exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2010-215

Mandriva Linux Security Advisory 2010-215
Posted Nov 1, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-215 - Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service via a large ZSIZE value in a black-and-white RGB image that triggers an invalid pointer dereference. Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the expandrow function. The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.

tags | advisory, remote, denial of service, overflow, tcp, python
systems | linux, mandriva
advisories | CVE-2009-4134, CVE-2010-1449, CVE-2010-1450, CVE-2010-3492, CVE-2010-3493
SHA-256 | eaac600dd12a8079009e070b22fa4e731d6d01f52207ddf5ef9db27f19f96f29

Mandriva Linux Security Advisory 2010-215

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:215
http://www.mandriva.com/security/
_______________________________________________________________________

Package : python
Date : October 30, 2010
Affected: 2009.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities was discovered and corrected in python:

Buffer underflow in the rgbimg module in Python 2.5 allows remote
attackers to cause a denial of service (application crash) via a large
ZSIZE value in a black-and-white (aka B/W) RGB image that triggers
an invalid pointer dereference (CVE-2009-4134).

Integer overflow in rgbimgmodule.c in the rgbimg module in Python
2.5 allows remote attackers to have an unspecified impact via a large
image that triggers a buffer overflow. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2008-3143.12 (CVE-2010-1449).

Multiple buffer overflows in the RLE decoder in the rgbimg module in
Python 2.5 allow remote attackers to have an unspecified impact via an
image file containing crafted data that triggers improper processing
within the (1) longimagedata or (2) expandrow function (CVE-2010-1450).

The asyncore module in Python before 3.2 does not properly handle
unsuccessful calls to the accept function, and does not have
accompanying documentation describing how daemon applications should
handle unsuccessful calls to the accept function, which makes it
easier for remote attackers to conduct denial of service attacks that
terminate these applications via network connections (CVE-2010-3492).

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,
2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of
service (daemon outage) by establishing and then immediately closing
a TCP connection, leading to the accept function having an unexpected
return value of None, an unexpected value of None for the address,
or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername
function having an ENOTCONN error, a related issue to CVE-2010-3492
(CVE-2010-3493).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
7a00126d581458ad3e1f9195cfe44b56 2009.0/i586/libpython2.5-2.5.2-5.9mdv2009.0.i586.rpm
821b23366eb5a1f2fe486b8b4876a17b 2009.0/i586/libpython2.5-devel-2.5.2-5.9mdv2009.0.i586.rpm
7cc4e06ec1539e65b18788216f5cfec2 2009.0/i586/python-2.5.2-5.9mdv2009.0.i586.rpm
0e2922c24b13b8428201d65dd3a5e69f 2009.0/i586/python-base-2.5.2-5.9mdv2009.0.i586.rpm
6aac8e518cf4fdcf5d11e41869b7cc23 2009.0/i586/python-docs-2.5.2-5.9mdv2009.0.i586.rpm
42f1cb02ad93c2871b7ef26d91dd084c 2009.0/i586/tkinter-2.5.2-5.9mdv2009.0.i586.rpm
89dd31e1bd79bfdcb773ae27b9a23eae 2009.0/i586/tkinter-apps-2.5.2-5.9mdv2009.0.i586.rpm
36eabc2f36f1fc3fee03beea40c5b3ff 2009.0/SRPMS/python-2.5.2-5.9mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
ab11f5dbfd4220284f65591a5e627a2f 2009.0/x86_64/lib64python2.5-2.5.2-5.9mdv2009.0.x86_64.rpm
b7bf0eb696e77af9a6f833a810cd691c 2009.0/x86_64/lib64python2.5-devel-2.5.2-5.9mdv2009.0.x86_64.rpm
f0fa937935849fa7b8ccfe9d0ad23a22 2009.0/x86_64/python-2.5.2-5.9mdv2009.0.x86_64.rpm
9b6094c0d9b8d7305c4dd6d1e9957793 2009.0/x86_64/python-base-2.5.2-5.9mdv2009.0.x86_64.rpm
4d29dc9f22c17f4ee5587aed6082d54f 2009.0/x86_64/python-docs-2.5.2-5.9mdv2009.0.x86_64.rpm
846f140203bc61160c8e9be21bec8caf 2009.0/x86_64/tkinter-2.5.2-5.9mdv2009.0.x86_64.rpm
d83f1ca9fb74bb6bc19f27bfca4565a2 2009.0/x86_64/tkinter-apps-2.5.2-5.9mdv2009.0.x86_64.rpm
36eabc2f36f1fc3fee03beea40c5b3ff 2009.0/SRPMS/python-2.5.2-5.9mdv2009.0.src.rpm

Corporate 4.0:
e3525726eb8b420b631c1e7293200f76 corporate/4.0/i586/libpython2.4-2.4.5-0.7.20060mlcs4.i586.rpm
62a30354a30738ee1d9c8e09fa781931 corporate/4.0/i586/libpython2.4-devel-2.4.5-0.7.20060mlcs4.i586.rpm
c12e4aee6ec61df748905ea3fbc683b1 corporate/4.0/i586/python-2.4.5-0.7.20060mlcs4.i586.rpm
cfa6231f5bd6d42b92e06be405979532 corporate/4.0/i586/python-base-2.4.5-0.7.20060mlcs4.i586.rpm
89bb605645f87975ea06cd0d0adb1242 corporate/4.0/i586/python-docs-2.4.5-0.7.20060mlcs4.i586.rpm
7112a9c89287d80edac65a2c9543de58 corporate/4.0/i586/tkinter-2.4.5-0.7.20060mlcs4.i586.rpm
af061ddc3fe400553ce48a986f1413c8 corporate/4.0/SRPMS/python-2.4.5-0.7.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
d4e789862c00c01d154cb676c958fc66 corporate/4.0/x86_64/lib64python2.4-2.4.5-0.7.20060mlcs4.x86_64.rpm
cc0e0a6797fadbce21133a706be2585e corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.7.20060mlcs4.x86_64.rpm
63b408e0f3aa7324eda422232f57bbf8 corporate/4.0/x86_64/python-2.4.5-0.7.20060mlcs4.x86_64.rpm
0023db0a34e646a1fdd8803852ac6f1f corporate/4.0/x86_64/python-base-2.4.5-0.7.20060mlcs4.x86_64.rpm
0e78fed213618878e55f3aee5e83b8df corporate/4.0/x86_64/python-docs-2.4.5-0.7.20060mlcs4.x86_64.rpm
7ca482e628699e8d588fe64bdfd91257 corporate/4.0/x86_64/tkinter-2.4.5-0.7.20060mlcs4.x86_64.rpm
af061ddc3fe400553ce48a986f1413c8 corporate/4.0/SRPMS/python-2.4.5-0.7.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
0ec5bf2d929c006c683c9e8323655198 mes5/i586/libpython2.5-2.5.2-5.9mdvmes5.1.i586.rpm
2ce1526827f9a6b2cb6f1767b05fb468 mes5/i586/libpython2.5-devel-2.5.2-5.9mdvmes5.1.i586.rpm
0d8d0f8a937fbd2b29de19dd558aa9a3 mes5/i586/python-2.5.2-5.9mdvmes5.1.i586.rpm
0d5632de99d6f3a73a1d0f5b9c09fe60 mes5/i586/python-base-2.5.2-5.9mdvmes5.1.i586.rpm
ae17f9d8dd571e3867709fd2b3225de5 mes5/i586/python-docs-2.5.2-5.9mdvmes5.1.i586.rpm
03d2415da7afb9c4c0f7ac06ac76a5d2 mes5/i586/tkinter-2.5.2-5.9mdvmes5.1.i586.rpm
6a474c44ad872f18e61eb73c988f8c05 mes5/i586/tkinter-apps-2.5.2-5.9mdvmes5.1.i586.rpm
75ba289267fc9c02315cb2bb18d62aed mes5/SRPMS/python-2.5.2-5.9mdvmes5.1.src.rpm

Mandriva Enterprise Server 5/X86_64:
d94d195ee2597a8cc65cbd156045da16 mes5/x86_64/lib64python2.5-2.5.2-5.9mdvmes5.1.x86_64.rpm
99b5668212ff8e4dd5d6798e8b96f5d6 mes5/x86_64/lib64python2.5-devel-2.5.2-5.9mdvmes5.1.x86_64.rpm
de021441be5c405a36ef2f9222afc186 mes5/x86_64/python-2.5.2-5.9mdvmes5.1.x86_64.rpm
1478b55d09d14e419afb4d15ae37958d mes5/x86_64/python-base-2.5.2-5.9mdvmes5.1.x86_64.rpm
e479b97543e149706200d580bc76048c mes5/x86_64/python-docs-2.5.2-5.9mdvmes5.1.x86_64.rpm
af465bc5f398ad142a32d4412e940ee9 mes5/x86_64/tkinter-2.5.2-5.9mdvmes5.1.x86_64.rpm
7839e25fcad9d3c55329b61c86a0cead mes5/x86_64/tkinter-apps-2.5.2-5.9mdvmes5.1.x86_64.rpm
75ba289267fc9c02315cb2bb18d62aed mes5/SRPMS/python-2.5.2-5.9mdvmes5.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMy/LFmqjQ0CJFipgRAtxgAKCdMyuiPoFxjBEatV6KMLD/h7lF0gCfUdcP
GbmwC3tS9AGI9Pgd0KD5jjE=
=SLNl
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close