Debian-Sicherheitsankündigung
DSA-821-1 python2.3 -- Integer-Überlauf
- Datum des Berichts:
- 28. Sep 2005
- Betroffene Pakete:
- python2.3
- Verwundbar:
- Ja
- Sicherheitsdatenbanken-Referenzen:
- In der Debian-Fehlerdatenbank: Fehler 324531.
In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 14620.
In Mitres CVE-Verzeichnis: CVE-2005-2491. - Weitere Informationen:
-
Ein Integer-Überlauf mit einem nachfolgenden Pufferüberlauf wurde in PCRE entdeckt, der »Perl Compatible Regular Expressions«-Bibliothek. Dieser Fehler ermöglicht einem Angreifer, beliebigen Code auszuführen und ist in Python ebenfalls vorhanden. Um diese Verwundbarkeit ausnutzen zu können, muss der Angreifer den zu verwendenden regulären Ausdruck angeben.
Die alte Stable-Distribution (Woody) enthält keine python2.3-Pakete.
Für die Stable-Distribution (Sarge) wurde dieses Problem in Version 2.3.5-3sarge1 behoben.
Für die Unstable-Distribution (Sid) wurde dieses Problem in Version 2.3.5-8 behoben.
Wir empfehlen Ihnen, Ihre python2.3-Pakete zu aktualisieren.
- Behoben in:
-
Debian GNU/Linux 3.1 (sarge)
- Quellcode:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1.dsc
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1.diff.gz
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1.diff.gz
- Architektur-unabhängige Dateien:
- http://security.debian.org/pool/updates/main/p/python2.3/idle-python2.3_2.3.5-3sarge1_all.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-doc_2.3.5-3sarge1_all.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-examples_2.3.5-3sarge1_all.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-doc_2.3.5-3sarge1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_amd64.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_sparc.deb
MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.