- ------------------------------------------------------------------------Debian Security Advisory DSA-1667-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
November 19, 2008                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : python2.4
Vulnerability  : several
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144

Several vulnerabilities have been discovered in the interpreter for the
Python language. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2008-2315

    David Remahl discovered several integer overflows in the
    stringobject, unicodeobject,  bufferobject, longobject,
    tupleobject, stropmodule, gcmodule, and mmapmodule modules.

CVE-2008-3142

    Justin Ferguson discovered that incorrect memory allocation in
    the unicode_resize() function can lead to buffer overflows.

CVE-2008-3143
 
    Several integer overflows were discovered in various Python core
    modules.

CVE-2008-3144

    Several integer oberflows were discovered in the PyOS_vsnprintf()
    function.  

For the stable distribution (etch), these problems have been fixed in
version 2.4.4-3+etch2.

For the unstable distribution (sid) and the upcoming stable
distribution (lenny), these problems have been fixed in
version 2.4.5-5.

We recommend that you upgrade your python2.4 packages.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:  9508940 f74ef9de91918f8927e75e8c3024263a
      Size/MD5 checksum:     1201 0b3898b3477ae37a81d28f9539c50de6
      Size/MD5 checksum:   205713 ac023a02c39a7e70b10c268e7169cbc7

Architecture independent packages:

      Size/MD5 checksum:   589678 9c6aef28fb1ff9a804fa1a147ce69d9e
      Size/MD5 checksum:    60906 f03f5452778817758dfce037ba571001

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   965736 6f3adc06d80c3fdeda48e3bc0b12e5d9
      Size/MD5 checksum:  5238160 680f07c3e87cb20b05b37745cf80f39a
      Size/MD5 checksum:  2970930 e9f0951b39f36de2bd288aa34ca0dbc4
      Size/MD5 checksum:  1850704 3ccfc06ca31ae9f7f6cb631e8ee3a000

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:   967804 0b594b7a4e03004672043d5c58019f80
      Size/MD5 checksum:  1637308 bcb8e0ccd455c2487ee2721d3d84aca1
      Size/MD5 checksum:  5592228 441466ec5cbe0a3bf5b7d55a6fed7d8b
      Size/MD5 checksum:  2968524 145a0af7bfaaae7d9ad2203241ec4ee8

arm architecture (ARM)

      Size/MD5 checksum:  5358352 bb915c2a61cdc006db13a8d0c440c56d
      Size/MD5 checksum:  1502304 84153862216da31338aba857c90871d4
      Size/MD5 checksum:   902236 6427dc210675b5cce39ab5f928b298db
      Size/MD5 checksum:  2882452 b6bf0e5f6b4ea813a5bccc567b6e408e

hppa architecture (HP PA RISC)

      Size/MD5 checksum:  3076702 001c94d6dba8fb9ba08d29ca5ceca65f
      Size/MD5 checksum:  1799642 95b811cadf540cc3b3f31a0134d18661
      Size/MD5 checksum:  1020124 9c8431097766633b45cfa35bf71761f5
      Size/MD5 checksum:  5529414 67fb9036f49688d82b6ee93addc3c3fe

i386 architecture (Intel ia32)

      Size/MD5 checksum:   901636 b198116fc5425e7fd48dba6d992a0c06
      Size/MD5 checksum:  2850824 4c7b173a4ebb3444201fe3f45f9e9fd2
      Size/MD5 checksum:  1511532 4fd6d3f340893f233f674a73642330b0
      Size/MD5 checksum:  5185158 da92623d224f45bd929b778864f98991

ia64 architecture (Intel ia64)

      Size/MD5 checksum:  3373186 bf8c76edf3d0c95deaa7bdf81a178a83
      Size/MD5 checksum:  6069872 e4dfd4adc2e602334f0896f7424f0575
      Size/MD5 checksum:  2271712 46e48abc5e37875a427752c82d8a0f7b
      Size/MD5 checksum:  1290446 9c85ea026775b8a4789a3e46816d0d5e

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   957252 d38814f00e5f99329484248c184b24b3
      Size/MD5 checksum:  5660920 84bacdccb5955980efe7a6b59e5238fa
      Size/MD5 checksum:  1726146 c4312205f75f0bf6393ff2c7bd70fd2f
      Size/MD5 checksum:  2907332 db94b5cd8acca9f475f5f6965a66761a

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:  2864392 a17779986991285abab3391244d9c1e3
      Size/MD5 checksum:  5511232 b92e2004fb01967d4f7014970171e9a9
      Size/MD5 checksum:  1717876 a98897dc330a1a6effa05ff29af9bfab
      Size/MD5 checksum:   939778 6aeb1ef0ed1589b20009b0f7428a2dda

powerpc architecture (PowerPC)

      Size/MD5 checksum:  1642534 468c97ebc8403c556c36da596e31d20f
      Size/MD5 checksum:  2958248 bc7f2d52549e520a9843945dd282bfad
      Size/MD5 checksum:  5786768 370c7b6f933f98308416924f13da6f94
      Size/MD5 checksum:   979280 a25aeb78de7b33b8b2cfe316f3f0a834

s390 architecture (IBM S/390)

      Size/MD5 checksum:  2977268 a4dcf614e277d8c0f70b4737e53aaf5c
      Size/MD5 checksum:   974928 a3bd80007cd56a79472b42db039ece4f
      Size/MD5 checksum:  5674618 cb969a4cc4fda848ebee50528d3c570d
      Size/MD5 checksum:  1648202 72ebac2aefa5ca8c8e2ef9675e0c6052

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:  2902784 21032174db6897e8828e34ce01fa017d
      Size/MD5 checksum:   918976 694c6c564222cff16c9069c6ee8c24bf
      Size/MD5 checksum:  1586720 bf9d1414434a21b314535fc6df13103b
      Size/MD5 checksum:  5199576 c5bb7eb8ecc15a633d7045d284d3d93d


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New python2.4 packages fix several vulnerabilities

November 19, 2008
David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule mo...

Summary


David Remahl discovered several integer overflows in the
stringobject, unicodeobject, bufferobject, longobject,
tupleobject, stropmodule, gcmodule, and mmapmodule modules.

CVE-2008-3142

Justin Ferguson discovered that incorrect memory allocation in
the unicode_resize() function can lead to buffer overflows.

CVE-2008-3143

Several integer overflows were discovered in various Python core
modules.

CVE-2008-3144

Several integer oberflows were discovered in the PyOS_vsnprintf()
function.

For the stable distribution (etch), these problems have been fixed in
version 2.4.4-3+etch2.

For the unstable distribution (sid) and the upcoming stable
distribution (lenny), these problems have been fixed in
version 2.4.5-5.

We recommend that you upgrade your python2.4 packages.

Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Source archives:

Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a
Size/MD5 checksum: 1201 0b3898b3477ae37a81d28f9539c50de6
Size/MD5 checksum: 205713 ac023a02c39a7e70b10c268e7169cbc7

Architecture independent packages:

Size/MD5 checksum: 589678 9c6aef28fb1ff9a804fa1a147ce69d9e
Size/MD5 checksum: 60906 f03f5452778817758dfce037ba571001

alpha architecture (DEC Alpha)

Size/MD5 checksum: 965736 6f3adc06d80c3fdeda48e3bc0b12e5d9
Size/MD5 checksum: 5238160 680f07c3e87cb20b05b37745cf80f39a
Size/MD5 checksum: 2970930 e9f0951b39f36de2bd288aa34ca0dbc4
Size/MD5 checksum: 1850704 3ccfc06ca31ae9f7f6cb631e8ee3a000

amd64 architecture (AMD x86_64 (AMD64))

Size/MD5 checksum: 967804 0b594b7a4e03004672043d5c58019f80
Size/MD5 checksum: 1637308 bcb8e0ccd455c2487ee2721d3d84aca1
Size/MD5 checksum: 5592228 441466ec5cbe0a3bf5b7d55a6fed7d8b
Size/MD5 checksum: 2968524 145a0af7bfaaae7d9ad2203241ec4ee8

arm architecture (ARM)

Size/MD5 checksum: 5358352 bb915c2a61cdc006db13a8d0c440c56d
Size/MD5 checksum: 1502304 84153862216da31338aba857c90871d4
Size/MD5 checksum: 902236 6427dc210675b5cce39ab5f928b298db
Size/MD5 checksum: 2882452 b6bf0e5f6b4ea813a5bccc567b6e408e

hppa architecture (HP PA RISC)

Size/MD5 checksum: 3076702 001c94d6dba8fb9ba08d29ca5ceca65f
Size/MD5 checksum: 1799642 95b811cadf540cc3b3f31a0134d18661
Size/MD5 checksum: 1020124 9c8431097766633b45cfa35bf71761f5
Size/MD5 checksum: 5529414 67fb9036f49688d82b6ee93addc3c3fe

i386 architecture (Intel ia32)

Size/MD5 checksum: 901636 b198116fc5425e7fd48dba6d992a0c06
Size/MD5 checksum: 2850824 4c7b173a4ebb3444201fe3f45f9e9fd2
Size/MD5 checksum: 1511532 4fd6d3f340893f233f674a73642330b0
Size/MD5 checksum: 5185158 da92623d224f45bd929b778864f98991

ia64 architecture (Intel ia64)

Size/MD5 checksum: 3373186 bf8c76edf3d0c95deaa7bdf81a178a83
Size/MD5 checksum: 6069872 e4dfd4adc2e602334f0896f7424f0575
Size/MD5 checksum: 2271712 46e48abc5e37875a427752c82d8a0f7b
Size/MD5 checksum: 1290446 9c85ea026775b8a4789a3e46816d0d5e

mips architecture (MIPS (Big Endian))

Size/MD5 checksum: 957252 d38814f00e5f99329484248c184b24b3
Size/MD5 checksum: 5660920 84bacdccb5955980efe7a6b59e5238fa
Size/MD5 checksum: 1726146 c4312205f75f0bf6393ff2c7bd70fd2f
Size/MD5 checksum: 2907332 db94b5cd8acca9f475f5f6965a66761a

mipsel architecture (MIPS (Little Endian))

Size/MD5 checksum: 2864392 a17779986991285abab3391244d9c1e3
Size/MD5 checksum: 5511232 b92e2004fb01967d4f7014970171e9a9
Size/MD5 checksum: 1717876 a98897dc330a1a6effa05ff29af9bfab
Size/MD5 checksum: 939778 6aeb1ef0ed1589b20009b0f7428a2dda

powerpc architecture (PowerPC)

Size/MD5 checksum: 1642534 468c97ebc8403c556c36da596e31d20f
Size/MD5 checksum: 2958248 bc7f2d52549e520a9843945dd282bfad
Size/MD5 checksum: 5786768 370c7b6f933f98308416924f13da6f94
Size/MD5 checksum: 979280 a25aeb78de7b33b8b2cfe316f3f0a834

s390 architecture (IBM S/390)

Size/MD5 checksum: 2977268 a4dcf614e277d8c0f70b4737e53aaf5c
Size/MD5 checksum: 974928 a3bd80007cd56a79472b42db039ece4f
Size/MD5 checksum: 5674618 cb969a4cc4fda848ebee50528d3c570d
Size/MD5 checksum: 1648202 72ebac2aefa5ca8c8e2ef9675e0c6052

sparc architecture (Sun SPARC/UltraSPARC)

Size/MD5 checksum: 2902784 21032174db6897e8828e34ce01fa017d
Size/MD5 checksum: 918976 694c6c564222cff16c9069c6ee8c24bf
Size/MD5 checksum: 1586720 bf9d1414434a21b314535fc6df13103b
Size/MD5 checksum: 5199576 c5bb7eb8ecc15a633d7045d284d3d93d


These files will probably be moved into the stable distribution on
its next update.

For dpkg-ftp: dists/stable/updates/main


Severity

Related News