From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1977-1
[email protected] http://www.debian.org/security/ Giuseppe Iuculano January 25, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Packages : python2.4 python2.5
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2008-2316 CVE-2009-3560 CVE-2009-3720
Debian Bug : 493797 560912 560913
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy
in the interpreter for the Python language, does not properly process malformed or
crafted XML files. (CVE-2009-3560 CVE-2009-3720)
This vulnerability could allow an attacker to cause a denial of service while parsing
a malformed XML file.
In addition, this update fixes an integer overflow in the hashlib module in python2.5.
This vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316)
It only affects the oldstable distribution (etch).
For the oldstable distribution (etch), these problems have been fixed in version 2.4.4-3+etch3 for python2.4 and version 2.5-5+etch2 for python2.5.
For the stable distribution (lenny), these problems have been fixed in
version 2.4.6-1+lenny1 for python2.4 and version 2.5.2-15+lenny1 for python2.5.
For the unstable distribution (sid), these problems have been fixed in
version 2.5.4-3.1 for python2.5, and will migrate to the testing distribution (squeeze)
shortly.
python2.4 has been removed from the testing distribution (squeeze), and it will be removed from the unstable distribution soon.
We recommend that you upgrade your python packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2.dsc
Size/MD5 checksum: 1313 61c8f540d768731518e649f759ad1500
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3.dsc
Size/MD5 checksum: 1210 647efe66b35aa00c2f0416e41920fdf8
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz
Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3.diff.gz
Size/MD5 checksum: 207460 c9b1b80a1aae12db910e353dab5cd0fb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2.diff.gz
Size/MD5 checksum: 271887 2d1944512d0eaa925a4a158b2c3a5845
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.orig.tar.gz
Size/MD5 checksum: 11010528 2ce301134620012ad6dafb27bbcab7eb
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5-5+etch2_all.deb
Size/MD5 checksum: 62226 9de6fad0cf4c106d77c4189ecf3f0fab
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch3_all.deb
Size/MD5 checksum: 589766 e33c071f8e1864e1c5a63d2e39f21d2f
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5-5+etch2_all.deb
Size/MD5 checksum: 645704 8732b224b59cd6488596117d074831f9
http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch3_all.deb
Size/MD5 checksum: 60154 8ac06e4c9ad4c1830ee90ece429690fe
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_alpha.deb
Size/MD5 checksum: 2943634 e5ab4789b18f9ac953b6b101ec897616
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_alpha.deb
Size/MD5 checksum: 6082828 772c99f5e8dc4e7c9306ba4a61837565
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_alpha.deb
Size/MD5 checksum: 1850092 a19fd86a326d42a31ed75d1f1272d94c
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_alpha.deb
Size/MD5 checksum: 849306 6c7cfd716177bc3677729ef27cd533ff
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_alpha.deb
Size/MD5 checksum: 5248986 20d666649174384d0533b25edfbc6f03
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_alpha.deb
Size/MD5 checksum: 2065970 6bdae572cabf8df46b207f75d2183466
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_alpha.deb
Size/MD5 checksum: 964360 1af19c98fcf6c45530245c70189b221e
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_alpha.deb
Size/MD5 checksum: 3597172 1a2766b7f3936ec996231a772b01fbcc
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_amd64.deb
Size/MD5 checksum: 965684 d3bd2cd13ef83f7fba2d708fab3086ea
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_amd64.deb
Size/MD5 checksum: 6434970 da2852f1c67cf014d657c4f4084e779b
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_amd64.deb
Size/MD5 checksum: 849554 6e61f418e4a10c29e0f281d33e44d461
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_amd64.deb
Size/MD5 checksum: 3551970 c9ae94fbae38d21fe1a6beba77715845
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)