DSA 458-2: New python2.2 packages really fix buffer overflow
Posted on: 08/31/2004 03:51 AM

New python2.2 packages are available for Debian GNU/Linux

---------------------------------------------------------------------------
Debian Security Advisory DSA 458-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
Aughst 31st, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------

Package : python2.2
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2004-0150
BugTraq ID : 9836
Debian Bug : 248946

This security advisory corrects DSA 458-1 which caused some segmentation faults in gethostbyaddr with non-localhost input. This update also disables IPv6 on all architectures.

The original advisory said:

Sebastian Schmidt discovered a buffer overflow bug in Python's getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack.

This bug only exists in python 2.2 and 2.2.1, and only when IPv6 support is disabled. The python2.2 package in Debian woody meets these conditions (the 'python' package does not).

For the stable distribution (woody), this bug has been fixed in version 2.2.1-4.5.

The testing and unstable distribution (sid) are not affected by this problem.

We recommend that you update your python2.2 package.

Upgrade Instructions
---------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
---------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5.dsc
Size/MD5 checksum: 1150 cf66b7df147cd3abe5f7996ef1d798a1
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5.diff.gz
Size/MD5 checksum: 92754 6e8bdacbe3ab45e44614062d88d8058a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
Size/MD5 checksum: 6536167 88aa07574673ccfaf35904253c78fc7d

Architecture independent components:

http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.5_all.deb
Size/MD5 checksum: 112964 4b3199bd24e653365a70a84a7e776e71
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.5_all.deb
Size/MD5 checksum: 1314152 f6159965926afd04d721ed7b1f26766a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.5_all.deb
Size/MD5 checksum: 50044 d0a163f95e67375503f44d1cbd06a766
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.5_all.deb
Size/MD5 checksum: 477718 caff59139f30f7afb067ff7adf4def81

Alpha architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 2138578 a33063f19dfaa15665c20d58cdb73bf0
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 863826 d58d2a8280abb6617a32e151494258a0
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 18048 212a1f4d3c361c516a0b1415152a6b0b
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 21686 7bf08f71e1c0eb371cbb2783497b19f4
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 86200 f37e71e03c8ffdc3c93707f4b35340ed
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_alpha.deb
Size/MD5 checksum: 52292 fae41d3795662264abdeab61e545dc75

ARM architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_arm.deb
Size/MD5 checksum: 1951870 822b2d62e146e1eaefa8d6f501528f56
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_arm.deb
Size/MD5 checksum: 774482 040afadb3bd8f4f6a9de9c5244725875
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_arm.deb
Size/MD5 checksum: 16860 cd400949fd539fc97580ce35c05f0bcd
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_arm.deb
Size/MD5 checksum: 20102 4aa03c8213d64b7f84b1415cf3b676a1
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_arm.deb
Size/MD5 checksum: 84480 af25e64589130d50ea5ac9be616f66fc
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_arm.deb
Size/MD5 checksum: 49704 3bde8cb677e9aa8ce0d9223866914f82

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_i386.deb
Size/MD5 checksum: 1888726 436d2ed1731063b83fca919845480fa9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_i386.deb
Size/MD5 checksum: 684000 51122edfefa820a42d80edb8e3983b6b
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_i386.deb
Size/MD5 checksum: 16658 29d9a3dea27ae4b5f3daab542192f590
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_i386.deb
Size/MD5 checksum: 20040 7540f4b9f60ad14126fcd66d6e7da3aa
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_i386.deb
Size/MD5 checksum: 83280 2ced34d765dc4916885251a8d3b70548
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_i386.deb
Size/MD5 checksum: 48678 ac6e9fdad6443eb316e767fd570812f2

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 2489766 94e9bb04dc16839e7c58c804fbdb532d
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 936530 8e7e149b9a88476312ed4843d1b409cd
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 19466 96eb4f653a816458ea185be60bfadb01
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 25410 0073429e3953ac49859f354019a250b5
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 90336 55464dae099820960f7e18e3641f2f4b
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_ia64.deb
Size/MD5 checksum: 56362 9505164b5a445e25424c3d2999193af4

HP Precision architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 2356458 a5347c22d8e5fff386931a205a408fd9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 924798 db38537800027eeac634fd3d86033bf9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 18198 2a1e0e73f5f8e2a502d083a134734489
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 24008 5bc5d723dbf8967d8abfebd6eb246051
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 88038 9d2d5a229986c09cc24f18e00ba7f4ec
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_hppa.deb
Size/MD5 checksum: 54914 76a19df9685652a813fc7cb6d78631e8

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 1894230 638aaee1095e8a9f7e195dac11dbf9db
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 660790 9303e0a962e847b073156efc4fdf9490
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 16778 073a581cf3aacc8e3d190162badea45a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 19720 cb652d481c6dc183924438d29a9c2dc7
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 84166 c929a6e6f2e465406e318c495461ab12
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_m68k.deb
Size/MD5 checksum: 49494 ad110ab5d060a7d40913615ca7baa190

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_mips.deb
Size/MD5 checksum: 1952764 aae122721f5f0417a90be9cc2cd651e4
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_mips.deb
Size/MD5 checksum: 790258 4a65c4709a023a9c6391ec7fd6d87b5f
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_mips.deb
Size/MD5 checksum: 16868 954c72b264e65069549cf15d896bafc0
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_mips.deb
Size/MD5 checksum: 20136 2277a007679ca89f27c12cb48066d850
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_mips.deb
Size/MD5 checksum: 83296 5d0540445a5e9f994fba2ef86a0edf92
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_mips.deb
Size/MD5 checksum: 48882 2df2ffa6eadf8df8324229cd7124eb2a

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 1947544 556a6c3a1b9601652d0c4875b038b939
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 790136 14f595e7373683cd647bb69144552359
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 16878 46f24850ebabf78dc9b51cb5ff9408be
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 20152 a81e9b7db0c15603bac6210207b09b6c
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 83248 e2c8b60375307c2aad8ab27f72498561
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_mipsel.deb
Size/MD5 checksum: 48822 95a0795df1d65d250ff9c9592114c71d

PowerPC architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 1998458 31062fa45fe2301a7d3ad9d6f0f26bd4
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 775322 3917f645b81febfa0b945d936a326c10
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 16992 190c42311e3ac49edbafd6d716239086
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 20692 65fda13391da2bb6ac5cc0d5c5240254
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 84894 90ede0567beaf59e73f8ba7d1576bd67
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_powerpc.deb
Size/MD5 checksum: 50218 0448a5f92d10b9170e2a28e29ceb5f91

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_s390.deb
Size/MD5 checksum: 1940432 f970a892475237f0f8a1cb23774009d9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_s390.deb
Size/MD5 checksum: 692566 034e05df689e471713732f8ffec64baf
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_s390.deb
Size/MD5 checksum: 17234 2dc518f352a8750405caf5381998e51a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_s390.deb
Size/MD5 checksum: 20474 17c7bf9dd87d040fc843420fcd21d10a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_s390.deb
Size/MD5 checksum: 85278 903c1d5a078c215b7518c635e28eb743
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_s390.deb
Size/MD5 checksum: 49756 786da3d0572811f2b113c2f7a7a82b2a

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 2036844 5afa6fef3493a74ebfb5b62940e54549
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 738110 512c476def1ccd06acf18d71cc79d3ac
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 19980 eb2c3f81a9161de148d0d3b78ffac1b9
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 19632 3900b210f66c620462aa8e6000b070a4
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 84110 5ad581c3e6cde9f851e7cd54b530068b
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.5_sparc.deb
Size/MD5 checksum: 49476 7d9584eb01d6793667d2b19cc47727ce


These files will probably be moved into the stable distribution on its next update.


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_458_2_new_python22_packages_really_fix_buffer_overflow.html)