[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-07.xml - gentoo-commits

From:	"Pierre-Yves Rofes (py)" <py@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-07.xml
Date:	Wed, 07 Nov 2007 19:36:05
Message-Id:	`E1Ipqgw-0003Ko-1f@stork.gentoo.org`

1

py          07/11/07 19:35:58

2

3

  Added:                glsa-200711-07.xml

4

  Log:

5

  GLSA 200711-07

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-200711-07.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-07.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-07.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-200711-07.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="200711-07">

21

  <title>Python: User-assisted execution of arbitrary code</title>

22

  <synopsis>

23

    Multiple integer overflow vulnerabilities have been discovered in Python,

24

    possibly resulting in the execution of arbitrary code or a Denial of

25

    Service.

26

  </synopsis>

27

  <product type="ebuild">python</product>

28

  <announced>November 07, 2007</announced>

29

  <revised>November 07, 2007: 01</revised>

30

  <bug>192876</bug>

31

  <access>remote</access>

32

  <affected>

33

    <package name="dev-lang/python" auto="yes" arch="*">

34

      <unaffected range="rge">2.3.6-r3</unaffected>

35

      <unaffected range="ge">2.4.4-r6</unaffected>

36

      <vulnerable range="lt">2.4.4-r6</vulnerable>

37

    </package>

38

  </affected>

39

  <background>

40

<p>

41

    Python is an interpreted, interactive, object-oriented programming

42

    language.

43

    </p>

44

  </background>

45

  <description>

46

<p>

47

    Slythers Bro discovered multiple integer overflows in the imageop

48

    module, one of them in the tovideo() method, in various locations in

49

    files imageop.c, rbgimgmodule.c, and also in other files.

50

    </p>

51

  </description>

52

  <impact type="normal">

53

<p>

54

    A remote attacker could entice a user to process specially crafted

55

    images with an application using the Python imageop module, resulting

56

    in the execution of arbitrary code with the privileges of the user

57

    running the application, or a Denial of Service. Note that this

58

    vulnerability may or may not be exploitable, depending on the

59

    application using the module.

60

    </p>

61

  </impact>

62

  <workaround>

63

<p>

64

    There is no known workaround at this time.

65

    </p>

66

  </workaround>

67

  <resolution>

68

<p>

69

    All Python 2.3.x users should upgrade to the latest version:

70

    </p>

71

    <code>

72

    # emerge --sync

73

    # emerge --ask --oneshot --verbose &quot;&gt;=dev-lang/python-2.3.6-r3&quot;</code>

74

<p>

75

    All Python 2.4.x users should upgrade to the latest version:

76

    </p>

77

    <code>

78

    # emerge --sync

79

    # emerge --ask --oneshot --verbose &quot;&gt;=dev-lang/python-2.4.4-r6&quot;</code>

80

  </resolution>

81

  <references>

82

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965">CVE-2007-4965</uri>

83

  </references>

84

  <metadata tag="requester" timestamp="Sat, 27 Oct 2007 13:38:30 +0000">

85

rbu

86

  </metadata>

87

  <metadata tag="submitter" timestamp="Thu, 01 Nov 2007 20:41:20 +0000">

88

p-y

89

  </metadata>

90

  <metadata tag="bugReady" timestamp="Thu, 01 Nov 2007 20:41:27 +0000">

91

p-y

92

  </metadata>

93

</glsa>

--

98

gentoo-commits@g.o mailing list

1	py 07/11/07 19:35:58
2
3	Added: glsa-200711-07.xml
4	Log:
5	GLSA 200711-07
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-200711-07.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-07.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200711-07.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-200711-07.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="200711-07">
21	<title>Python: User-assisted execution of arbitrary code</title>
22	<synopsis>
23	Multiple integer overflow vulnerabilities have been discovered in Python,
24	possibly resulting in the execution of arbitrary code or a Denial of
25	Service.
26	</synopsis>
27	<product type="ebuild">python</product>
28	<announced>November 07, 2007</announced>
29	<revised>November 07, 2007: 01</revised>
30	<bug>192876</bug>
31	<access>remote</access>
32	<affected>
33	<package name="dev-lang/python" auto="yes" arch="*">
34	<unaffected range="rge">2.3.6-r3</unaffected>
35	<unaffected range="ge">2.4.4-r6</unaffected>
36	<vulnerable range="lt">2.4.4-r6</vulnerable>
37	</package>
38	</affected>
39	<background>
40	<p>
41	Python is an interpreted, interactive, object-oriented programming
42	language.
43	</p>
44	</background>
45	<description>
46	<p>
47	Slythers Bro discovered multiple integer overflows in the imageop
48	module, one of them in the tovideo() method, in various locations in
49	files imageop.c, rbgimgmodule.c, and also in other files.
50	</p>
51	</description>
52	<impact type="normal">
53	<p>
54	A remote attacker could entice a user to process specially crafted
55	images with an application using the Python imageop module, resulting
56	in the execution of arbitrary code with the privileges of the user
57	running the application, or a Denial of Service. Note that this
58	vulnerability may or may not be exploitable, depending on the
59	application using the module.
60	</p>
61	</impact>
62	<workaround>
63	<p>
64	There is no known workaround at this time.
65	</p>
66	</workaround>
67	<resolution>
68	<p>
69	All Python 2.3.x users should upgrade to the latest version:
70	</p>
71	<code>
72	# emerge --sync
73	# emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r3"</code>
74	<p>
75	All Python 2.4.x users should upgrade to the latest version:
76	</p>
77	<code>
78	# emerge --sync
79	# emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r6"</code>
80	</resolution>
81	<references>
82	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965">CVE-2007-4965</uri>
83	</references>
84	<metadata tag="requester" timestamp="Sat, 27 Oct 2007 13:38:30 +0000">
85	rbu
86	</metadata>
87	<metadata tag="submitter" timestamp="Thu, 01 Nov 2007 20:41:20 +0000">
88	p-y
89	</metadata>
90	<metadata tag="bugReady" timestamp="Thu, 01 Nov 2007 20:41:27 +0000">
91	p-y
92	</metadata>
93	</glsa>
94
95
96
97	--
98	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits