Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Debian alert: New python2.2 packages fix buffer overflow

Posted by dave on Mar 10, 2004 3:27 AM EDT
Mailing list

Mail this story
Print this story

Sebastian Schmidt discovered a buffer overflow bug in Python's getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

- -------------------------------------------------------------------------- Debian Security Advisory DSA 458-1 [e-mail:security@debian.org] http://www.debian.org/security/ Matt Zimmerman March 9th, 2004 http://www.debian.org/security/faq - --------------------------------------------------------------------------

Package : python2.2 Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE Ids : CAN-2004-0150

Sebastian Schmidt discovered a buffer overflow bug in Python's getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack.

This bug only exists in python 2.2 and 2.2.1, and only when IPv6 support is disabled. The python2.2 package in Debian woody meets these conditions (the 'python' package does not).

For the stable distribution (woody), this bug has been fixed in version 2.2.1-4.3.

The unstable distribution (sid) is not affected by this bug.

We recommend that you update your python2.2 package.

Upgrade Instructions - --------------------

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3.dsc Size/MD5 checksum: 1150 026cac287c887609b61eb9fa776d08e7 http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3.diff.gz Size/MD5 checksum: 92168 5490c5305412b26e913ef0c9d3942f92 http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz Size/MD5 checksum: 6536167 88aa07574673ccfaf35904253c78fc7d

Architecture independent components:

http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.3_all.deb Size/MD5 checksum: 112800 2f7bbe87cd65fc46d692549fdc2ae27a http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.3_all.deb Size/MD5 checksum: 1307068 dda8d059664d4b8ee062ac3e10b844a9 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.3_all.deb Size/MD5 checksum: 49874 31d0c5a9eae3e2d3871bd6aabb36cbc0 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.3_all.deb Size/MD5 checksum: 477558 50bad66b5dbceb48eea56527266290ec

Alpha architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3_alpha.deb Size/MD5 checksum: 2139014 4513103ad2a30bb36a5b6084770a33ad http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.3_alpha.deb Size/MD5 checksum: 863556 f7a9616d790f93a4d91de3d2274d55b7 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.3_alpha.deb Size/MD5 checksum: 17888 5a97553b3f1d739676284ce7589011d6 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.3_alpha.deb Size/MD5 checksum: 21522 4824c04e78ff693517f079aeb31facf8 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.3_alpha.deb Size/MD5 checksum: 86040 36c357ee7a8d70f39185d896ec52d573 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.3_alpha.deb Size/MD5 checksum: 52100 484c5a2ccd5ec619efa21ee4e679b548

ARM architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3_arm.deb Size/MD5 checksum: 1951662 f74c8b28ecda2c514e590ef1caa85ac3 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.3_arm.deb Size/MD5 checksum: 774368 500a8ad4163ce2fa9f1add1262f55b52 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.3_arm.deb Size/MD5 checksum: 16714 147ef5558199d5549106fe7c14f9cc8d http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.3_arm.deb Size/MD5 checksum: 19960 fcb3839792b43f2cb1a62eadee44a077 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.3_arm.deb Size/MD5 checksum: 84344 b1e4c75a260568cf6e5f9335b94fee49 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.3_arm.deb Size/MD5 checksum: 49558 e28e462a68fd73fc9851e43fcd1185a2

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3_i386.deb Size/MD5 checksum: 1888568 6ebcdd281461135393079cc9b59f742d http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.3_i386.deb Size/MD5 checksum: 683880 c5d021c851f5cf88dc489928520a5074 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.3_i386.deb Size/MD5 checksum: 16512 c3d530709b3c99f52ad9093d19081717 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.3_i386.deb Size/MD5 checksum: 19908 1181e089f6cbf04efe40b573afd8a48a http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.3_i386.deb Size/MD5 checksum: 83134 2c9e73c9715987ac084d1672e7721fd2 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.3_i386.deb Size/MD5 checksum: 48534 1348fa8ea71f7999d5b6c9267ebfc302

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3_ia64.deb Size/MD5 checksum: 2489568 8faa7fd8c761ac49ab731c107fd07784 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.3_ia64.deb Size/MD5 checksum: 936400 c262bedca5ab6306762d101a2dbeb4bf http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.3_ia64.deb Size/MD5 checksum: 19320 91211edb804aa093ca70a50a63cf759f http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.3_ia64.deb Size/MD5 checksum: 25276 e115e92f0b544ce0f7d0cf8ce925befd http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.3_ia64.deb Size/MD5 checksum: 90202 d83d56e29880977e094f379a54041f38 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.3_ia64.deb Size/MD5 checksum: 56246 ca2fee283c70ebc0acd9c9b5f72f5ef2

HP Precision architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3_hppa.deb Size/MD5 checksum: 2356422 ba2c2bebb6e4a4b4817afcec0350188d http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.3_hppa.deb Size/MD5 checksum: 924658 638e5d9a494e96e8fe5e1db32fbef478 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.3_hppa.deb Size/MD5 checksum: 18052 8d884a8947b53e4027fa3c3694fe37fd http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.3_hppa.deb Size/MD5 checksum: 23884 1c8ae393857ee188b5b785cabe926551 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.3_hppa.deb Size/MD5 checksum: 87912 10a7d7be90f4f367df6f9fd5f8381c4a http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.3_hppa.deb Size/MD5 checksum: 54808 a0e8c65e48defb2be6e445e260bbbd84

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3_m68k.deb Size/MD5 checksum: 1894116 a9e13517442b21ec512192cc0361e11f http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.3_m68k.deb Size/MD5 checksum: 660676 39ba81220147394a063c672b2b3c5b1c http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.3_m68k.deb Size/MD5 checksum: 16636 bd068d58755442f7ef26399ed370732d http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.3_m68k.deb Size/MD5 checksum: 19590 10cefe6b181fe2b335befae20df73ae2 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.3_m68k.deb Size/MD5 checksum: 84038 232b10864957eeb65e425d694e7703d2 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.3_m68k.deb Size/MD5 checksum: 49348 251d4e6cdde45cf99ea22a90dc0908fe

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3_mips.deb Size/MD5 checksum: 1952988 afb78402c69aa4df4ab8a597bcd25f26 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.3_mips.deb Size/MD5 checksum: 790028 ab7b4896fba685351a227f67b1791f9b http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.3_mips.deb Size/MD5 checksum: 16716 27c20b8987197602be78b5f43da6c39c http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.3_mips.deb Size/MD5 checksum: 19986 65dc613e81dc6cb649d24b38922b1282 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.3_mips.deb Size/MD5 checksum: 83134 61693a6577bad15625d8a5a2de5520fc http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.3_mips.deb Size/MD5 checksum: 48714 76562b2f2a98a01ff776e1f2e1dda7fd

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3_mipsel.deb Size/MD5 checksum: 1947982 a6c572ae19fb4010fed6eb4e4d73ede1 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.3_mipsel.deb Size/MD5 checksum: 790012 f5d4a838b99dcf920c04a2c7583595a0 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.3_mipsel.deb Size/MD5 checksum: 16736 205d834cec00e789080022e5090d1dfa http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.3_mipsel.deb Size/MD5 checksum: 20012 164a1eacfc13cfb395e0b26360e174ae http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.3_mipsel.deb Size/MD5 checksum: 83098 029471a9db8e14c3cb351ae9b6ad406d http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.3_mipsel.deb Size/MD5 checksum: 48664 2b9c4fa8ab291a5b68063c2c7f29a1dd

PowerPC architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3_powerpc.deb Size/MD5 checksum: 1998922 8d953c040dd92c534d05ad882df6e398 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.3_powerpc.deb Size/MD5 checksum: 775176 7c45249dd6fa92ab5330b2a4650a7142 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.3_powerpc.deb Size/MD5 checksum: 16838 4e4afda84b75ac3e1b42c7beb086894a http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.3_powerpc.deb Size/MD5 checksum: 20556 a0f9e12d04699ea4786d6321212b41fe http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.3_powerpc.deb Size/MD5 checksum: 84772 1b52dc89d0bbf81a8e6e1d83bcf3c6a8 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.3_powerpc.deb Size/MD5 checksum: 50084 0419de4d8333513dfbb30270284d7f93

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3_s390.deb Size/MD5 checksum: 1940700 587277953f96aa119a0175696ccb0bbd http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.3_s390.deb Size/MD5 checksum: 692444 6aee6f113bd22f12b5a1effb98eebae0 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.3_s390.deb Size/MD5 checksum: 17088 b6e1ff30cb3d4ad9bb7ba270dcdda9ab http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.3_s390.deb Size/MD5 checksum: 20332 e316a509e86fa1eb735542e56adcb5d3 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.3_s390.deb Size/MD5 checksum: 85160 8f3e30216951722b482b92ff97106ac9 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.3_s390.deb Size/MD5 checksum: 49612 74d65b5062291f72027c65d7fff1a6ed

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.3_sparc.deb Size/MD5 checksum: 2036658 e34779d0638b6559b9a97d58440e75f2 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.3_sparc.deb Size/MD5 checksum: 737962 1b2728ec03c593264eec517535e0297c http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.3_sparc.deb Size/MD5 checksum: 19834 d9758964b6189d0b3fa6aba13728909a http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.3_sparc.deb Size/MD5 checksum: 19482 b5808423a21d12140a3822a4a293dd20 http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.3_sparc.deb Size/MD5 checksum: 83974 b71fd52e528ff367799540f7e353aacf http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.3_sparc.deb Size/MD5 checksum: 49324 761b33efd131d432e3ca31105fc85918

These files will probably be moved into the stable distribution on its next revision.

- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [e-mail:debian-security-announce@lists.debian.org] Package info: 'apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFATrVfArxCt0PiXR4RAnOFAKCEG+DB8mgvIQsjcHApf7Y18aBqRQCgoU+H E+EfPnVdSc+WmKSUqflhTQA= =41fn -----END PGP SIGNATURE-----

-- To UNSUBSCRIBE, email to [e-mail:debian-security-announce-request@lists.debian.org] with a subject of "unsubscribe". Trouble? Contact [e-mail:listmaster@lists.debian.org]

Nav

» Read more about: Story Type: Security; Groups: Debian

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.