|
|
Subscribe / Log in / New account

Debian alert DSA-458-2 (python2.2)

From:  joey@infodrom.org (Martin Schulze)
To:  debian-security-announce@lists.debian.org (Debian Security Announcements)
Subject:  [SECURITY] [DSA 458-2] New python2.2 packages really fix buffer overflow
Date:  Tue, 31 Aug 2004 09:32:10 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 458-2 security@debian.org http://www.debian.org/security/ Martin Schulze August 31st, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : python2.2 Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE Ids : CAN-2004-0150 BugTraq ID : 9836 Debian Bug : 248946 This security advisory corrects DSA 458-1 which caused some segmentation faults in gethostbyaddr with non-localhost input. This update also disables IPv6 on all architectures. The original advisory said: Sebastian Schmidt discovered a buffer overflow bug in Python's getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack. This bug only exists in python 2.2 and 2.2.1, and only when IPv6 support is disabled. The python2.2 package in Debian woody meets these conditions (the 'python' package does not). For the stable distribution (woody), this bug has been fixed in version 2.2.1-4.5. The testing and unstable distribution (sid) are not affected by this problem. We recommend that you update your python2.2 package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 1150 cf66b7df147cd3abe5f7996ef1d798a1 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 92754 6e8bdacbe3ab45e44614062d88d8058a http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 6536167 88aa07574673ccfaf35904253c78fc7d Architecture independent components: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 112964 4b3199bd24e653365a70a84a7e776e71 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 1314152 f6159965926afd04d721ed7b1f26766a http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 50044 d0a163f95e67375503f44d1cbd06a766 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 477718 caff59139f30f7afb067ff7adf4def81 Alpha architecture: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 2138578 a33063f19dfaa15665c20d58cdb73bf0 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 863826 d58d2a8280abb6617a32e151494258a0 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 18048 212a1f4d3c361c516a0b1415152a6b0b http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 21686 7bf08f71e1c0eb371cbb2783497b19f4 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 86200 f37e71e03c8ffdc3c93707f4b35340ed http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 52292 fae41d3795662264abdeab61e545dc75 ARM architecture: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 1951870 822b2d62e146e1eaefa8d6f501528f56 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 774482 040afadb3bd8f4f6a9de9c5244725875 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 16860 cd400949fd539fc97580ce35c05f0bcd http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 20102 4aa03c8213d64b7f84b1415cf3b676a1 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 84480 af25e64589130d50ea5ac9be616f66fc http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 49704 3bde8cb677e9aa8ce0d9223866914f82 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 1888726 436d2ed1731063b83fca919845480fa9 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 684000 51122edfefa820a42d80edb8e3983b6b http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 16658 29d9a3dea27ae4b5f3daab542192f590 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 20040 7540f4b9f60ad14126fcd66d6e7da3aa http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 83280 2ced34d765dc4916885251a8d3b70548 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 48678 ac6e9fdad6443eb316e767fd570812f2 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 2489766 94e9bb04dc16839e7c58c804fbdb532d http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 936530 8e7e149b9a88476312ed4843d1b409cd http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 19466 96eb4f653a816458ea185be60bfadb01 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 25410 0073429e3953ac49859f354019a250b5 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 90336 55464dae099820960f7e18e3641f2f4b http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 56362 9505164b5a445e25424c3d2999193af4 HP Precision architecture: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 2356458 a5347c22d8e5fff386931a205a408fd9 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 924798 db38537800027eeac634fd3d86033bf9 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 18198 2a1e0e73f5f8e2a502d083a134734489 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 24008 5bc5d723dbf8967d8abfebd6eb246051 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 88038 9d2d5a229986c09cc24f18e00ba7f4ec http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 54914 76a19df9685652a813fc7cb6d78631e8 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 1894230 638aaee1095e8a9f7e195dac11dbf9db http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 660790 9303e0a962e847b073156efc4fdf9490 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 16778 073a581cf3aacc8e3d190162badea45a http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 19720 cb652d481c6dc183924438d29a9c2dc7 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 84166 c929a6e6f2e465406e318c495461ab12 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 49494 ad110ab5d060a7d40913615ca7baa190 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 1952764 aae122721f5f0417a90be9cc2cd651e4 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 790258 4a65c4709a023a9c6391ec7fd6d87b5f http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 16868 954c72b264e65069549cf15d896bafc0 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 20136 2277a007679ca89f27c12cb48066d850 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 83296 5d0540445a5e9f994fba2ef86a0edf92 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 48882 2df2ffa6eadf8df8324229cd7124eb2a Little endian MIPS architecture: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 1947544 556a6c3a1b9601652d0c4875b038b939 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 790136 14f595e7373683cd647bb69144552359 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 16878 46f24850ebabf78dc9b51cb5ff9408be http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 20152 a81e9b7db0c15603bac6210207b09b6c http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 83248 e2c8b60375307c2aad8ab27f72498561 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 48822 95a0795df1d65d250ff9c9592114c71d PowerPC architecture: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 1998458 31062fa45fe2301a7d3ad9d6f0f26bd4 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 775322 3917f645b81febfa0b945d936a326c10 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 16992 190c42311e3ac49edbafd6d716239086 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 20692 65fda13391da2bb6ac5cc0d5c5240254 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 84894 90ede0567beaf59e73f8ba7d1576bd67 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 50218 0448a5f92d10b9170e2a28e29ceb5f91 IBM S/390 architecture: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 1940432 f970a892475237f0f8a1cb23774009d9 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 692566 034e05df689e471713732f8ffec64baf http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 17234 2dc518f352a8750405caf5381998e51a http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 20474 17c7bf9dd87d040fc843420fcd21d10a http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 85278 903c1d5a078c215b7518c635e28eb743 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 49756 786da3d0572811f2b113c2f7a7a82b2a Sun Sparc architecture: http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 2036844 5afa6fef3493a74ebfb5b62940e54549 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 738110 512c476def1ccd06acf18d71cc79d3ac http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 19980 eb2c3f81a9161de148d0d3b78ffac1b9 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 19632 3900b210f66c620462aa8e6000b070a4 http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 84110 5ad581c3e6cde9f851e7cd54b530068b http://security.debian.org/pool/updates/main/p/python2.2/... Size/MD5 checksum: 49476 7d9584eb01d6793667d2b19cc47727ce These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBNCl5W5ql+IAeqTIRAhfMAJ4qYziy9uyVjGym6O7ddQ/aTs7NVACgt3u9 RkdaIJKaC3zWJkdEemJqA2c= =CjTu -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


(Log in to post comments)


Copyright © 2024, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds