CVE-2008-5031

Related Files

Ubuntu Security Notice 806-1

Posted Jul 23, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-806-1 - It was discovered that Python incorrectly handled certain arguments in the imageop module. If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS. Multiple integer overflows were discovered in Python's stringobject and unicodeobject expandtabs method. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service.

tags | advisory, denial of service, overflow, arbitrary, python

systems | linux, ubuntu

advisories | CVE-2008-4864, CVE-2008-5031

SHA-256 | c8fae5e6de505386b8a8bf4f7a7ec80d7d5ec6659c0974814d50ac793bc6138d

Download | Favorite | View

Gentoo Linux Security Advisory 200907-16

Posted Jul 20, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-16 - Multiple integer overflows in Python have an unspecified impact. Chris Evans reported multiple integer overflows in the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. Versions less than 2.5.4-r2 are affected.

tags | advisory, overflow, python

systems | linux, gentoo

advisories | CVE-2008-5031

SHA-256 | 83f11df9306a46ee89e4bdf5f479bc6fdfd41403a1d91c6881a4ac7ccb57d69c

Download | Favorite | View

Mandriva Linux Security Advisory 2009-036

Posted Feb 12, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-036 - Multiple integer overflows exist in various versions of python. The updated Python packages have been patched to correct these issues.

tags | advisory, overflow, python

systems | linux, mandriva

advisories | CVE-2008-2315, CVE-2008-4864, CVE-2008-5031

SHA-256 | 4bc7c56b44f04c83e5be7c57de9017257d3056e21d5866a60447ee4c5deced03

Download | Favorite | View

Mandriva Linux Security Advisory 2009-003

Posted Jan 12, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-003 - Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow. Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. The updated Python packages have been patched to correct these issues.

tags | advisory, overflow, arbitrary, python

systems | linux, mandriva

advisories | CVE-2008-4864, CVE-2008-5031

SHA-256 | 28d63a5f76ce1c5a97ac6618dfcd9bf320b89e89ddb038a765988adc6e0b6471

Download | Favorite | View