Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-1620-1 python2.5 -- several vulnerabilities

Related Vulnerabilities: CVE-2007-2052   CVE-2007-4965   CVE-2008-1679   CVE-2008-1721   CVE-2008-1887  

Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure. CVE-2007-4965 It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch. CVE-2008-1721 Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code. CVE-2008-1887 Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code. For the stable distribution (etch), these problems have been fixed in version 2.5-5+etch1. For the unstable distribution (sid), these problems have been fixed in version 2.5.2-3. We recommend that you upgrade your python2.5 packages.

Source

Debian Security Advisory

DSA-1620-1 python2.5 -- several vulnerabilities

Date Reported:
27 Jul 2008
Affected Packages:
python2.5
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887.
More information:

Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2007-2052

    Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure.

  • CVE-2007-4965

    It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch.

  • CVE-2008-1721

    Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code.

  • CVE-2008-1887

    Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code.

For the stable distribution (etch), these problems have been fixed in version 2.5-5+etch4.

For the unstable distribution (sid), these problems have been fixed in version 2.5.2-3.

We recommend that you upgrade your python2.5 packages.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Source:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4.dsc
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.orig.tar.gz
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4.diff.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5-5+etch4_all.deb
http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5-5+etch4_all.deb
Alpha:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch4_alpha.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch4_alpha.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4_alpha.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch4_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch4_amd64.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4_amd64.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch4_amd64.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch4_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch4_arm.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch4_arm.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4_arm.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch4_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch4_hppa.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4_hppa.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch4_hppa.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch4_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch4_i386.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch4_i386.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4_i386.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch4_ia64.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch4_ia64.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4_ia64.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch4_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch4_mips.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch4_mips.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4_mips.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch4_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4_mipsel.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch4_mipsel.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch4_mipsel.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch4_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4_powerpc.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch4_powerpc.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch4_powerpc.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch4_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch4_s390.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch4_s390.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch4_s390.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch4_sparc.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch4_sparc.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch4_sparc.deb
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch4_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started