksum:   589678 9c6aef28fb1ff9a804fa1a147ce69d9e
    Size/MD5 checksum:    60906 f03f5452778817758dfce037ba571001

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   965736 6f3adc06d80c3fdeda48e3bc0b12e5d9
    Size/MD5 checksum:  5238160 680f07c3e87cb20b05b37745cf80f39a
    Size/MD5 checksum:  2970930 e9f0951b39f36de2bd288aa34ca0dbc4
    Size/MD5 checksum:  1850704 3ccfc06ca31ae9f7f6cb631e8ee3a000

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   967804 0b594b7a4e03004672043d5c58019f80
    Size/MD5 checksum:  1637308 bcb8e0ccd455c2487ee2721d3d84aca1
    Size/MD5 checksum:  5592228 441466ec5cbe0a3bf5b7d55a6fed7d8b
    Size/MD5 checksum:  2968524 145a0af7bfaaae7d9ad2203241ec4ee8

arm architecture (ARM)
    Size/MD5 checksum:  5358352 bb915c2a61cdc006db13a8d0c440c56d
    Size/MD5 checksum:  1502304 84153862216da31338aba857c90871d4
    Size/MD5 checksum:   902236 6427dc210675b5cce39ab5f928b298db
    Size/MD5 checksum:  2882452 b6bf0e5f6b4ea813a5bccc567b6e408e

hppa architecture (HP PA RISC)
    Size/MD5 checksum:  3076702 001c94d6dba8fb9ba08d29ca5ceca65f
    Size/MD5 checksum:  1799642 95b811cadf540cc3b3f31a0134d18661
    Size/MD5 checksum:  1020124 9c8431097766633b45cfa35bf71761f5
    Size/MD5 checksum:  5529414 67fb9036f49688d82b6ee93addc3c3fe

i386 architecture (Intel ia32)
    Size/MD5 checksum:   901636 b198116fc5425e7fd48dba6d992a0c06
    Size/MD5 checksum:  2850824 4c7b173a4ebb3444201fe3f45f9e9fd2
    Size/MD5 checksum:  1511532 4fd6d3f340893f233f674a73642330b0
    Size/MD5 checksum:  5185158 da92623d224f45bd929b778864f98991

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  3373186 bf8c76edf3d0c95deaa7bdf81a178a83
    Size/MD5 checksum:  6069872 e4dfd4adc2e602334f0896f7424f0575
    Size/MD5 checksum:  2271712 46e48abc5e37875a427752c82d8a0f7b
    Size/MD5 checksum:  1290446 9c85ea026775b8a4789a3e46816d0d5e

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   957252 d38814f00e5f99329484248c184b24b3
    Size/MD5 checksum:  5660920 84bacdccb5955980efe7a6b59e5238fa
    Size/MD5 checksum:  1726146 c4312205f75f0bf6393ff2c7bd70fd2f
    Size/MD5 checksum:  2907332 db94b5cd8acca9f475f5f6965a66761a

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  2864392 a17779986991285abab3391244d9c1e3
    Size/MD5 checksum:  5511232 b92e2004fb01967d4f7014970171e9a9
    Size/MD5 checksum:  1717876 a98897dc330a1a6effa05ff29af9bfab
    Size/MD5 checksum:   939778 6aeb1ef0ed1589b20009b0f7428a2dda

powerpc architecture (PowerPC)
    Size/MD5 checksum:  1642534 468c97ebc8403c556c36da596e31d20f
    Size/MD5 checksum:  2958248 bc7f2d52549e520a9843945dd282bfad
    Size/MD5 checksum:  5786768 370c7b6f933f98308416924f13da6f94
    Size/MD5 checksum:   979280 a25aeb78de7b33b8b2cfe316f3f0a834

s390 architecture (IBM S/390)
    Size/MD5 checksum:  2977268 a4dcf614e277d8c0f70b4737e53aaf5c
    Size/MD5 checksum:   974928 a3bd80007cd56a79472b42db039ece4f
    Size/MD5 checksum:  5674618 cb969a4cc4fda848ebee50528d3c570d
    Size/MD5 checksum:  1648202 72ebac2aefa5ca8c8e2ef9675e0c6052

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:  2902784 21032174db6897e8828e34ce01fa017d
    Size/MD5 checksum:   918976 694c6c564222cff16c9069c6ee8c24bf
    Size/MD5 checksum:  1586720 bf9d1414434a21b314535fc6df13103b
    Size/MD5 checksum:  5199576 c5bb7eb8ecc15a633d7045d284d3d93d

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"41","type":"x","order":"1","pct":83.67,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":8.16,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":8.16,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.