From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1667-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 19, 2008
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : python2.4
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144
Several vulnerabilities have been discovered in the interpreter for the
Python language. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2008-2315
David Remahl discovered several integer overflows in the
stringobject, unicodeobject, bufferobject, longobject,
tupleobject, stropmodule, gcmodule, and mmapmodule modules.
CVE-2008-3142
Justin Ferguson discovered that incorrect memory allocation in
the unicode_resize() function can lead to buffer overflows.
CVE-2008-3143
Several integer overflows were discovered in various Python core
modules.
CVE-2008-3144
Several integer oberflows were discovered in the PyOS_vsnprintf()
function.
For the stable distribution (etch), these problems have been fixed in
version 2.4.4-3+etch2.
For the unstable distribution (sid) and the upcoming stable
distribution (lenny), these problems have been fixed in
version 2.4.5-5.
We recommend that you upgrade your python2.4 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz
Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.dsc
Size/MD5 checksum: 1201 0b3898b3477ae37a81d28f9539c50de6
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.diff.gz
Size/MD5 checksum: 205713 ac023a02c39a7e70b10c268e7169cbc7
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch2_all.deb
Size/MD5 checksum: 589678 9c6aef28fb1ff9a804fa1a147ce69d9e
http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch2_all.deb
Size/MD5 checksum: 60906 f03f5452778817758dfce037ba571001
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 965736 6f3adc06d80c3fdeda48e3bc0b12e5d9
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 5238160 680f07c3e87cb20b05b37745cf80f39a
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 2970930 e9f0951b39f36de2bd288aa34ca0dbc4
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_alpha.deb
Size/MD5 checksum: 1850704 3ccfc06ca31ae9f7f6cb631e8ee3a000
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 967804 0b594b7a4e03004672043d5c58019f80
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 1637308 bcb8e0ccd455c2487ee2721d3d84aca1
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 5592228 441466ec5cbe0a3bf5b7d55a6fed7d8b
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_amd64.deb
Size/MD5 checksum: 2968524 145a0af7bfaaae7d9ad2203241ec4ee8
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_arm.deb
Size/MD5 checksum: 5358352 bb915c2a61cdc006db13a8d0c440c56d
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_arm.deb
Size/MD5 checksum: 1502304 84153862216da31338aba857c90871d4
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_arm.deb
Size/MD5 checksum: 902236 6427dc210675b5cce39ab5f928b298db
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_arm.deb
Size/MD5 checksum: 2882452 b6bf0e5f6b4ea813a5bccc567b6e408e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 3076702 001c94d6dba8fb9ba08d29ca5ceca65f
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 1799642 95b811cadf540cc3b3f31a0134d18661
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 1020124 9c8431097766633b45cfa35bf71761f5
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_hppa.deb
Size/MD5 checksum: 5529414 67fb9036f49688d82b6ee93addc3c3fe
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_i386.deb
Size/MD5 checksum: 901636 b198116fc5425e7fd48dba6d992a0c06
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_i386.deb
Size/MD5 checksum: 2850824 4c7b173a4ebb3444201fe3f45f9e9fd2
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_i386.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)