Mandriva Linux Security Advisory 2015-075 - A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules. Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules. A gzip bomb and unbound read denial of service flaw in python XMLRPC library. Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access. The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. Python before 2.7.8 is vulnerable to an integer overflow in the buffer type. When Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking. The python-pip and tix packages was added due to missing build dependencies.
3b0a1e39fae22b4d6476806ca1197785de85b0ad0d0836ae88ff10eef9f34bcf-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:075
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : python
Date : March 27, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated python packages fix security vulnerabilities:
A vulnerability was reported in Python's socket module, due to
a boundary error within the sock_recvfrom_into() function, which
could be exploited to cause a buffer overflow. This could be used
to crash a Python application that uses the socket.recvfrom_info()
function or, possibly, execute arbitrary code with the permissions
of the user running vulnerable Python code (CVE-2014-1912).
This updates the python package to version 2.7.6, which fixes several
other bugs, including denial of service flaws due to unbound readline()
calls in the ftplib and nntplib modules (CVE-2013-1752).
Denial of service flaws due to unbound readline() calls in the imaplib,
poplib, and smtplib modules (CVE-2013-1752).
A gzip bomb and unbound read denial of service flaw in python XMLRPC
library (CVE-2013-1753).
Python are susceptible to arbitrary process memory reading by a user
or adversary due to a bug in the _json module caused by insufficient
bounds checking. The bug is caused by allowing the user to supply a
negative value that is used an an array index, causing the scanstring
function to access process memory outside of the string it is intended
to access (CVE-2014-4616).
The CGIHTTPServer Python module does not properly handle URL-encoded
path separators in URLs. This may enable attackers to disclose a CGI
script's source code or execute arbitrary scripts in the server's
document root (CVE-2014-4650).
Python before 2.7.8 is vulnerable to an integer overflow in the buffer
type (CVE-2014-7185).
When Python's standard library HTTP clients (httplib, urllib,
urllib2, xmlrpclib) are used to access resources with HTTPS, by
default the certificate is not checked against any trust store,
nor is the hostname in the certificate checked against the requested
host. It was possible to configure a trust root to be checked against,
however there were no faculties for hostname checking (CVE-2014-9365).
The python-pip and tix packages was added due to missing build
dependencies.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365
http://advisories.mageia.org/MGASA-2014-0085.html
http://advisories.mageia.org/MGASA-2014-0139.html
http://advisories.mageia.org/MGASA-2014-0285.html
http://advisories.mageia.org/MGASA-2014-0399.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
d58b1b80b3dc737786ed59c11716efd7 mbs2/x86_64/lib64python2.7-2.7.9-1.mbs2.x86_64.rpm
094be70fc92a99ec299026414043a5ed mbs2/x86_64/lib64python-devel-2.7.9-1.mbs2.x86_64.rpm
daaaff2334797306a8be9d6a8f4fa69a mbs2/x86_64/python-2.7.9-1.mbs2.x86_64.rpm
3418e101353fde429817cfea0298193b mbs2/x86_64/python3-pip-1.4.1-4.2.mbs2.noarch.rpm
e0e7d10ce59e9eccd69d760fb377c5b2 mbs2/x86_64/python-docs-2.7.9-1.mbs2.noarch.rpm
eaf8978737e06d46ddd2ee6d78658ae4 mbs2/x86_64/python-pip-1.4.1-4.2.mbs2.noarch.rpm
ea585f2ec67cb5a4838c1fc08e615fa5 mbs2/x86_64/tix-8.4.3-9.mbs2.x86_64.rpm
5f83e970c318d9dad119943e986f8182 mbs2/x86_64/tix-devel-8.4.3-9.mbs2.x86_64.rpm
a6b1667ad8ab5000b1eef329713aa5c3 mbs2/x86_64/tkinter-2.7.9-1.mbs2.x86_64.rpm
7ce085d9fb460e1093513d5579174697 mbs2/x86_64/tkinter-apps-2.7.9-1.mbs2.x86_64.rpm
85e67e3e2373ea06f2b2eb0e69682937 mbs2/SRPMS/python-2.7.9-1.mbs2.src.rpm
407d147f773bbc3fc3c5430619ee0f65 mbs2/SRPMS/python-pip-1.4.1-4.2.mbs2.src.rpm
b561abc0b4fec04f0c398068faa5952f mbs2/SRPMS/tix-8.4.3-9.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFY0qmqjQ0CJFipgRAnTSAKDqsSqyFLO4F/4mq6ZmL7fZ+yYhjgCeNkAn
fc0CS3IgYNQdHz4EMRvQ9Tg=
=giLB
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed