[Security Announce] [ MDKSA-2006:181 ] - Updated python packages fix vulnerability
Posted on: 10/11/2006 01:20 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:181
http://www.mandriva.com/security/
_______________________________________________________________________

Package : python
Date : October 10, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A vulnerability in python's repr() function was discovered by Benjamin
C. Wiley Sittler. It was found that the function did not properly
handle UTF-32/UCS-4 strings, so an application that used repr() on
certin untrusted data could possibly be exploited to execute arbitrary
code with the privileges of the user running the python application.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
a9eb2b13c925cc7e81dd1ba574d8c4c3 2006.0/i586/libpython2.4-2.4.1-5.1.20060mdk.i586.rpm
15c9eead6fd85533159526eed7a6b17e 2006.0/i586/libpython2.4-devel-2.4.1-5.1.20060mdk.i586.rpm
c9fc746fac4125d21b7651043573e4b7 2006.0/i586/python-2.4.1-5.1.20060mdk.i586.rpm
92c82f611c1ef25ea32dcd08104773af 2006.0/i586/python-base-2.4.1-5.1.20060mdk.i586.rpm
016687d3639c92954d181a05b0624359 2006.0/i586/python-docs-2.4.1-5.1.20060mdk.i586.rpm
1d6e5e8f6ce12a7c6e210ab9456f479f 2006.0/i586/tkinter-2.4.1-5.1.20060mdk.i586.rpm
0a76a89bc5835828c8219673cbd0b435 2006.0/SRPMS/python-2.4.1-5.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
3bbf6ed37ce7c4e7529f5fc9d17b7291 2006.0/x86_64/lib64python2.4-2.4.1-5.1.20060mdk.x86_64.rpm
5de894eeb7ec4973bebc25bb1f72d814 2006.0/x86_64/lib64python2.4-devel-2.4.1-5.1.20060mdk.x86_64.rpm
4db5d1a3e39c3f40c4e5050dba3d918a 2006.0/x86_64/python-2.4.1-5.1.20060mdk.x86_64.rpm
4a5a6952e53ab7db8fe5c9471aeae89a 2006.0/x86_64/python-base-2.4.1-5.1.20060mdk.x86_64.rpm
1465a11b9501586f7d9973a2f95fb0cc 2006.0/x86_64/python-docs-2.4.1-5.1.20060mdk.x86_64.rpm
3ff58332759b527310ed3366bad87f04 2006.0/x86_64/tkinter-2.4.1-5.1.20060mdk.x86_64.rpm
0a76a89bc5835828c8219673cbd0b435 2006.0/SRPMS/python-2.4.1-5.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
44c48f7600b0f089117a96e5f4357a0c 2007.0/i586/libpython2.4-2.4.3-3.1mdv2007.0.i586.rpm
a6c07dd5029afd05daf0b5d427f5cef5 2007.0/i586/libpython2.4-devel-2.4.3-3.1mdv2007.0.i586.rpm
4244b1bbd76123e60f19c75764b00e98 2007.0/i586/python-2.4.3-3.1mdv2007.0.i586.rpm
0b694e436e0cd6628d7369f41ffa3fd9 2007.0/i586/python-base-2.4.3-3.1mdv2007.0.i586.rpm
829c1d6b7eb792bcbd3f7ecbe3f972d5 2007.0/i586/python-docs-2.4.3-3.1mdv2007.0.i586.rpm
48bff204449435e63e9cb24da3f77628 2007.0/i586/tkinter-2.4.3-3.1mdv2007.0.i586.rpm
dea3c153d446fb676f7af3ca5c369db3 2007.0/SRPMS/python-2.4.3-3.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
3d068b19380f7fc08adb905186d8ef59 2007.0/x86_64/lib64python2.4-2.4.3-3.1mdv2007.0.x86_64.rpm
9399b2fbd78929a705d5d8fdeaf660f0 2007.0/x86_64/lib64python2.4-devel-2.4.3-3.1mdv2007.0.x86_64.rpm
c06b2b6d69781cfd9bd9cb9fae3f8f7f 2007.0/x86_64/python-2.4.3-3.1mdv2007.0.x86_64.rpm
a7a7ea9f8a6d49f928af411baa3e4087 2007.0/x86_64/python-base-2.4.3-3.1mdv2007.0.x86_64.rpm
4433860f8f42cab135453a2e8eac3f46 2007.0/x86_64/python-docs-2.4.3-3.1mdv2007.0.x86_64.rpm
d5d22b53dc48a4150c6d1285f4bb6f33 2007.0/x86_64/tkinter-2.4.3-3.1mdv2007.0.x86_64.rpm
dea3c153d446fb676f7af3ca5c369db3 2007.0/SRPMS/python-2.4.3-3.1mdv2007.0.src.rpm

Corporate 3.0:
5a2c39e43f59a0e808fdfcec11a843eb corporate/3.0/i586/libpython2.3-2.3.3-2.3.C30mdk.i586.rpm
675afdbb8b04974243da9ba7879d901e corporate/3.0/i586/libpython2.3-devel-2.3.3-2.3.C30mdk.i586.rpm
e858609c19e443be487eb1d43f874e10 corporate/3.0/i586/python-2.3.3-2.3.C30mdk.i586.rpm
2836f6544001bfea5d14e8a83c2711fc corporate/3.0/i586/python-base-2.3.3-2.3.C30mdk.i586.rpm
de9492862633cf0ca0408c536c618a19 corporate/3.0/i586/python-docs-2.3.3-2.3.C30mdk.i586.rpm
91e09f9a6d27c0632994bf89a8fb4822 corporate/3.0/i586/tkinter-2.3.3-2.3.C30mdk.i586.rpm
39b14fc06738e67295a8e1c5e50e3006 corporate/3.0/SRPMS/python-2.3.3-2.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
604a86031285aa8476f791f4467fda00 corporate/3.0/x86_64/lib64python2.3-2.3.3-2.3.C30mdk.x86_64.rpm
6cd54d8501656d40c61e2871b3a9e912 corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.3.C30mdk.x86_64.rpm
a44195d776e49f8a9b509b5012a64071 corporate/3.0/x86_64/python-2.3.3-2.3.C30mdk.x86_64.rpm
d5833670de0bdad6f6e475c8c7c94340 corporate/3.0/x86_64/python-base-2.3.3-2.3.C30mdk.x86_64.rpm
f4abca5edfaa50d55f6f728d667affd1 corporate/3.0/x86_64/python-docs-2.3.3-2.3.C30mdk.x86_64.rpm
9a26abb38c938537832cdd272d02c178 corporate/3.0/x86_64/tkinter-2.3.3-2.3.C30mdk.x86_64.rpm
39b14fc06738e67295a8e1c5e50e3006 corporate/3.0/SRPMS/python-2.3.3-2.3.C30mdk.src.rpm

Corporate 4.0:
cfe0f9797465852f67e2d478949d302e corporate/4.0/i586/libpython2.4-2.4.1-5.1.20060mlcs4.i586.rpm
c14e242aa3ea60dfd6c7ba0524a98d11 corporate/4.0/i586/libpython2.4-devel-2.4.1-5.1.20060mlcs4.i586.rpm
542595eed49d7a9abf4891f3643ced62 corporate/4.0/i586/python-2.4.1-5.1.20060mlcs4.i586.rpm
67fdcb87b005d001c04d678416c543a9 corporate/4.0/i586/python-base-2.4.1-5.1.20060mlcs4.i586.rpm
818e3c1c31594c11a1ae6d93896f4800 corporate/4.0/i586/python-docs-2.4.1-5.1.20060mlcs4.i586.rpm
f900fb338b7f134ac22dfee88c0fe886 corporate/4.0/i586/tkinter-2.4.1-5.1.20060mlcs4.i586.rpm
7b2b6581795c3df4c2f1ee84323599b7 corporate/4.0/SRPMS/python-2.4.1-5.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
9035ef7c55d505b760a793f35bd5a1b9 corporate/4.0/x86_64/lib64python2.4-2.4.1-5.1.20060mlcs4.x86_64.rpm
1e911935ec4cb22679936deafcef042a corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.1.20060mlcs4.x86_64.rpm
1ed352a1529a6776574888b5d8c92767 corporate/4.0/x86_64/python-2.4.1-5.1.20060mlcs4.x86_64.rpm
c1cd58bb170bea659c1473597390a467 corporate/4.0/x86_64/python-base-2.4.1-5.1.20060mlcs4.x86_64.rpm
cc941f3e8b7f8bfe90350202fdfde139 corporate/4.0/x86_64/python-docs-2.4.1-5.1.20060mlcs4.x86_64.rpm
70a8606fa34b86d046a1c2276d46dc30 corporate/4.0/x86_64/tkinter-2.4.1-5.1.20060mlcs4.x86_64.rpm
7b2b6581795c3df4c2f1ee84323599b7 corporate/4.0/SRPMS/python-2.4.1-5.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
0cd4a9b86999ad5685b4e44ecaad9ed3 mnf/2.0/i586/libpython2.3-2.3.3-2.3.M20mdk.i586.rpm
c5e4c526e8b32dd61d8153ceaf9be7bf mnf/2.0/i586/libpython2.3-devel-2.3.3-2.3.M20mdk.i586.rpm
97943f39f6ffcb1fd9707a8027b1c23f mnf/2.0/i586/python-2.3.3-2.3.M20mdk.i586.rpm
974ac1a02271c5e59daf4f978d9d14a1 mnf/2.0/i586/python-base-2.3.3-2.3.M20mdk.i586.rpm
fb2f664290a9af406af50f2114e7d33c mnf/2.0/i586/python-docs-2.3.3-2.3.M20mdk.i586.rpm
5820e40a69985f5d9a7da3c639244c21 mnf/2.0/i586/tkinter-2.3.3-2.3.M20mdk.i586.rpm
d4f5afc158538b5424a000ca984aa695 mnf/2.0/SRPMS/python-2.3.3-2.3.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFK+2amqjQ0CJFipgRAjfkAJ9N9WfboDZylSZxAdhxfmfAX6eT8gCgp+Pg
stTAuAjDA3wdTnpp6xQqTFU=
=YVZd
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006181__updated_python_packages_fix_vulnerability.html)