Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

Zed: A Next-Gen Rust-Based Open Source Code Editor With AI

LXer Features

Linux That's Small

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

See Activation Cube feature on Fedora 41 KDE Spin in VENV

You don't need AI to know how this goes

Should be a SNL skit

Please add https to lxer.com

Anyone remember Distrotest.net? I found a new one!

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

Mandrake security alert: Updated python packages fix buffer overflow vulnerability

Posted by dave on Mar 10, 2004 3:29 AM EDT
Mailing list

Mail this story
Print this story

A buffer overflow in python 2.2's getaddrinfo() function was discovered by Sebastian Schmidt.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory _______________________________________________________________________

Package name: python Advisory ID: MDKSA-2004:019 Date: March 9th, 2004

Affected versions: 9.0, Corporate Server 2.1 ______________________________________________________________________

Problem Description:

A buffer overflow in python 2.2's getaddrinfo() function was discovered by Sebastian Schmidt. If python 2.2 is built without IPv6 support, an attacker could configure their name server to let a hostname resolve to a special IPv6 address, which could contain a memory address where shellcode is placed. This problem does not affect python versions prior to 2.2 or versions 2.2.2+, and it also doesn't exist if IPv6 support is enabled. The updated packages have been patched to correct the problem. Thanks to Sebastian for both the discovery and patch. _______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0150 ______________________________________________________________________

Updated Packages: Corporate Server 2.1: 879da513052f8a7f22f46b32c8edd064 corporate/2.1/RPMS/libpython2.2-2.2.1-14.4.C21mdk.i586.rpm 41aabf6642342583667e7f7614b2b1af corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.4.C21mdk.i586.rpm 79afd48bc89cf1dd3580f9b9d210ab08 corporate/2.1/RPMS/python-2.2.1-14.4.C21mdk.i586.rpm 0e6280b152a9f65677da9ce35bbfc987 corporate/2.1/RPMS/python-base-2.2.1-14.4.C21mdk.i586.rpm 9e0eaadd3d9e3a15b95acb17fbde064d corporate/2.1/RPMS/python-docs-2.2.1-14.4.C21mdk.i586.rpm f241bc6291f1d5a46e95a2e5fa7e7791 corporate/2.1/RPMS/tkinter-2.2.1-14.4.C21mdk.i586.rpm 84625a172626fe08ff13bce7b2030641 corporate/2.1/SRPMS/python-2.2.1-14.4.C21mdk.src.rpm

Corporate Server 2.1/x86_64: 5b523008885552a89c17197f1091c850 x86_64/corporate/2.1/RPMS/libpython2.2-2.2.1-14.4.C21mdk.x86_64.rpm 44befc507f68059d14f46c758ed57380 x86_64/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.4.C21mdk.x86_64.rpm 0dfefaf01bb9ac8a5cecc444900be1b2 x86_64/corporate/2.1/RPMS/python-2.2.1-14.4.C21mdk.x86_64.rpm cd79821fb454279049337f3bd0885479 x86_64/corporate/2.1/RPMS/python-base-2.2.1-14.4.C21mdk.x86_64.rpm 955bd9c56f666e19e146feb9da0087b7 x86_64/corporate/2.1/RPMS/python-docs-2.2.1-14.4.C21mdk.x86_64.rpm 651c007f402400e18c51ac97ae3da84e x86_64/corporate/2.1/RPMS/tkinter-2.2.1-14.4.C21mdk.x86_64.rpm 84625a172626fe08ff13bce7b2030641 x86_64/corporate/2.1/SRPMS/python-2.2.1-14.4.C21mdk.src.rpm

Mandrakelinux 9.0: 9e8ecf81acdf6e00066b020bead51c4a 9.0/RPMS/libpython2.2-2.2.1-14.4.90mdk.i586.rpm 990622b91606efd81f8fe2b40c8576f3 9.0/RPMS/libpython2.2-devel-2.2.1-14.4.90mdk.i586.rpm b91abc21fad8020cbee047ad1bbf0da8 9.0/RPMS/python-2.2.1-14.4.90mdk.i586.rpm a08fb0bad8dafca71f0e08a343c95412 9.0/RPMS/python-base-2.2.1-14.4.90mdk.i586.rpm 3d2be84aab4e0fab2cb86c9e6bacc25f 9.0/RPMS/python-docs-2.2.1-14.4.90mdk.i586.rpm a765ef4de6610a6ea880dc17aeab7636 9.0/RPMS/tkinter-2.2.1-14.4.90mdk.i586.rpm 1ad8d764521ada5597da5f5083dfd1f6 9.0/SRPMS/python-2.2.1-14.4.90mdk.src.rpm _______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesecure.net/en/advisories/

Mandrakesoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFATqJ/mqjQ0CJFipgRAtEtAJkB8w2/Qf1eXYE/eGMBh55sKX/MpwCeI+No P3uOOAxXMBCVPT+J3QDN41E= =8F0Z -----END PGP SIGNATURE-----

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software