-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:013 http://www.mandriva.com/security/ _______________________________________________________________________ Package : python Date : January 14, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 2aa2d395f88ba6a4d59c9768d838bbc9 2007.0/i586/libpython2.4-2.4.3-3.3mdv2007.0.i586.rpm 42e7a809d98b494c397b02536f563e3f 2007.0/i586/libpython2.4-devel-2.4.3-3.3mdv2007.0.i586.rpm 8047a106fcacb1a389fc62a4c0a1ffe1 2007.0/i586/python-2.4.3-3.3mdv2007.0.i586.rpm 5fc7ec936e59f3dbaf4195e68838c260 2007.0/i586/python-base-2.4.3-3.3mdv2007.0.i586.rpm 3f08259502861bfd057c9a675824eed1 2007.0/i586/python-docs-2.4.3-3.3mdv2007.0.i586.rpm 295ec06fd92677faa81958b3dc15673f 2007.0/i586/tkinter-2.4.3-3.3mdv2007.0.i586.rpm 3f4dcfcafa39b91533d2a6995d57900b 2007.0/SRPMS/python-2.4.3-3.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: caaa07f3f09cfcea0bd1e8973799ffef 2007.0/x86_64/lib64python2.4-2.4.3-3.3mdv2007.0.x86_64.rpm 969e366d80532376e1eea4679b0ac0fb 2007.0/x86_64/lib64python2.4-devel-2.4.3-3.3mdv2007.0.x86_64.rpm df60e3b77cc2e0653781fba0d2dd0b55 2007.0/x86_64/python-2.4.3-3.3mdv2007.0.x86_64.rpm e23dadbd0a78fe5a3ed85d5cc1aec10b 2007.0/x86_64/python-base-2.4.3-3.3mdv2007.0.x86_64.rpm 19b0ae3d1ab4fe68ea3ffbe43c3b0942 2007.0/x86_64/python-docs-2.4.3-3.3mdv2007.0.x86_64.rpm 9daa7753a70117f94e478357824ee274 2007.0/x86_64/tkinter-2.4.3-3.3mdv2007.0.x86_64.rpm 3f4dcfcafa39b91533d2a6995d57900b 2007.0/SRPMS/python-2.4.3-3.3mdv2007.0.src.rpm Mandriva Linux 2007.1: 83789918b32161771fc31de1c0276abc 2007.1/i586/libpython2.5-2.5-4.2mdv2007.1.i586.rpm fb805a3c75630617183bddd8b1876317 2007.1/i586/libpython2.5-devel-2.5-4.2mdv2007.1.i586.rpm e33c7874ed3d6d567f581c5698925ec8 2007.1/i586/python-2.5-4.2mdv2007.1.i586.rpm 0397f12fdddf81747abdee00035aa652 2007.1/i586/python-base-2.5-4.2mdv2007.1.i586.rpm 9afc73871e8e9aac908728f2895fad17 2007.1/i586/python-docs-2.5-4.2mdv2007.1.i586.rpm 36dbd270e4ce9d14a4cf00cb82218721 2007.1/i586/tkinter-2.5-4.2mdv2007.1.i586.rpm e87524f2a4ba782fb8dc1616d52a5210 2007.1/SRPMS/python-2.5-4.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: a4e9f1cac6e2f4bb101ec44993787e8a 2007.1/x86_64/lib64python2.5-2.5-4.2mdv2007.1.x86_64.rpm d36b5ee8b915aeb0aeacfb31c72b0d5b 2007.1/x86_64/lib64python2.5-devel-2.5-4.2mdv2007.1.x86_64.rpm 11c9d94ace60556d0742b7df15f26e20 2007.1/x86_64/python-2.5-4.2mdv2007.1.x86_64.rpm 5733c0d34ad9d474f09d72e081e8abb5 2007.1/x86_64/python-base-2.5-4.2mdv2007.1.x86_64.rpm c111909ca5e251969157d0846aaddab5 2007.1/x86_64/python-docs-2.5-4.2mdv2007.1.x86_64.rpm d0ebc98fb24040adada7f5a1cb0786da 2007.1/x86_64/tkinter-2.5-4.2mdv2007.1.x86_64.rpm e87524f2a4ba782fb8dc1616d52a5210 2007.1/SRPMS/python-2.5-4.2mdv2007.1.src.rpm Mandriva Linux 2008.0: 402de17d03c279d7473dc00bfb30fa29 2008.0/i586/libpython2.5-2.5.1-5.1mdv2008.0.i586.rpm 460006b33d6d8d221119e757d0e53997 2008.0/i586/libpython2.5-devel-2.5.1-5.1mdv2008.0.i586.rpm 006d53e8c4c5344f3333a5e88a8e5353 2008.0/i586/python-2.5.1-5.1mdv2008.0.i586.rpm 6f688cfe64f97febd7b4b1fde1444a4e 2008.0/i586/python-base-2.5.1-5.1mdv2008.0.i586.rpm 2cfbc489e172026680449de3549e4451 2008.0/i586/python-docs-2.5.1-5.1mdv2008.0.i586.rpm 55dbf574855f61c4cddcf24d86004fef 2008.0/i586/tkinter-2.5.1-5.1mdv2008.0.i586.rpm b0a635daa3bd47a95ea97fa1e28869e4 2008.0/i586/tkinter-apps-2.5.1-5.1mdv2008.0.i586.rpm aa344e978d53a329b717cae3ffaa6a38 2008.0/SRPMS/python-2.5.1-5.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: c759088550b15fe216d9d42d4f205ae3 2008.0/x86_64/lib64python2.5-2.5.1-5.1mdv2008.0.x86_64.rpm c98822c30fff7d1b28f77db91c20e094 2008.0/x86_64/lib64python2.5-devel-2.5.1-5.1mdv2008.0.x86_64.rpm 786551ac171968deba675aac73bd25f9 2008.0/x86_64/python-2.5.1-5.1mdv2008.0.x86_64.rpm ded534c04a11298591276b573cd84fac 2008.0/x86_64/python-base-2.5.1-5.1mdv2008.0.x86_64.rpm 7cdc40b041fab7c0462e7d01accd72e2 2008.0/x86_64/python-docs-2.5.1-5.1mdv2008.0.x86_64.rpm 70ce8cebd5a034e45da35152feb07c4d 2008.0/x86_64/tkinter-2.5.1-5.1mdv2008.0.x86_64.rpm 6bc778f57d71c0206a265e817644395a 2008.0/x86_64/tkinter-apps-2.5.1-5.1mdv2008.0.x86_64.rpm aa344e978d53a329b717cae3ffaa6a38 2008.0/SRPMS/python-2.5.1-5.1mdv2008.0.src.rpm Corporate 4.0: 38717e896327570dbbe5bf52099b45a4 corporate/4.0/i586/libpython2.4-2.4.1-5.3.20060mlcs4.i586.rpm 4584b1a54de62e416aa088d0f5c58aaf corporate/4.0/i586/libpython2.4-devel-2.4.1-5.3.20060mlcs4.i586.rpm c17ae6ab96b00477d4d43f9503dd5586 corporate/4.0/i586/python-2.4.1-5.3.20060mlcs4.i586.rpm f6e5380393fbaab901856846f45cb872 corporate/4.0/i586/python-base-2.4.1-5.3.20060mlcs4.i586.rpm 2e153a8f3d28c7bcdf203429601dd5a3 corporate/4.0/i586/python-docs-2.4.1-5.3.20060mlcs4.i586.rpm c09dbfa148bc49ff700c534e60456249 corporate/4.0/i586/tkinter-2.4.1-5.3.20060mlcs4.i586.rpm ed33c06ab7a6c1235121330dfc7c14ea corporate/4.0/SRPMS/python-2.4.1-5.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: dc60e48b88c515fd370bef76434df88e corporate/4.0/x86_64/lib64python2.4-2.4.1-5.3.20060mlcs4.x86_64.rpm cd4810341e9e49cc2e607a4ae067fd78 corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.3.20060mlcs4.x86_64.rpm d71bbb307d68599831ff0c30d0968cc3 corporate/4.0/x86_64/python-2.4.1-5.3.20060mlcs4.x86_64.rpm 945f1355d6a357b0666512f1fd485f61 corporate/4.0/x86_64/python-base-2.4.1-5.3.20060mlcs4.x86_64.rpm f905de87ed4a5d0dd0239d8896d39243 corporate/4.0/x86_64/python-docs-2.4.1-5.3.20060mlcs4.x86_64.rpm cca9d202eb85b96a1c61c396e125637d corporate/4.0/x86_64/tkinter-2.4.1-5.3.20060mlcs4.x86_64.rpm ed33c06ab7a6c1235121330dfc7c14ea corporate/4.0/SRPMS/python-2.4.1-5.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHi79pmqjQ0CJFipgRAr21AKDvgsQaALmLRxyo52cXu0HQRFOY6gCfSZoU 0Phgk04W2rDdd6KGUy/BtDI= =2oLn -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/