-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:099 http://www.mandriva.com/security/ _______________________________________________________________________ Package : python Date : May 8, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: An off-by-one error was discovered in the PyLocale_strxfrm function in Python 2.4 and 2.5 that could allow context-dependent attackers the ability to read portions of memory via special manipulations that trigger a buffer over-read due to missing null termination. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: fe74992a7b6f6e6831ad12a4ddf1efab 2007.0/i586/libpython2.4-2.4.3-3.2mdv2007.0.i586.rpm 486ad94946de0c154806149e32fc5377 2007.0/i586/libpython2.4-devel-2.4.3-3.2mdv2007.0.i586.rpm 06da4fbb8161ad8d2d041a765c9bd3a4 2007.0/i586/python-2.4.3-3.2mdv2007.0.i586.rpm e2b9a0e926a031064c679f96ab56a549 2007.0/i586/python-base-2.4.3-3.2mdv2007.0.i586.rpm 69662a908b2b58e7566775e33c0f7c04 2007.0/i586/python-docs-2.4.3-3.2mdv2007.0.i586.rpm 05e7ec9f4c6e8ac87300bcaad74e88c7 2007.0/i586/tkinter-2.4.3-3.2mdv2007.0.i586.rpm 2e8ead2656b638871f73330c544a5359 2007.0/SRPMS/python-2.4.3-3.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 512d998bab61c40a8258ad88fc5ba01e 2007.0/x86_64/lib64python2.4-2.4.3-3.2mdv2007.0.x86_64.rpm a3c06fa92f8f122591e71af4c1560a2f 2007.0/x86_64/lib64python2.4-devel-2.4.3-3.2mdv2007.0.x86_64.rpm a8a6809b466a84f0b9a3b54f118b4cc4 2007.0/x86_64/python-2.4.3-3.2mdv2007.0.x86_64.rpm 66a8d0ec2bcf38269f9e8b7680834ed8 2007.0/x86_64/python-base-2.4.3-3.2mdv2007.0.x86_64.rpm 1008036e8043cc5a6a16692f727962b1 2007.0/x86_64/python-docs-2.4.3-3.2mdv2007.0.x86_64.rpm 64f804575b72200ce7a0e63bbe48a603 2007.0/x86_64/tkinter-2.4.3-3.2mdv2007.0.x86_64.rpm 2e8ead2656b638871f73330c544a5359 2007.0/SRPMS/python-2.4.3-3.2mdv2007.0.src.rpm Mandriva Linux 2007.1: 48e57e010f2c6d4bc40e8ab694f36227 2007.1/i586/libpython2.5-2.5-4.1mdv2007.1.i586.rpm e349b0a6060e9a884b635cdc5eea1aa1 2007.1/i586/libpython2.5-devel-2.5-4.1mdv2007.1.i586.rpm 7d4a063c40b0974328294c6c38a49301 2007.1/i586/python-2.5-4.1mdv2007.1.i586.rpm 7731c37d3e20151bd5e3558a151027de 2007.1/i586/python-base-2.5-4.1mdv2007.1.i586.rpm 8bf51da0f03fd148480bbf0a06498aac 2007.1/i586/python-docs-2.5-4.1mdv2007.1.i586.rpm 7314c9500b0e494f3d8cd3204f1fbb0e 2007.1/i586/tkinter-2.5-4.1mdv2007.1.i586.rpm 9aee44decebb69373673aa4b31f2bfef 2007.1/SRPMS/python-2.5-4.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 37f375c1ceef5fe9182a2e293dd35cc2 2007.1/x86_64/lib64python2.5-2.5-4.1mdv2007.1.x86_64.rpm 864eb9b480c4961252f8c1ee954a088e 2007.1/x86_64/lib64python2.5-devel-2.5-4.1mdv2007.1.x86_64.rpm c01eaebf2839c29f14b9c1a24897a47e 2007.1/x86_64/python-2.5-4.1mdv2007.1.x86_64.rpm 00fdd58a1aaf31c3745e2a62bd4cf67d 2007.1/x86_64/python-base-2.5-4.1mdv2007.1.x86_64.rpm 1d6f01a7176b1a7f0f93decc61767b70 2007.1/x86_64/python-docs-2.5-4.1mdv2007.1.x86_64.rpm c32da2ed04805eac862afc9f6ba82779 2007.1/x86_64/tkinter-2.5-4.1mdv2007.1.x86_64.rpm 9aee44decebb69373673aa4b31f2bfef 2007.1/SRPMS/python-2.5-4.1mdv2007.1.src.rpm Corporate 3.0: 22141898464fda308a2f91516e1426cb corporate/3.0/i586/libpython2.3-2.3.3-2.4.C30mdk.i586.rpm 0f112257db4e383b87e0d9a30ea44d3f corporate/3.0/i586/libpython2.3-devel-2.3.3-2.4.C30mdk.i586.rpm c13b11f924c8586b7a9a113597094d26 corporate/3.0/i586/python-2.3.3-2.4.C30mdk.i586.rpm 74bb3c949621a653976fae5fe3d3a479 corporate/3.0/i586/python-base-2.3.3-2.4.C30mdk.i586.rpm 121571a9f17d42f84489fa5f59f92d15 corporate/3.0/i586/python-docs-2.3.3-2.4.C30mdk.i586.rpm 2a4bb4733f6b08ab310cdfe709222c57 corporate/3.0/i586/tkinter-2.3.3-2.4.C30mdk.i586.rpm 410c1764fce544f9d6928b4277d4eb0a corporate/3.0/SRPMS/python-2.3.3-2.4.C30mdk.src.rpm Corporate 3.0/X86_64: 0bacb2fc09a53bd79b3ca5a7e1466293 corporate/3.0/x86_64/lib64python2.3-2.3.3-2.4.C30mdk.x86_64.rpm 7b16e0f0487b3f2b8df9d5466235d762 corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.4.C30mdk.x86_64.rpm 788307fb0fc1210e21f5101d833c7e06 corporate/3.0/x86_64/python-2.3.3-2.4.C30mdk.x86_64.rpm 22876f4caaba1b887a6f91fc42e7dc82 corporate/3.0/x86_64/python-base-2.3.3-2.4.C30mdk.x86_64.rpm 241da835482fc4d3662760f54c3ee60b corporate/3.0/x86_64/python-docs-2.3.3-2.4.C30mdk.x86_64.rpm 5494ce601d236eeba65cae815dfff20d corporate/3.0/x86_64/tkinter-2.3.3-2.4.C30mdk.x86_64.rpm 410c1764fce544f9d6928b4277d4eb0a corporate/3.0/SRPMS/python-2.3.3-2.4.C30mdk.src.rpm Corporate 4.0: 6a896ef81fbf3575160141f4957bc562 corporate/4.0/i586/libpython2.4-2.4.1-5.2.20060mlcs4.i586.rpm 77fcfe6d35783de11d215c756655967d corporate/4.0/i586/libpython2.4-devel-2.4.1-5.2.20060mlcs4.i586.rpm 670254207d969b1ea7941d3af74a92f3 corporate/4.0/i586/python-2.4.1-5.2.20060mlcs4.i586.rpm 7a3d1475a93f18cc39e6d40d6b11ed00 corporate/4.0/i586/python-base-2.4.1-5.2.20060mlcs4.i586.rpm 9b1a19d23ef58cf8bac99777d32a81e4 corporate/4.0/i586/python-docs-2.4.1-5.2.20060mlcs4.i586.rpm 8cac9fb2582c7829c5dc0f63e850de79 corporate/4.0/i586/tkinter-2.4.1-5.2.20060mlcs4.i586.rpm c93d08d3be64f3296a6002dd18162bf7 corporate/4.0/SRPMS/python-2.4.1-5.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 12e5b0f59a6b5f13d94cabd7daa72398 corporate/4.0/x86_64/lib64python2.4-2.4.1-5.2.20060mlcs4.x86_64.rpm 1c16599348b73153c9085d15b6242ed5 corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.2.20060mlcs4.x86_64.rpm 182624751d942ffcc4707d54828d8be0 corporate/4.0/x86_64/python-2.4.1-5.2.20060mlcs4.x86_64.rpm 5c8f306b3d864db59e3e5ea4bf9cb762 corporate/4.0/x86_64/python-base-2.4.1-5.2.20060mlcs4.x86_64.rpm 6211da765373858436fe62a318aa1666 corporate/4.0/x86_64/python-docs-2.4.1-5.2.20060mlcs4.x86_64.rpm 805952c88f6b51596be704f7d68a401b corporate/4.0/x86_64/tkinter-2.4.1-5.2.20060mlcs4.x86_64.rpm c93d08d3be64f3296a6002dd18162bf7 corporate/4.0/SRPMS/python-2.4.1-5.2.20060mlcs4.src.rpm Multi Network Firewall 2.0: 2d3ec003329f84d36fd6cf64c3e3ccc5 mnf/2.0/i586/libpython2.3-2.3.3-2.4.M20mdk.i586.rpm 116908107bda1a9940ccc34e0f34cd19 mnf/2.0/i586/libpython2.3-devel-2.3.3-2.4.M20mdk.i586.rpm f94e5be67c898f21384411738f3bfe13 mnf/2.0/i586/python-2.3.3-2.4.M20mdk.i586.rpm 0647fb2e63071375d64e5eb964f1a22c mnf/2.0/i586/python-base-2.3.3-2.4.M20mdk.i586.rpm cb6386daf24ae543ba84b774971676e0 mnf/2.0/i586/python-docs-2.3.3-2.4.M20mdk.i586.rpm 70775ea2a5c73577a015c80179b694d0 mnf/2.0/i586/tkinter-2.3.3-2.4.M20mdk.i586.rpm 7dedeefe7a1d7a1ff337bb8a5927960f mnf/2.0/SRPMS/python-2.3.3-2.4.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGQN+BmqjQ0CJFipgRArIbAKCLNrYWFLCeZJXc70zI0UtYNowbawCfSAzT 53lNoS58O0jjxWqTHqmbzjA= =tPEF -----END PGP SIGNATURE-----