what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2008-1679

Status Candidate

Overview

Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.

Related Files

Mandriva Linux Security Advisory 2008-164
Posted Aug 8, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules. Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems. Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2. Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption. The updated packages have been patched to correct these issues. As well, Python packages on Corporate Server 4 have been updated to the latest version 2.4.5.

tags | advisory, denial of service, overflow, arbitrary, python
systems | linux, apple, mandriva
advisories | CVE-2008-1679, CVE-2008-2315, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
MD5 | 0b29999d94491af074711977113ac9c1
Mandriva Linux Security Advisory 2008-163
Posted Aug 8, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules. reported an integer overflow in the hashlib module on Python 2.5 that lead to unreliable cryptographic digest results. Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems. Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2. Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption. The updated packages have been patched to correct these issues. As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have been updated to version 2.5.2. Due to slight packaging changes on Mandriva Linux 2007.1, a new package is available (tkinter-apps) that contains binary files (such as /usr/bin/idle) that were previously in the tkinter package.

tags | advisory, denial of service, overflow, arbitrary, python
systems | linux, apple, mandriva
advisories | CVE-2008-1679, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
MD5 | 0227f61a292c6d913774ef7961d5e6b2
Ubuntu Security Notice 632-1
Posted Aug 1, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 632-1 - Many vulnerabilities have been addressed in the python 2.4 and python 2.5 packages. These include integer overflows, arbitrary code execution, and other vulnerabilities.

tags | advisory, overflow, arbitrary, vulnerability, code execution, python
systems | linux, ubuntu
advisories | CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
MD5 | b781ece0725cabf4265924bac6392602
Debian Linux Security Advisory 1620-1
Posted Jul 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1620-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.

tags | advisory, vulnerability, python
systems | linux, debian
advisories | CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887
MD5 | 2f4fbaf034191b48a5243837efbad92c
Gentoo Linux Security Advisory 200807-1
Posted Jul 1, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200807-01 - Multiple integer overflows may allow for Denial of Service. Versions less than 2.4.4-r13 are affected.

tags | advisory, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887
MD5 | 9754f003ee383327a4cf504dfc48d95e
Debian Linux Security Advisory 1551-1
Posted Apr 21, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1551-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.

tags | advisory, vulnerability, python
systems | linux, debian
advisories | CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887
MD5 | a4a07e88ffe379e85df8a36fe88b84c7
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close