Mandriva Linux Security Advisory - Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.
22b534682be7c308115f64e42b216bf5eb9aa48e9cefa357ef9f44cfd05ead13
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:013
http://www.mandriva.com/security/
_______________________________________________________________________
Package : python
Date : January 14, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple integer overflows were found in python's imageop module.
If an application written in python used the imageop module to
process untrusted images, it could cause the application to crash,
enter an infinite loop, or possibly execute arbitrary code with the
privileges of the python interpreter.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
2aa2d395f88ba6a4d59c9768d838bbc9 2007.0/i586/libpython2.4-2.4.3-3.3mdv2007.0.i586.rpm
42e7a809d98b494c397b02536f563e3f 2007.0/i586/libpython2.4-devel-2.4.3-3.3mdv2007.0.i586.rpm
8047a106fcacb1a389fc62a4c0a1ffe1 2007.0/i586/python-2.4.3-3.3mdv2007.0.i586.rpm
5fc7ec936e59f3dbaf4195e68838c260 2007.0/i586/python-base-2.4.3-3.3mdv2007.0.i586.rpm
3f08259502861bfd057c9a675824eed1 2007.0/i586/python-docs-2.4.3-3.3mdv2007.0.i586.rpm
295ec06fd92677faa81958b3dc15673f 2007.0/i586/tkinter-2.4.3-3.3mdv2007.0.i586.rpm
3f4dcfcafa39b91533d2a6995d57900b 2007.0/SRPMS/python-2.4.3-3.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
caaa07f3f09cfcea0bd1e8973799ffef 2007.0/x86_64/lib64python2.4-2.4.3-3.3mdv2007.0.x86_64.rpm
969e366d80532376e1eea4679b0ac0fb 2007.0/x86_64/lib64python2.4-devel-2.4.3-3.3mdv2007.0.x86_64.rpm
df60e3b77cc2e0653781fba0d2dd0b55 2007.0/x86_64/python-2.4.3-3.3mdv2007.0.x86_64.rpm
e23dadbd0a78fe5a3ed85d5cc1aec10b 2007.0/x86_64/python-base-2.4.3-3.3mdv2007.0.x86_64.rpm
19b0ae3d1ab4fe68ea3ffbe43c3b0942 2007.0/x86_64/python-docs-2.4.3-3.3mdv2007.0.x86_64.rpm
9daa7753a70117f94e478357824ee274 2007.0/x86_64/tkinter-2.4.3-3.3mdv2007.0.x86_64.rpm
3f4dcfcafa39b91533d2a6995d57900b 2007.0/SRPMS/python-2.4.3-3.3mdv2007.0.src.rpm
Mandriva Linux 2007.1:
83789918b32161771fc31de1c0276abc 2007.1/i586/libpython2.5-2.5-4.2mdv2007.1.i586.rpm
fb805a3c75630617183bddd8b1876317 2007.1/i586/libpython2.5-devel-2.5-4.2mdv2007.1.i586.rpm
e33c7874ed3d6d567f581c5698925ec8 2007.1/i586/python-2.5-4.2mdv2007.1.i586.rpm
0397f12fdddf81747abdee00035aa652 2007.1/i586/python-base-2.5-4.2mdv2007.1.i586.rpm
9afc73871e8e9aac908728f2895fad17 2007.1/i586/python-docs-2.5-4.2mdv2007.1.i586.rpm
36dbd270e4ce9d14a4cf00cb82218721 2007.1/i586/tkinter-2.5-4.2mdv2007.1.i586.rpm
e87524f2a4ba782fb8dc1616d52a5210 2007.1/SRPMS/python-2.5-4.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
a4e9f1cac6e2f4bb101ec44993787e8a 2007.1/x86_64/lib64python2.5-2.5-4.2mdv2007.1.x86_64.rpm
d36b5ee8b915aeb0aeacfb31c72b0d5b 2007.1/x86_64/lib64python2.5-devel-2.5-4.2mdv2007.1.x86_64.rpm
11c9d94ace60556d0742b7df15f26e20 2007.1/x86_64/python-2.5-4.2mdv2007.1.x86_64.rpm
5733c0d34ad9d474f09d72e081e8abb5 2007.1/x86_64/python-base-2.5-4.2mdv2007.1.x86_64.rpm
c111909ca5e251969157d0846aaddab5 2007.1/x86_64/python-docs-2.5-4.2mdv2007.1.x86_64.rpm
d0ebc98fb24040adada7f5a1cb0786da 2007.1/x86_64/tkinter-2.5-4.2mdv2007.1.x86_64.rpm
e87524f2a4ba782fb8dc1616d52a5210 2007.1/SRPMS/python-2.5-4.2mdv2007.1.src.rpm
Mandriva Linux 2008.0:
402de17d03c279d7473dc00bfb30fa29 2008.0/i586/libpython2.5-2.5.1-5.1mdv2008.0.i586.rpm
460006b33d6d8d221119e757d0e53997 2008.0/i586/libpython2.5-devel-2.5.1-5.1mdv2008.0.i586.rpm
006d53e8c4c5344f3333a5e88a8e5353 2008.0/i586/python-2.5.1-5.1mdv2008.0.i586.rpm
6f688cfe64f97febd7b4b1fde1444a4e 2008.0/i586/python-base-2.5.1-5.1mdv2008.0.i586.rpm
2cfbc489e172026680449de3549e4451 2008.0/i586/python-docs-2.5.1-5.1mdv2008.0.i586.rpm
55dbf574855f61c4cddcf24d86004fef 2008.0/i586/tkinter-2.5.1-5.1mdv2008.0.i586.rpm
b0a635daa3bd47a95ea97fa1e28869e4 2008.0/i586/tkinter-apps-2.5.1-5.1mdv2008.0.i586.rpm
aa344e978d53a329b717cae3ffaa6a38 2008.0/SRPMS/python-2.5.1-5.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
c759088550b15fe216d9d42d4f205ae3 2008.0/x86_64/lib64python2.5-2.5.1-5.1mdv2008.0.x86_64.rpm
c98822c30fff7d1b28f77db91c20e094 2008.0/x86_64/lib64python2.5-devel-2.5.1-5.1mdv2008.0.x86_64.rpm
786551ac171968deba675aac73bd25f9 2008.0/x86_64/python-2.5.1-5.1mdv2008.0.x86_64.rpm
ded534c04a11298591276b573cd84fac 2008.0/x86_64/python-base-2.5.1-5.1mdv2008.0.x86_64.rpm
7cdc40b041fab7c0462e7d01accd72e2 2008.0/x86_64/python-docs-2.5.1-5.1mdv2008.0.x86_64.rpm
70ce8cebd5a034e45da35152feb07c4d 2008.0/x86_64/tkinter-2.5.1-5.1mdv2008.0.x86_64.rpm
6bc778f57d71c0206a265e817644395a 2008.0/x86_64/tkinter-apps-2.5.1-5.1mdv2008.0.x86_64.rpm
aa344e978d53a329b717cae3ffaa6a38 2008.0/SRPMS/python-2.5.1-5.1mdv2008.0.src.rpm
Corporate 4.0:
38717e896327570dbbe5bf52099b45a4 corporate/4.0/i586/libpython2.4-2.4.1-5.3.20060mlcs4.i586.rpm
4584b1a54de62e416aa088d0f5c58aaf corporate/4.0/i586/libpython2.4-devel-2.4.1-5.3.20060mlcs4.i586.rpm
c17ae6ab96b00477d4d43f9503dd5586 corporate/4.0/i586/python-2.4.1-5.3.20060mlcs4.i586.rpm
f6e5380393fbaab901856846f45cb872 corporate/4.0/i586/python-base-2.4.1-5.3.20060mlcs4.i586.rpm
2e153a8f3d28c7bcdf203429601dd5a3 corporate/4.0/i586/python-docs-2.4.1-5.3.20060mlcs4.i586.rpm
c09dbfa148bc49ff700c534e60456249 corporate/4.0/i586/tkinter-2.4.1-5.3.20060mlcs4.i586.rpm
ed33c06ab7a6c1235121330dfc7c14ea corporate/4.0/SRPMS/python-2.4.1-5.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
dc60e48b88c515fd370bef76434df88e corporate/4.0/x86_64/lib64python2.4-2.4.1-5.3.20060mlcs4.x86_64.rpm
cd4810341e9e49cc2e607a4ae067fd78 corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.3.20060mlcs4.x86_64.rpm
d71bbb307d68599831ff0c30d0968cc3 corporate/4.0/x86_64/python-2.4.1-5.3.20060mlcs4.x86_64.rpm
945f1355d6a357b0666512f1fd485f61 corporate/4.0/x86_64/python-base-2.4.1-5.3.20060mlcs4.x86_64.rpm
f905de87ed4a5d0dd0239d8896d39243 corporate/4.0/x86_64/python-docs-2.4.1-5.3.20060mlcs4.x86_64.rpm
cca9d202eb85b96a1c61c396e125637d corporate/4.0/x86_64/tkinter-2.4.1-5.3.20060mlcs4.x86_64.rpm
ed33c06ab7a6c1235121330dfc7c14ea corporate/4.0/SRPMS/python-2.4.1-5.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHi79pmqjQ0CJFipgRAr21AKDvgsQaALmLRxyo52cXu0HQRFOY6gCfSZoU
0Phgk04W2rDdd6KGUy/BtDI=
=2oLn
-----END PGP SIGNATURE-----