-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:132 http://www.mandriva.com/security/ _______________________________________________________________________ Package : python Date : July 14, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in python: Multiple integer overflows in audioop.c in the audioop module in Ptthon allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5 (CVE-2010-1634). The audioop module in Python does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634 (CVE-2010-2089). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 4f913679ea6f154f0d7c84c8bafd3fe3 2008.0/i586/libpython2.5-2.5.2-2.7mdv2008.0.i586.rpm dfab01f9210fa284ad3b4dd271bfb3dd 2008.0/i586/libpython2.5-devel-2.5.2-2.7mdv2008.0.i586.rpm b6245a9dc5423d14ba96f4f388dd0fe6 2008.0/i586/python-2.5.2-2.7mdv2008.0.i586.rpm 15c39b51c66cc78aec157eaed0267a7b 2008.0/i586/python-base-2.5.2-2.7mdv2008.0.i586.rpm e38a9894712bf82a8dcc1eee1265592c 2008.0/i586/python-docs-2.5.2-2.7mdv2008.0.i586.rpm 2f2100e6dd35a4aef8e503394a723e81 2008.0/i586/tkinter-2.5.2-2.7mdv2008.0.i586.rpm 29b96d4b84a7241fc78f55671f1a33f0 2008.0/i586/tkinter-apps-2.5.2-2.7mdv2008.0.i586.rpm 211a673f3cd2e1b7d153d6f40291ad86 2008.0/SRPMS/python-2.5.2-2.7mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5f9e4e0e27dfa80a7fa2bf62998edf25 2008.0/x86_64/lib64python2.5-2.5.2-2.7mdv2008.0.x86_64.rpm 36bfe236a350a8e9a0e2657eefadd299 2008.0/x86_64/lib64python2.5-devel-2.5.2-2.7mdv2008.0.x86_64.rpm c03cc44dac5ecdf49d7bf2ca5ad5477a 2008.0/x86_64/python-2.5.2-2.7mdv2008.0.x86_64.rpm 1965d6962b5cfe7349f4369bceda2ce4 2008.0/x86_64/python-base-2.5.2-2.7mdv2008.0.x86_64.rpm e13c770d7ddcc045251733d69865a3ae 2008.0/x86_64/python-docs-2.5.2-2.7mdv2008.0.x86_64.rpm cff8d5ef80f29b2f9e32e171420ede11 2008.0/x86_64/tkinter-2.5.2-2.7mdv2008.0.x86_64.rpm e8d3db4327d427c9451bf604e5cd1bb7 2008.0/x86_64/tkinter-apps-2.5.2-2.7mdv2008.0.x86_64.rpm 211a673f3cd2e1b7d153d6f40291ad86 2008.0/SRPMS/python-2.5.2-2.7mdv2008.0.src.rpm Mandriva Linux 2009.0: 598630ce234cff98465351b4af90d664 2009.0/i586/libpython2.5-2.5.2-5.6mdv2009.0.i586.rpm 44a691ffb51a47dd653fbf03d5a9be00 2009.0/i586/libpython2.5-devel-2.5.2-5.6mdv2009.0.i586.rpm ea55908df10ad9e82a5d361612bcbca7 2009.0/i586/python-2.5.2-5.6mdv2009.0.i586.rpm cb25c56f6f68e0bb036cd1be0360595d 2009.0/i586/python-base-2.5.2-5.6mdv2009.0.i586.rpm 0161f8c43b4fbf019ef24a72760d3113 2009.0/i586/python-docs-2.5.2-5.6mdv2009.0.i586.rpm 987651d11ca710910a89e52330873187 2009.0/i586/tkinter-2.5.2-5.6mdv2009.0.i586.rpm a73ba0fa7adcb1ebe2806335e575e8b2 2009.0/i586/tkinter-apps-2.5.2-5.6mdv2009.0.i586.rpm a6602a71f4573ecb82951a861165fee8 2009.0/SRPMS/python-2.5.2-5.6mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: f22f06db4cc4e8f431aadeaa552f0891 2009.0/x86_64/lib64python2.5-2.5.2-5.6mdv2009.0.x86_64.rpm a15984e4b2e6821789ba36760aa08a79 2009.0/x86_64/lib64python2.5-devel-2.5.2-5.6mdv2009.0.x86_64.rpm 329f34c1eb9cbf68805edcbb0efda8a2 2009.0/x86_64/python-2.5.2-5.6mdv2009.0.x86_64.rpm 5404e1caa073784bbcb6aab8dff592bf 2009.0/x86_64/python-base-2.5.2-5.6mdv2009.0.x86_64.rpm 59e2bbd0517468929db90ad4e9448dc7 2009.0/x86_64/python-docs-2.5.2-5.6mdv2009.0.x86_64.rpm b9821ba18b02ad9ae3b5831ac4893fee 2009.0/x86_64/tkinter-2.5.2-5.6mdv2009.0.x86_64.rpm 3593d6bdf3fbc698301edee3d0906e58 2009.0/x86_64/tkinter-apps-2.5.2-5.6mdv2009.0.x86_64.rpm a6602a71f4573ecb82951a861165fee8 2009.0/SRPMS/python-2.5.2-5.6mdv2009.0.src.rpm Mandriva Linux 2009.1: 3404f9ddf0f432a2ba81e78ce0408fd8 2009.1/i586/libpython2.6-2.6.1-6.4mdv2009.1.i586.rpm 1642bfa7d7c8c2979f80491cd592447b 2009.1/i586/libpython2.6-devel-2.6.1-6.4mdv2009.1.i586.rpm e32c4080ae403710eb91bf8508430ecb 2009.1/i586/python-2.6.1-6.4mdv2009.1.i586.rpm f8221639b02160a28dc7c96d48050195 2009.1/i586/python-docs-2.6.1-6.4mdv2009.1.i586.rpm d1488967010eb649113916a3eef85213 2009.1/i586/tkinter-2.6.1-6.4mdv2009.1.i586.rpm c6c3a71a9efa1b8f010027a6d1418fa6 2009.1/i586/tkinter-apps-2.6.1-6.4mdv2009.1.i586.rpm 08fb9cd480e9a5ffa2efe603c17b0e71 2009.1/SRPMS/python-2.6.1-6.4mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 363de5386b3df783c2d599295b6c9fd9 2009.1/x86_64/lib64python2.6-2.6.1-6.4mdv2009.1.x86_64.rpm f09af1e423ba5755b7b0b524d0a4fada 2009.1/x86_64/lib64python2.6-devel-2.6.1-6.4mdv2009.1.x86_64.rpm ce6deed593b82a1b973de15001f79362 2009.1/x86_64/python-2.6.1-6.4mdv2009.1.x86_64.rpm a58bbe02634432f582b8b433287863e5 2009.1/x86_64/python-docs-2.6.1-6.4mdv2009.1.x86_64.rpm 35868acab80516ebb52b08feeff616bb 2009.1/x86_64/tkinter-2.6.1-6.4mdv2009.1.x86_64.rpm ccb5413b65fd391a8d0fa553ec28b513 2009.1/x86_64/tkinter-apps-2.6.1-6.4mdv2009.1.x86_64.rpm 08fb9cd480e9a5ffa2efe603c17b0e71 2009.1/SRPMS/python-2.6.1-6.4mdv2009.1.src.rpm Mandriva Linux 2010.0: 5f0ff97a0a93f7dd724156b4c75a189f 2010.0/i586/libpython2.6-2.6.4-1.3mdv2010.0.i586.rpm ed6881e0fbf01066dfd29ce5b415931c 2010.0/i586/libpython2.6-devel-2.6.4-1.3mdv2010.0.i586.rpm 3324fa6ce72997b71417b7425e3c8caf 2010.0/i586/python-2.6.4-1.3mdv2010.0.i586.rpm 6d842db0d14e29b1c007b99b78926e5d 2010.0/i586/python-docs-2.6.4-1.3mdv2010.0.i586.rpm bd34f1e94486390acff010381d08da03 2010.0/i586/tkinter-2.6.4-1.3mdv2010.0.i586.rpm 02521a044b36eb44ef9854f38b83364a 2010.0/i586/tkinter-apps-2.6.4-1.3mdv2010.0.i586.rpm b8341a9e215e7986ff904d7fdf74804c 2010.0/SRPMS/python-2.6.4-1.3mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 213ec645079b9cf5e32898fcbfc28fad 2010.0/x86_64/lib64python2.6-2.6.4-1.3mdv2010.0.x86_64.rpm 37b43ce708c77e503c1f93b26a168605 2010.0/x86_64/lib64python2.6-devel-2.6.4-1.3mdv2010.0.x86_64.rpm 9a3a70fe1762ee70dbc8262ee662c39b 2010.0/x86_64/python-2.6.4-1.3mdv2010.0.x86_64.rpm ded2b20c7d903a2294425222d5e9ca62 2010.0/x86_64/python-docs-2.6.4-1.3mdv2010.0.x86_64.rpm 0be4dcaea55b6c0b7e6876d62ec7e7b6 2010.0/x86_64/tkinter-2.6.4-1.3mdv2010.0.x86_64.rpm cee4059bb748ee05150955eb4e2167f6 2010.0/x86_64/tkinter-apps-2.6.4-1.3mdv2010.0.x86_64.rpm b8341a9e215e7986ff904d7fdf74804c 2010.0/SRPMS/python-2.6.4-1.3mdv2010.0.src.rpm Mandriva Linux 2010.1: 77685502f90b113db3ba22822b3cf9fc 2010.1/i586/libpython2.6-2.6.5-2.1mdv2010.1.i586.rpm bf9e3d224cf0059ec9344b034ec077af 2010.1/i586/libpython2.6-devel-2.6.5-2.1mdv2010.1.i586.rpm 5d7158a82859935be01a4be3d9ab13d8 2010.1/i586/python-2.6.5-2.1mdv2010.1.i586.rpm b6a754e44856a2f3cef1c27cda7607d6 2010.1/i586/python-docs-2.6.5-2.1mdv2010.1.i586.rpm 0f4fa85de1e74e999e32231d09a9a8f2 2010.1/i586/tkinter-2.6.5-2.1mdv2010.1.i586.rpm dca56ed98ff41e72884d1f0d06d77f40 2010.1/i586/tkinter-apps-2.6.5-2.1mdv2010.1.i586.rpm 107556cf0daafd475511abb2b598b7e3 2010.1/SRPMS/python-2.6.5-2.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 14bcbf073fc47d3a423c6fefe15b5939 2010.1/x86_64/lib64python2.6-2.6.5-2.1mdv2010.1.x86_64.rpm 9acea2705dc72a6ad717fbcd961db368 2010.1/x86_64/lib64python2.6-devel-2.6.5-2.1mdv2010.1.x86_64.rpm 3e2047db297a58cef19bd3a22bab1953 2010.1/x86_64/python-2.6.5-2.1mdv2010.1.x86_64.rpm 618c9b3e812d73ae236a409ce1453a89 2010.1/x86_64/python-docs-2.6.5-2.1mdv2010.1.x86_64.rpm 8ad00fe7d002305ac26ff720ca3fc3ff 2010.1/x86_64/tkinter-2.6.5-2.1mdv2010.1.x86_64.rpm 3a8fdef37c200ca7b74f7e263dbaf04b 2010.1/x86_64/tkinter-apps-2.6.5-2.1mdv2010.1.x86_64.rpm 107556cf0daafd475511abb2b598b7e3 2010.1/SRPMS/python-2.6.5-2.1mdv2010.1.src.rpm Corporate 4.0: 24663decfe6c6ba75771371777834d6a corporate/4.0/i586/libpython2.4-2.4.5-0.6.20060mlcs4.i586.rpm 2d362036a85055bcae84aa30e320425b corporate/4.0/i586/libpython2.4-devel-2.4.5-0.6.20060mlcs4.i586.rpm 07a94afed3c78c4e071197ba7dba676b corporate/4.0/i586/python-2.4.5-0.6.20060mlcs4.i586.rpm b46bc657628e0790dc68c0298d0fa8c2 corporate/4.0/i586/python-base-2.4.5-0.6.20060mlcs4.i586.rpm 00fea68fc4a04885a56d4979dbcd4805 corporate/4.0/i586/python-docs-2.4.5-0.6.20060mlcs4.i586.rpm e7f1dd4a85e67c89d9053bbd5a0dcb1d corporate/4.0/i586/tkinter-2.4.5-0.6.20060mlcs4.i586.rpm 2bd3365c9ce6ef9caf80b7824e5cdba2 corporate/4.0/SRPMS/python-2.4.5-0.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6a321e2d0675667c4a20ca9eef9e659f corporate/4.0/x86_64/lib64python2.4-2.4.5-0.6.20060mlcs4.x86_64.rpm c4747b33200becebdf06b999233d2d85 corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.6.20060mlcs4.x86_64.rpm f0e7f6603385328327f62613820d09ad corporate/4.0/x86_64/python-2.4.5-0.6.20060mlcs4.x86_64.rpm fab004a4528c0ea88257c28f68767232 corporate/4.0/x86_64/python-base-2.4.5-0.6.20060mlcs4.x86_64.rpm 949f7e382bebc814c821d619abfd5d57 corporate/4.0/x86_64/python-docs-2.4.5-0.6.20060mlcs4.x86_64.rpm f61e8d55e2a2be3c0dc62903fce980d5 corporate/4.0/x86_64/tkinter-2.4.5-0.6.20060mlcs4.x86_64.rpm 2bd3365c9ce6ef9caf80b7824e5cdba2 corporate/4.0/SRPMS/python-2.4.5-0.6.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 28d975daaf5f623144e20493dd451745 mes5/i586/libpython2.5-2.5.2-5.7mdvmes5.1.i586.rpm 2aff847d8b904ded1e3af26f2104959c mes5/i586/libpython2.5-devel-2.5.2-5.7mdvmes5.1.i586.rpm 7453da455746ae242478602e28f8ad54 mes5/i586/python-2.5.2-5.7mdvmes5.1.i586.rpm 50ef79c0fe2a2ddb0768e9e42cd1a78d mes5/i586/python-base-2.5.2-5.7mdvmes5.1.i586.rpm eaba93ba9f5a77fdcd23b199c81ecf10 mes5/i586/python-docs-2.5.2-5.7mdvmes5.1.i586.rpm 6c0014be0c8647ac1c0ad4e6a5d48c92 mes5/i586/tkinter-2.5.2-5.7mdvmes5.1.i586.rpm 78fe0ba52d451894a19be61b1b41a8f7 mes5/i586/tkinter-apps-2.5.2-5.7mdvmes5.1.i586.rpm 49d1708b056d60fb851ce89033d84224 mes5/SRPMS/python-2.5.2-5.7mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: ad5c6abd37cd342183f540370bbbb03b mes5/x86_64/lib64python2.5-2.5.2-5.7mdvmes5.1.x86_64.rpm 2722a15a452703ff5b5ef6d6542e56d3 mes5/x86_64/lib64python2.5-devel-2.5.2-5.7mdvmes5.1.x86_64.rpm 2cac9f75b9cb85182e8a420329dfaccd mes5/x86_64/python-2.5.2-5.7mdvmes5.1.x86_64.rpm e04fdf9d4f629dd51b3bb27e22e4a152 mes5/x86_64/python-base-2.5.2-5.7mdvmes5.1.x86_64.rpm 77b9ee5a5be480ce55eccee414c0f4d5 mes5/x86_64/python-docs-2.5.2-5.7mdvmes5.1.x86_64.rpm 8de9bb41acd3ed981b9b44dbf7d139a5 mes5/x86_64/tkinter-2.5.2-5.7mdvmes5.1.x86_64.rpm 6d1a1b1173907b8602d7ca0ad71bc537 mes5/x86_64/tkinter-apps-2.5.2-5.7mdvmes5.1.x86_64.rpm 49d1708b056d60fb851ce89033d84224 mes5/SRPMS/python-2.5.2-5.7mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMPcWfmqjQ0CJFipgRAgC9AKCCg+mLAWCbtfXJCQPNEYsjz1BzogCg5B8+ nyO+UGRvVtbkbK42OCE47C4= =DtKJ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/