Debian-Sicherheitsankündigung

DSA-821-1 python2.3 -- Integer-Überlauf

Datum des Berichts:

28. Sep 2005

Betroffene Pakete:

Verwundbar:

Sicherheitsdatenbanken-Referenzen:

In der Debian-Fehlerdatenbank: Fehler 324531.
In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 14620.
In Mitres CVE-Verzeichnis: CVE-2005-2491.

Weitere Informationen:

Ein Integer-Überlauf mit einem nachfolgenden Pufferüberlauf wurde in PCRE entdeckt, der »Perl Compatible Regular Expressions«-Bibliothek. Dieser Fehler ermöglicht einem Angreifer, beliebigen Code auszuführen und ist in Python ebenfalls vorhanden. Um diese Verwundbarkeit ausnutzen zu können, muss der Angreifer den zu verwendenden regulären Ausdruck angeben.

Die alte Stable-Distribution (Woody) enthält keine python2.3-Pakete.

Für die Stable-Distribution (Sarge) wurde dieses Problem in Version 2.3.5-3sarge1 behoben.

Für die Unstable-Distribution (Sid) wurde dieses Problem in Version 2.3.5-8 behoben.

Wir empfehlen Ihnen, Ihre python2.3-Pakete zu aktualisieren.

Behoben in:

Debian GNU/Linux 3.1 (sarge)

Quellcode:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1.dsc; http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1.diff.gz; http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5.orig.tar.gz
Architektur-unabhängige Dateien:: http://security.debian.org/pool/updates/main/p/python2.3/idle-python2.3_2.3.5-3sarge1_all.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-doc_2.3.5-3sarge1_all.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-examples_2.3.5-3sarge1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_amd64.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_amd64.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_amd64.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_amd64.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.

Diese Seite gibt es auch in den folgenden Sprachen:

dansk English español français svenska

Wie stellt man die Standardsprache ein

Um Probleme mit der Website zu melden, schreiben Sie bitte eine E-Mail auf Englisch an debian-www@lists.debian.org. Rechtschreibfehler in der deutschen Übersetzung senden Sie bitte an debian-l10n-german@lists.debian.org. Weitere Kontaktinformationen finden Sie auf Debians Kontaktseite.

Zuletzt geändert: Dienstag den 16. Sep 2008 um 19:47:09 Uhr UTC
Copyright © 2005-2008 SPI; Hier die Lizenzbestimmungen
Debian ist ein eingetragenes Warenzeichen der Software in the Public Interest, Inc.