[Full-disclosure] [ MDVSA-2010:132 ] python




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:132
http://www.mandriva.com/security/
_______________________________________________________________________

Package : python
Date : July 14, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in python:

Multiple integer overflows in audioop.c in the audioop module in
Ptthon allow context-dependent attackers to cause a denial of service
(application crash) via a large fragment, as demonstrated by a call
to audioop.lin2lin with a long string in the first argument, leading
to a buffer overflow. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2008-3143.5 (CVE-2010-1634).

The audioop module in Python does not verify the relationships between
size arguments and byte string lengths, which allows context-dependent
attackers to cause a denial of service (memory corruption and
application crash) via crafted arguments, as demonstrated by a call
to audioop.reverse with a one-byte string, a different vulnerability
than CVE-2010-1634 (CVE-2010-2089).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
4f913679ea6f154f0d7c84c8bafd3fe3 2008.0/i586/libpython2.5-2.5.2-2.7mdv2008.0.i586.rpm
dfab01f9210fa284ad3b4dd271bfb3dd 2008.0/i586/libpython2.5-devel-2.5.2-2.7mdv2008.0.i586.rpm
b6245a9dc5423d14ba96f4f388dd0fe6 2008.0/i586/python-2.5.2-2.7mdv2008.0.i586.rpm
15c39b51c66cc78aec157eaed0267a7b 2008.0/i586/python-base-2.5.2-2.7mdv2008.0.i586.rpm
e38a9894712bf82a8dcc1eee1265592c 2008.0/i586/python-docs-2.5.2-2.7mdv2008.0.i586.rpm
2f2100e6dd35a4aef8e503394a723e81 2008.0/i586/tkinter-2.5.2-2.7mdv2008.0.i586.rpm
29b96d4b84a7241fc78f55671f1a33f0 2008.0/i586/tkinter-apps-2.5.2-2.7mdv2008.0.i586.rpm
211a673f3cd2e1b7d153d6f40291ad86 2008.0/SRPMS/python-2.5.2-2.7mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
5f9e4e0e27dfa80a7fa2bf62998edf25 2008.0/x86_64/lib64python2.5-2.5.2-2.7mdv2008.0.x86_64.rpm
36bfe236a350a8e9a0e2657eefadd299 2008.0/x86_64/lib64python2.5-devel-2.5.2-2.7mdv2008.0.x86_64.rpm
c03cc44dac5ecdf49d7bf2ca5ad5477a 2008.0/x86_64/python-2.5.2-2.7mdv2008.0.x86_64.rpm
1965d6962b5cfe7349f4369bceda2ce4 2008.0/x86_64/python-base-2.5.2-2.7mdv2008.0.x86_64.rpm
e13c770d7ddcc045251733d69865a3ae 2008.0/x86_64/python-docs-2.5.2-2.7mdv2008.0.x86_64.rpm
cff8d5ef80f29b2f9e32e171420ede11 2008.0/x86_64/tkinter-2.5.2-2.7mdv2008.0.x86_64.rpm
e8d3db4327d427c9451bf604e5cd1bb7 2008.0/x86_64/tkinter-apps-2.5.2-2.7mdv2008.0.x86_64.rpm
211a673f3cd2e1b7d153d6f40291ad86 2008.0/SRPMS/python-2.5.2-2.7mdv2008.0.src.rpm

Mandriva Linux 2009.0:
598630ce234cff98465351b4af90d664 2009.0/i586/libpython2.5-2.5.2-5.6mdv2009.0.i586.rpm
44a691ffb51a47dd653fbf03d5a9be00 2009.0/i586/libpython2.5-devel-2.5.2-5.6mdv2009.0.i586.rpm
ea55908df10ad9e82a5d361612bcbca7 2009.0/i586/python-2.5.2-5.6mdv2009.0.i586.rpm
cb25c56f6f68e0bb036cd1be0360595d 2009.0/i586/python-base-2.5.2-5.6mdv2009.0.i586.rpm
0161f8c43b4fbf019ef24a72760d3113 2009.0/i586/python-docs-2.5.2-5.6mdv2009.0.i586.rpm
987651d11ca710910a89e52330873187 2009.0/i586/tkinter-2.5.2-5.6mdv2009.0.i586.rpm
a73ba0fa7adcb1ebe2806335e575e8b2 2009.0/i586/tkinter-apps-2.5.2-5.6mdv2009.0.i586.rpm
a6602a71f4573ecb82951a861165fee8 2009.0/SRPMS/python-2.5.2-5.6mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
f22f06db4cc4e8f431aadeaa552f0891 2009.0/x86_64/lib64python2.5-2.5.2-5.6mdv2009.0.x86_64.rpm
a15984e4b2e6821789ba36760aa08a79 2009.0/x86_64/lib64python2.5-devel-2.5.2-5.6mdv2009.0.x86_64.rpm
329f34c1eb9cbf68805edcbb0efda8a2 2009.0/x86_64/python-2.5.2-5.6mdv2009.0.x86_64.rpm
5404e1caa073784bbcb6aab8dff592bf 2009.0/x86_64/python-base-2.5.2-5.6mdv2009.0.x86_64.rpm
59e2bbd0517468929db90ad4e9448dc7 2009.0/x86_64/python-docs-2.5.2-5.6mdv2009.0.x86_64.rpm
b9821ba18b02ad9ae3b5831ac4893fee 2009.0/x86_64/tkinter-2.5.2-5.6mdv2009.0.x86_64.rpm
3593d6bdf3fbc698301edee3d0906e58 2009.0/x86_64/tkinter-apps-2.5.2-5.6mdv2009.0.x86_64.rpm
a6602a71f4573ecb82951a861165fee8 2009.0/SRPMS/python-2.5.2-5.6mdv2009.0.src.rpm

Mandriva Linux 2009.1:
3404f9ddf0f432a2ba81e78ce0408fd8 2009.1/i586/libpython2.6-2.6.1-6.4mdv2009.1.i586.rpm
1642bfa7d7c8c2979f80491cd592447b 2009.1/i586/libpython2.6-devel-2.6.1-6.4mdv2009.1.i586.rpm
e32c4080ae403710eb91bf8508430ecb 2009.1/i586/python-2.6.1-6.4mdv2009.1.i586.rpm
f8221639b02160a28dc7c96d48050195 2009.1/i586/python-docs-2.6.1-6.4mdv2009.1.i586.rpm
d1488967010eb649113916a3eef85213 2009.1/i586/tkinter-2.6.1-6.4mdv2009.1.i586.rpm
c6c3a71a9efa1b8f010027a6d1418fa6 2009.1/i586/tkinter-apps-2.6.1-6.4mdv2009.1.i586.rpm
08fb9cd480e9a5ffa2efe603c17b0e71 2009.1/SRPMS/python-2.6.1-6.4mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
363de5386b3df783c2d599295b6c9fd9 2009.1/x86_64/lib64python2.6-2.6.1-6.4mdv2009.1.x86_64.rpm
f09af1e423ba5755b7b0b524d0a4fada 2009.1/x86_64/lib64python2.6-devel-2.6.1-6.4mdv2009.1.x86_64.rpm
ce6deed593b82a1b973de15001f79362 2009.1/x86_64/python-2.6.1-6.4mdv2009.1.x86_64.rpm
a58bbe02634432f582b8b433287863e5 2009.1/x86_64/python-docs-2.6.1-6.4mdv2009.1.x86_64.rpm
35868acab80516ebb52b08feeff616bb 2009.1/x86_64/tkinter-2.6.1-6.4mdv2009.1.x86_64.rpm
ccb5413b65fd391a8d0fa553ec28b513 2009.1/x86_64/tkinter-apps-2.6.1-6.4mdv2009.1.x86_64.rpm
08fb9cd480e9a5ffa2efe603c17b0e71 2009.1/SRPMS/python-2.6.1-6.4mdv2009.1.src.rpm

Mandriva Linux 2010.0:
5f0ff97a0a93f7dd724156b4c75a189f 2010.0/i586/libpython2.6-2.6.4-1.3mdv2010.0.i586.rpm
ed6881e0fbf01066dfd29ce5b415931c 2010.0/i586/libpython2.6-devel-2.6.4-1.3mdv2010.0.i586.rpm
3324fa6ce72997b71417b7425e3c8caf 2010.0/i586/python-2.6.4-1.3mdv2010.0.i586.rpm
6d842db0d14e29b1c007b99b78926e5d 2010.0/i586/python-docs-2.6.4-1.3mdv2010.0.i586.rpm
bd34f1e94486390acff010381d08da03 2010.0/i586/tkinter-2.6.4-1.3mdv2010.0.i586.rpm
02521a044b36eb44ef9854f38b83364a 2010.0/i586/tkinter-apps-2.6.4-1.3mdv2010.0.i586.rpm
b8341a9e215e7986ff904d7fdf74804c 2010.0/SRPMS/python-2.6.4-1.3mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
213ec645079b9cf5e32898fcbfc28fad 2010.0/x86_64/lib64python2.6-2.6.4-1.3mdv2010.0.x86_64.rpm
37b43ce708c77e503c1f93b26a168605 2010.0/x86_64/lib64python2.6-devel-2.6.4-1.3mdv2010.0.x86_64.rpm
9a3a70fe1762ee70dbc8262ee662c39b 2010.0/x86_64/python-2.6.4-1.3mdv2010.0.x86_64.rpm
ded2b20c7d903a2294425222d5e9ca62 2010.0/x86_64/python-docs-2.6.4-1.3mdv2010.0.x86_64.rpm
0be4dcaea55b6c0b7e6876d62ec7e7b6 2010.0/x86_64/tkinter-2.6.4-1.3mdv2010.0.x86_64.rpm
cee4059bb748ee05150955eb4e2167f6 2010.0/x86_64/tkinter-apps-2.6.4-1.3mdv2010.0.x86_64.rpm
b8341a9e215e7986ff904d7fdf74804c 2010.0/SRPMS/python-2.6.4-1.3mdv2010.0.src.rpm

Mandriva Linux 2010.1:
77685502f90b113db3ba22822b3cf9fc 2010.1/i586/libpython2.6-2.6.5-2.1mdv2010.1.i586.rpm
bf9e3d224cf0059ec9344b034ec077af 2010.1/i586/libpython2.6-devel-2.6.5-2.1mdv2010.1.i586.rpm
5d7158a82859935be01a4be3d9ab13d8 2010.1/i586/python-2.6.5-2.1mdv2010.1.i586.rpm
b6a754e44856a2f3cef1c27cda7607d6 2010.1/i586/python-docs-2.6.5-2.1mdv2010.1.i586.rpm
0f4fa85de1e74e999e32231d09a9a8f2 2010.1/i586/tkinter-2.6.5-2.1mdv2010.1.i586.rpm
dca56ed98ff41e72884d1f0d06d77f40 2010.1/i586/tkinter-apps-2.6.5-2.1mdv2010.1.i586.rpm
107556cf0daafd475511abb2b598b7e3 2010.1/SRPMS/python-2.6.5-2.1mdv2010.1.src.rpm

Mandriva Linux 2010.1/X86_64:
14bcbf073fc47d3a423c6fefe15b5939 2010.1/x86_64/lib64python2.6-2.6.5-2.1mdv2010.1.x86_64.rpm
9acea2705dc72a6ad717fbcd961db368 2010.1/x86_64/lib64python2.6-devel-2.6.5-2.1mdv2010.1.x86_64.rpm
3e2047db297a58cef19bd3a22bab1953 2010.1/x86_64/python-2.6.5-2.1mdv2010.1.x86_64.rpm
618c9b3e812d73ae236a409ce1453a89 2010.1/x86_64/python-docs-2.6.5-2.1mdv2010.1.x86_64.rpm
8ad00fe7d002305ac26ff720ca3fc3ff 2010.1/x86_64/tkinter-2.6.5-2.1mdv2010.1.x86_64.rpm
3a8fdef37c200ca7b74f7e263dbaf04b 2010.1/x86_64/tkinter-apps-2.6.5-2.1mdv2010.1.x86_64.rpm
107556cf0daafd475511abb2b598b7e3 2010.1/SRPMS/python-2.6.5-2.1mdv2010.1.src.rpm

Corporate 4.0:
24663decfe6c6ba75771371777834d6a corporate/4.0/i586/libpython2.4-2.4.5-0.6.20060mlcs4.i586.rpm
2d362036a85055bcae84aa30e320425b corporate/4.0/i586/libpython2.4-devel-2.4.5-0.6.20060mlcs4.i586.rpm
07a94afed3c78c4e071197ba7dba676b corporate/4.0/i586/python-2.4.5-0.6.20060mlcs4.i586.rpm
b46bc657628e0790dc68c0298d0fa8c2 corporate/4.0/i586/python-base-2.4.5-0.6.20060mlcs4.i586.rpm
00fea68fc4a04885a56d4979dbcd4805 corporate/4.0/i586/python-docs-2.4.5-0.6.20060mlcs4.i586.rpm
e7f1dd4a85e67c89d9053bbd5a0dcb1d corporate/4.0/i586/tkinter-2.4.5-0.6.20060mlcs4.i586.rpm
2bd3365c9ce6ef9caf80b7824e5cdba2 corporate/4.0/SRPMS/python-2.4.5-0.6.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6a321e2d0675667c4a20ca9eef9e659f corporate/4.0/x86_64/lib64python2.4-2.4.5-0.6.20060mlcs4.x86_64.rpm
c4747b33200becebdf06b999233d2d85 corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.6.20060mlcs4.x86_64.rpm
f0e7f6603385328327f62613820d09ad corporate/4.0/x86_64/python-2.4.5-0.6.20060mlcs4.x86_64.rpm
fab004a4528c0ea88257c28f68767232 corporate/4.0/x86_64/python-base-2.4.5-0.6.20060mlcs4.x86_64.rpm
949f7e382bebc814c821d619abfd5d57 corporate/4.0/x86_64/python-docs-2.4.5-0.6.20060mlcs4.x86_64.rpm
f61e8d55e2a2be3c0dc62903fce980d5 corporate/4.0/x86_64/tkinter-2.4.5-0.6.20060mlcs4.x86_64.rpm
2bd3365c9ce6ef9caf80b7824e5cdba2 corporate/4.0/SRPMS/python-2.4.5-0.6.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
28d975daaf5f623144e20493dd451745 mes5/i586/libpython2.5-2.5.2-5.7mdvmes5.1.i586.rpm
2aff847d8b904ded1e3af26f2104959c mes5/i586/libpython2.5-devel-2.5.2-5.7mdvmes5.1.i586.rpm
7453da455746ae242478602e28f8ad54 mes5/i586/python-2.5.2-5.7mdvmes5.1.i586.rpm
50ef79c0fe2a2ddb0768e9e42cd1a78d mes5/i586/python-base-2.5.2-5.7mdvmes5.1.i586.rpm
eaba93ba9f5a77fdcd23b199c81ecf10 mes5/i586/python-docs-2.5.2-5.7mdvmes5.1.i586.rpm
6c0014be0c8647ac1c0ad4e6a5d48c92 mes5/i586/tkinter-2.5.2-5.7mdvmes5.1.i586.rpm
78fe0ba52d451894a19be61b1b41a8f7 mes5/i586/tkinter-apps-2.5.2-5.7mdvmes5.1.i586.rpm
49d1708b056d60fb851ce89033d84224 mes5/SRPMS/python-2.5.2-5.7mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64:
ad5c6abd37cd342183f540370bbbb03b mes5/x86_64/lib64python2.5-2.5.2-5.7mdvmes5.1.x86_64.rpm
2722a15a452703ff5b5ef6d6542e56d3 mes5/x86_64/lib64python2.5-devel-2.5.2-5.7mdvmes5.1.x86_64.rpm
2cac9f75b9cb85182e8a420329dfaccd mes5/x86_64/python-2.5.2-5.7mdvmes5.1.x86_64.rpm
e04fdf9d4f629dd51b3bb27e22e4a152 mes5/x86_64/python-base-2.5.2-5.7mdvmes5.1.x86_64.rpm
77b9ee5a5be480ce55eccee414c0f4d5 mes5/x86_64/python-docs-2.5.2-5.7mdvmes5.1.x86_64.rpm
8de9bb41acd3ed981b9b44dbf7d139a5 mes5/x86_64/tkinter-2.5.2-5.7mdvmes5.1.x86_64.rpm
6d1a1b1173907b8602d7ca0ad71bc537 mes5/x86_64/tkinter-apps-2.5.2-5.7mdvmes5.1.x86_64.rpm
49d1708b056d60fb851ce89033d84224 mes5/SRPMS/python-2.5.2-5.7mdvmes5.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMPcWfmqjQ0CJFipgRAgC9AKCCg+mLAWCbtfXJCQPNEYsjz1BzogCg5B8+
nyO+UGRvVtbkbK42OCE47C4=
=DtKJ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [Full-disclosure] [ MDVSA-2011:027 ] openoffice.org
    ... Multiple directory traversal vulnerabilities allow remote attackers ... OpenOffice.org packages have been updated in order to fix these ... Mandriva Linux 2009.0/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2011:027 ] openoffice.org
    ... Multiple directory traversal vulnerabilities allow remote attackers ... OpenOffice.org packages have been updated in order to fix these ... Mandriva Linux 2009.0/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2011:031 ] python-django
    ... Multiple vulnerabilities has been found and corrected in python-django: ... and 1.2.x before 1.2.5 might allow remote attackers to inject ... Updated Packages: ... Mandriva Linux 2010.0/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2011:031 ] python-django
    ... Multiple vulnerabilities has been found and corrected in python-django: ... and 1.2.x before 1.2.5 might allow remote attackers to inject ... Updated Packages: ... Mandriva Linux 2010.0/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2008:101 ] - Updated rdesktop packages fix vulnerabilities
    ... Several vulnerabilities were discovered in rdesktop, ... code with the privileges of the logged-in user. ... The updated packages have been patched to correct these issues. ... Mandriva Linux 2007.1/X86_64: ...
    (Full-Disclosure)