[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 1197-1] New python2.4 packages fix arbitrary code execution



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1197-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
October 22nd, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : python2.4
Vulnerability  : buffer overflow
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2006-4980
Debian Bug     : 391589

Benjamin C. Wiley Sittler discovered that the repr() of the Python 
interpreter allocates insufficient memory when parsing UCS-4 Unicode
strings, which might lead to execution of arbitrary code through
a buffer overflow.

For the stable distribution (sarge) this problem has been fixed in
version 2.4.1-2sarge1. Due to build problems this update lacks fixed
packages for the m68k architecture. Once they are sorted out, binaries
for m68k will be released.

For the unstable distribution (sid) this problem has been fixed in
version 2.4.4-1.

We recommend that you upgrade your Python 2.4 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1.dsc
      Size/MD5 checksum:     1094 c32c8fdbdc8579afa65a35811fd0f447
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1.diff.gz
      Size/MD5 checksum:  2588405 b06709694f4fd3b04ddd0316403f3528
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1.orig.tar.gz
      Size/MD5 checksum:  9205762 0475655d5c6f7919fc977c42c1103af8

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.1-2sarge1_all.deb
      Size/MD5 checksum:   239606 7bfff5388898e8fa7696f34e59035779
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-doc_2.4.1-2sarge1_all.deb
      Size/MD5 checksum:  3217000 0a26b7cfe7aa6666c553b0f9e5fdd228
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.1-2sarge1_all.deb
      Size/MD5 checksum:   578596 e789e6a59b4110f986614157d83ac1ec

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_alpha.deb
      Size/MD5 checksum:  3610318 cdf1d11305fee01f3eeea87bbae45266
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_alpha.deb
      Size/MD5 checksum:  6995312 a00b457959904c463a227389b5ee2d1b
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_alpha.deb
      Size/MD5 checksum:  1846778 4200b817da114fbf781d0e2ee7c3f125
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_alpha.deb
      Size/MD5 checksum:    27158 c8214711b8b8c020fa6fe1c5b430857d
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_alpha.deb
      Size/MD5 checksum:   111724 78583460f1f16a560346416dafdd1e97

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_amd64.deb
      Size/MD5 checksum:  3644420 f1e366e9de8c4583201db00823e740b0
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_amd64.deb
      Size/MD5 checksum:  7596356 656640c35bcf86aef6af768b754191f8
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_amd64.deb
      Size/MD5 checksum:  1680266 56874b34d708320d9563bf322c009950
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_amd64.deb
      Size/MD5 checksum:    26752 5c432a87748ebf5c1299684a5b995bcf
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_amd64.deb
      Size/MD5 checksum:   110664 1abaea30247985cecb0f0c394a532bbc

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_arm.deb
      Size/MD5 checksum:  3476134 d9122efe777d8782fde2a8ed06db0456
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_arm.deb
      Size/MD5 checksum:  7773024 0cfac06be44113fc5328878559265408
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_arm.deb
      Size/MD5 checksum:  1740512 f2dbd9a91f0168c2a54ff5e85991f797
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_arm.deb
      Size/MD5 checksum:    26216 58d858bb9b10ba2b7a8381dba62fccab
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_arm.deb
      Size/MD5 checksum:   108414 7aada40e9df512d388fd0c372a0f96e4

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_hppa.deb
      Size/MD5 checksum:  3967042 1179251a4c152791bce6190f14f50029
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_hppa.deb
      Size/MD5 checksum:  7506806 ee1f489786abb4d05cc6cd6049d09d44
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_hppa.deb
      Size/MD5 checksum:  1930440 42270cb0ab8332455f33b42c0e209ea8
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_hppa.deb
      Size/MD5 checksum:    27692 0f161e2821a24dab07b5c31c628f1f35
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_hppa.deb
      Size/MD5 checksum:   114356 d9b62f50ef9869899503bf11e3c7ba71

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_i386.deb
      Size/MD5 checksum:  3498752 2195fedd87ce153be461795974e4816d
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_i386.deb
      Size/MD5 checksum:  7486790 67a1ae83b45af4fcd0ea04d27df0caab
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_i386.deb
      Size/MD5 checksum:  1560084 a4c6fed23893734aa0b745ebcdf0506b
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_i386.deb
      Size/MD5 checksum:    26442 76de5a0d786eed213f22b32b9dcd8057
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_i386.deb
      Size/MD5 checksum:   108746 dc99596f18cf8d10a52d0d81083b62cc

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_ia64.deb
      Size/MD5 checksum:  4793736 cb9eeb3af5105dede1690b5eb11336f1
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_ia64.deb
      Size/MD5 checksum:  8167732 ecbe13d1a7e9fc7fa9dd3523040628bb
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_ia64.deb
      Size/MD5 checksum:  2569956 81850f114647dada515407a15daa52a1
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_ia64.deb
      Size/MD5 checksum:    28960 79e3b59f0042bb107a989b66c130b26d
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_ia64.deb
      Size/MD5 checksum:   121118 9d33f567b038361b8d23cf0275674799

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_mips.deb
      Size/MD5 checksum:  3669214 06b8ba760797fe08f252e25e9af856db
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_mips.deb
      Size/MD5 checksum:  7589004 e6198a6685c9508afda6dd08e1dee888
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_mips.deb
      Size/MD5 checksum:  1793540 e14db41b525691a3b502c51d805bf5f9
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_mips.deb
      Size/MD5 checksum:    26444 014cb1eb51f4f4889221399c20c1e9a3
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_mips.deb
      Size/MD5 checksum:   108174 6b99bf799321674e04f561f4584fcd15

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_mipsel.deb
      Size/MD5 checksum:  3647276 65573507ed3184680910bb53af7adae0
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_mipsel.deb
      Size/MD5 checksum:  7529236 fe2591c7be7bc3da6d1426b0419b2129
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_mipsel.deb
      Size/MD5 checksum:  1796408 3da2ad04d9a0b88b6809ce376f46fdbc
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_mipsel.deb
      Size/MD5 checksum:    26406 00bd7ffd924803a5226c82bff8a3e1ad
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_mipsel.deb
      Size/MD5 checksum:   108036 7a7c6c10b32d86302cdb418fa148cbfc

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_powerpc.deb
      Size/MD5 checksum:  3814752 b9be9ccb59126a9a83365aef93e27ad3
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_powerpc.deb
      Size/MD5 checksum:  9396504 278a5f89d8201ffaeca9fe4501ad5ae0
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_powerpc.deb
      Size/MD5 checksum:  1806198 2db0437733c5801d00c4b5fd82fbdebd
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_powerpc.deb
      Size/MD5 checksum:    28204 b7b47dc9d2532c3abc06e0c1bf6e9597
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_powerpc.deb
      Size/MD5 checksum:   111358 fa58349527c32f6bd6126441274b5583

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_s390.deb
      Size/MD5 checksum:  3712336 2761bb55f4ac0a934476394bef538357
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_s390.deb
      Size/MD5 checksum:  8222234 dfc770cac7f3e481b4969e7be2a8d629
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_s390.deb
      Size/MD5 checksum:  1713588 d5ed9763362eee3dfba73ec19de652cb
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_s390.deb
      Size/MD5 checksum:    27276 5ee293e901f42bafa79a0a37a4ce233d
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_s390.deb
      Size/MD5 checksum:   112968 2c4689078758091ccfae1057fda09e9e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_sparc.deb
      Size/MD5 checksum:  3715424 81908a631feaa110610a58410f950d91
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_sparc.deb
      Size/MD5 checksum:  7449766 854b2894343dcc66c5b0a88b5216052b
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_sparc.deb
      Size/MD5 checksum:  1758642 f883d25bbe9787e852a7f6b3d09d9d2c
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_sparc.deb
      Size/MD5 checksum:    26518 2444845126380cc59835d88ade744687
    http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_sparc.deb
      Size/MD5 checksum:   110710 cd0d19aa95b3acad587ae7097ecc391e


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD4DBQFFO9HWXm3vHE4uyloRAkazAJd37lgm4fD/DH6szTwXgXt+UfVnAJ4qsg6o
zmT3iSfgmh0EKG9MsJVZRw==
=aiC/
-----END PGP SIGNATURE-----



Reply to: