From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1620-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
July 27, 2008
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : python2.5
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887
Several vulnerabilities have been discovered in the interpreter for the
Python language. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-2052
Piotr Engelking discovered that the strxfrm() function of the locale
module miscalculates the length of an internal buffer, which may
result in a minor information disclosure.
CVE-2007-4965
It was discovered that several integer overflows in the imageop
module may lead to the execution of arbitrary code, if a user is
tricked into processing malformed images. This issue is also
tracked as CVE-2008-1679 due to an initially incomplete patch.
CVE-2008-1721
Justin Ferguson discovered that a buffer overflow in the zlib
module may lead to the execution of arbitrary code.
CVE-2008-1887
Justin Ferguson discovered that insufficient input validation in
PyString_FromStringAndSize() may lead to the execution of arbitrary
code.
For the stable distribution (etch), these problems have been fixed in
version 2.5-5+etch1.
For the unstable distribution (sid), these problems have been fixed in
version 2.5.2-3.
We recommend that you upgrade your python2.5 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1.dsc
Size/MD5 checksum: 1304 1849941ac328ba0bccc45535c5878d4d
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.orig.tar.gz
Size/MD5 checksum: 11010528 2ce301134620012ad6dafb27bbcab7eb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1.diff.gz
Size/MD5 checksum: 266589 dfbdc5caf7a95e68f68e0351228284d4
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5-5+etch1_all.deb
Size/MD5 checksum: 643494 f922c5e48339e5b535a1f23f6e061700
http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5-5+etch1_all.deb
Size/MD5 checksum: 63258 4add97730079e7894abbbca4ba5659d4
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_alpha.deb
Size/MD5 checksum: 849132 28c76f70110314eab90c8ea31d0da51e
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_alpha.deb
Size/MD5 checksum: 2065734 270d593f08cdd06cbe55bdb804a5dc43
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_alpha.deb
Size/MD5 checksum: 3596900 64d12cc349030683dc125901dff56feb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_alpha.deb
Size/MD5 checksum: 6079808 4105398688a96f54fb7e043a3bd536d7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_amd64.deb
Size/MD5 checksum: 6432058 b7e802bf4a19edfaddc28ebc06bed279
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_amd64.deb
Size/MD5 checksum: 3589530 9bbd2cea36b04746fa5437d984147f99
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_amd64.deb
Size/MD5 checksum: 1806598 98bfee87311a8950462a9ab78c7d5719
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_amd64.deb
Size/MD5 checksum: 849650 a95eeb3b45a0a3f74e314084d581fbd6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_arm.deb
Size/MD5 checksum: 1656006 8e8d3d3b991f317384fc1646139712d4
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_arm.deb
Size/MD5 checksum: 781358 fbb5adac7469048405b2585475393475
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_arm.deb
Size/MD5 checksum: 3447404 4a10cad96ef0aefc9ba916a39677b826
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_arm.deb
Size/MD5 checksum: 6017500 f727562323c21bfb371e17ef9691f8e3
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_hppa.deb
Size/MD5 checksum: 1984570 b083e1afffe4a93dd79ae4b8a7dca474
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_hppa.deb
Size/MD5 checksum: 3679122 cb5aa4f840a12ee13094089323f0b4f9
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_hppa.deb
Size/MD5 checksum: 887774 9cc756ce52e5380650ea754c4104c6ca
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_hppa.deb
Size/MD5 checksum: 6204820 65d3c59dcb56277d838b776f0b2d5176
i386 architecture (Intel ia32)
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)