[gentoo-announce] [ GLSA 200807-01 ] Python: Multiple integer overflows - gentoo-announce

From:	Tobias Heinlein <keytoaster@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200807-01 ] Python: Multiple integer overflows
Date:	Tue, 01 Jul 2008 11:55:44
Message-Id:	`486A1A4F.1080404@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200807-01

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Python: Multiple integer overflows

9

      Date: July 01, 2008

10

      Bugs: #216673, #217221

11

        ID: 200807-01

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple integer overflows may allow for Denial of Service.

19

20

Background

21

==========

22

23

Python is an interpreted, interactive, object-oriented programming

24

language.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package          /   Vulnerable   /                    Unaffected

31

    -------------------------------------------------------------------

32

  1  dev-lang/python      < 2.4.4-r13                     *>= 2.3.6-r6

33

                                                          >= 2.4.4-r13

34

35

Description

36

===========

37

38

Multiple vulnerabilities were discovered in Python:

39

40

* David Remahl reported multiple integer overflows in the file

41

  imageop.c, leading to a heap-based buffer overflow (CVE-2008-1679).

42

  This issue is due to an incomplete fix for CVE-2007-4965.

43

44

* Justin Ferguson discovered that an integer signedness error in the

45

  zlib extension module might trigger insufficient memory allocation

46

  and a buffer overflow via a negative signed integer (CVE-2008-1721).

47

48

* Justin Ferguson discovered that insufficient input validation in

49

  the PyString_FromStringAndSize() function might lead to a buffer

50

  overflow (CVE-2008-1887).

51

52

Impact

53

======

54

55

A remote attacker could exploit these vulnerabilities to cause a Denial

56

of Service or possibly the remote execution of arbitrary code with the

57

privileges of the user running Python.

58

59

Workaround

60

==========

61

62

There is no known workaround at this time.

63

64

Resolution

65

==========

66

67

The imageop module is no longer built in the unaffected versions.

68

69

All Python 2.3 users should upgrade to the latest version:

70

71

    # emerge --sync

72

    # emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r6"

73

74

All Python 2.4 users should upgrade to the latest version:

75

76

    # emerge --sync

77

    # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r13"

78

79

References

80

==========

81

82

  [ 1 ] CVE-2008-1679

83

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679

84

  [ 2 ] CVE-2008-1721

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721

86

  [ 3 ] CVE-2008-1887

87

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887

88

89

Availability

90

============

91

92

This GLSA and any updates to it are available for viewing at

93

the Gentoo Security Website:

94

95

  http://security.gentoo.org/glsa/glsa-200807-01.xml

96

97

Concerns?

98

=========

99

100

Security is a primary focus of Gentoo Linux and ensuring the

101

confidentiality and security of our users machines is of utmost

102

importance to us. Any security concerns should be addressed to

103

security@g.o or alternatively, you may file a bug at

104

http://bugs.gentoo.org.

105

106

License

107

=======

108

109

Copyright 2008 Gentoo Foundation, Inc; referenced text

110

belongs to its owner(s).

111

112

The contents of this document are licensed under the

113

Creative Commons - Attribution / Share Alike license.

114

115

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200807-01
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Python: Multiple integer overflows
9	Date: July 01, 2008
10	Bugs: #216673, #217221
11	ID: 200807-01
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple integer overflows may allow for Denial of Service.
19
20	Background
21	==========
22
23	Python is an interpreted, interactive, object-oriented programming
24	language.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 dev-lang/python < 2.4.4-r13 *>= 2.3.6-r6
33	>= 2.4.4-r13
34
35	Description
36	===========
37
38	Multiple vulnerabilities were discovered in Python:
39
40	* David Remahl reported multiple integer overflows in the file
41	imageop.c, leading to a heap-based buffer overflow (CVE-2008-1679).
42	This issue is due to an incomplete fix for CVE-2007-4965.
43
44	* Justin Ferguson discovered that an integer signedness error in the
45	zlib extension module might trigger insufficient memory allocation
46	and a buffer overflow via a negative signed integer (CVE-2008-1721).
47
48	* Justin Ferguson discovered that insufficient input validation in
49	the PyString_FromStringAndSize() function might lead to a buffer
50	overflow (CVE-2008-1887).
51
52	Impact
53	======
54
55	A remote attacker could exploit these vulnerabilities to cause a Denial
56	of Service or possibly the remote execution of arbitrary code with the
57	privileges of the user running Python.
58
59	Workaround
60	==========
61
62	There is no known workaround at this time.
63
64	Resolution
65	==========
66
67	The imageop module is no longer built in the unaffected versions.
68
69	All Python 2.3 users should upgrade to the latest version:
70
71	# emerge --sync
72	# emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r6"
73
74	All Python 2.4 users should upgrade to the latest version:
75
76	# emerge --sync
77	# emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r13"
78
79	References
80	==========
81
82	[ 1 ] CVE-2008-1679
83	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
84	[ 2 ] CVE-2008-1721
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
86	[ 3 ] CVE-2008-1887
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887
88
89	Availability
90	============
91
92	This GLSA and any updates to it are available for viewing at
93	the Gentoo Security Website:
94
95	http://security.gentoo.org/glsa/glsa-200807-01.xml
96
97	Concerns?
98	=========
99
100	Security is a primary focus of Gentoo Linux and ensuring the
101	confidentiality and security of our users machines is of utmost
102	importance to us. Any security concerns should be addressed to
103	security@g.o or alternatively, you may file a bug at
104	http://bugs.gentoo.org.
105
106	License
107	=======
108
109	Copyright 2008 Gentoo Foundation, Inc; referenced text
110	belongs to its owner(s).
111
112	The contents of this document are licensed under the
113	Creative Commons - Attribution / Share Alike license.
114
115	http://creativecommons.org/licenses/by-sa/2.5