-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:181 http://www.mandriva.com/security/ _______________________________________________________________________ Package : python Date : October 10, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability in python's repr() function was discovered by Benjamin C. Wiley Sittler. It was found that the function did not properly handle UTF-32/UCS-4 strings, so an application that used repr() on certin untrusted data could possibly be exploited to execute arbitrary code with the privileges of the user running the python application. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: a9eb2b13c925cc7e81dd1ba574d8c4c3 2006.0/i586/libpython2.4-2.4.1-5.1.20060mdk.i586.rpm 15c9eead6fd85533159526eed7a6b17e 2006.0/i586/libpython2.4-devel-2.4.1-5.1.20060mdk.i586.rpm c9fc746fac4125d21b7651043573e4b7 2006.0/i586/python-2.4.1-5.1.20060mdk.i586.rpm 92c82f611c1ef25ea32dcd08104773af 2006.0/i586/python-base-2.4.1-5.1.20060mdk.i586.rpm 016687d3639c92954d181a05b0624359 2006.0/i586/python-docs-2.4.1-5.1.20060mdk.i586.rpm 1d6e5e8f6ce12a7c6e210ab9456f479f 2006.0/i586/tkinter-2.4.1-5.1.20060mdk.i586.rpm 0a76a89bc5835828c8219673cbd0b435 2006.0/SRPMS/python-2.4.1-5.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 3bbf6ed37ce7c4e7529f5fc9d17b7291 2006.0/x86_64/lib64python2.4-2.4.1-5.1.20060mdk.x86_64.rpm 5de894eeb7ec4973bebc25bb1f72d814 2006.0/x86_64/lib64python2.4-devel-2.4.1-5.1.20060mdk.x86_64.rpm 4db5d1a3e39c3f40c4e5050dba3d918a 2006.0/x86_64/python-2.4.1-5.1.20060mdk.x86_64.rpm 4a5a6952e53ab7db8fe5c9471aeae89a 2006.0/x86_64/python-base-2.4.1-5.1.20060mdk.x86_64.rpm 1465a11b9501586f7d9973a2f95fb0cc 2006.0/x86_64/python-docs-2.4.1-5.1.20060mdk.x86_64.rpm 3ff58332759b527310ed3366bad87f04 2006.0/x86_64/tkinter-2.4.1-5.1.20060mdk.x86_64.rpm 0a76a89bc5835828c8219673cbd0b435 2006.0/SRPMS/python-2.4.1-5.1.20060mdk.src.rpm Mandriva Linux 2007.0: 44c48f7600b0f089117a96e5f4357a0c 2007.0/i586/libpython2.4-2.4.3-3.1mdv2007.0.i586.rpm a6c07dd5029afd05daf0b5d427f5cef5 2007.0/i586/libpython2.4-devel-2.4.3-3.1mdv2007.0.i586.rpm 4244b1bbd76123e60f19c75764b00e98 2007.0/i586/python-2.4.3-3.1mdv2007.0.i586.rpm 0b694e436e0cd6628d7369f41ffa3fd9 2007.0/i586/python-base-2.4.3-3.1mdv2007.0.i586.rpm 829c1d6b7eb792bcbd3f7ecbe3f972d5 2007.0/i586/python-docs-2.4.3-3.1mdv2007.0.i586.rpm 48bff204449435e63e9cb24da3f77628 2007.0/i586/tkinter-2.4.3-3.1mdv2007.0.i586.rpm dea3c153d446fb676f7af3ca5c369db3 2007.0/SRPMS/python-2.4.3-3.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 3d068b19380f7fc08adb905186d8ef59 2007.0/x86_64/lib64python2.4-2.4.3-3.1mdv2007.0.x86_64.rpm 9399b2fbd78929a705d5d8fdeaf660f0 2007.0/x86_64/lib64python2.4-devel-2.4.3-3.1mdv2007.0.x86_64.rpm c06b2b6d69781cfd9bd9cb9fae3f8f7f 2007.0/x86_64/python-2.4.3-3.1mdv2007.0.x86_64.rpm a7a7ea9f8a6d49f928af411baa3e4087 2007.0/x86_64/python-base-2.4.3-3.1mdv2007.0.x86_64.rpm 4433860f8f42cab135453a2e8eac3f46 2007.0/x86_64/python-docs-2.4.3-3.1mdv2007.0.x86_64.rpm d5d22b53dc48a4150c6d1285f4bb6f33 2007.0/x86_64/tkinter-2.4.3-3.1mdv2007.0.x86_64.rpm dea3c153d446fb676f7af3ca5c369db3 2007.0/SRPMS/python-2.4.3-3.1mdv2007.0.src.rpm Corporate 3.0: 5a2c39e43f59a0e808fdfcec11a843eb corporate/3.0/i586/libpython2.3-2.3.3-2.3.C30mdk.i586.rpm 675afdbb8b04974243da9ba7879d901e corporate/3.0/i586/libpython2.3-devel-2.3.3-2.3.C30mdk.i586.rpm e858609c19e443be487eb1d43f874e10 corporate/3.0/i586/python-2.3.3-2.3.C30mdk.i586.rpm 2836f6544001bfea5d14e8a83c2711fc corporate/3.0/i586/python-base-2.3.3-2.3.C30mdk.i586.rpm de9492862633cf0ca0408c536c618a19 corporate/3.0/i586/python-docs-2.3.3-2.3.C30mdk.i586.rpm 91e09f9a6d27c0632994bf89a8fb4822 corporate/3.0/i586/tkinter-2.3.3-2.3.C30mdk.i586.rpm 39b14fc06738e67295a8e1c5e50e3006 corporate/3.0/SRPMS/python-2.3.3-2.3.C30mdk.src.rpm Corporate 3.0/X86_64: 604a86031285aa8476f791f4467fda00 corporate/3.0/x86_64/lib64python2.3-2.3.3-2.3.C30mdk.x86_64.rpm 6cd54d8501656d40c61e2871b3a9e912 corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.3.C30mdk.x86_64.rpm a44195d776e49f8a9b509b5012a64071 corporate/3.0/x86_64/python-2.3.3-2.3.C30mdk.x86_64.rpm d5833670de0bdad6f6e475c8c7c94340 corporate/3.0/x86_64/python-base-2.3.3-2.3.C30mdk.x86_64.rpm f4abca5edfaa50d55f6f728d667affd1 corporate/3.0/x86_64/python-docs-2.3.3-2.3.C30mdk.x86_64.rpm 9a26abb38c938537832cdd272d02c178 corporate/3.0/x86_64/tkinter-2.3.3-2.3.C30mdk.x86_64.rpm 39b14fc06738e67295a8e1c5e50e3006 corporate/3.0/SRPMS/python-2.3.3-2.3.C30mdk.src.rpm Corporate 4.0: cfe0f9797465852f67e2d478949d302e corporate/4.0/i586/libpython2.4-2.4.1-5.1.20060mlcs4.i586.rpm c14e242aa3ea60dfd6c7ba0524a98d11 corporate/4.0/i586/libpython2.4-devel-2.4.1-5.1.20060mlcs4.i586.rpm 542595eed49d7a9abf4891f3643ced62 corporate/4.0/i586/python-2.4.1-5.1.20060mlcs4.i586.rpm 67fdcb87b005d001c04d678416c543a9 corporate/4.0/i586/python-base-2.4.1-5.1.20060mlcs4.i586.rpm 818e3c1c31594c11a1ae6d93896f4800 corporate/4.0/i586/python-docs-2.4.1-5.1.20060mlcs4.i586.rpm f900fb338b7f134ac22dfee88c0fe886 corporate/4.0/i586/tkinter-2.4.1-5.1.20060mlcs4.i586.rpm 7b2b6581795c3df4c2f1ee84323599b7 corporate/4.0/SRPMS/python-2.4.1-5.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 9035ef7c55d505b760a793f35bd5a1b9 corporate/4.0/x86_64/lib64python2.4-2.4.1-5.1.20060mlcs4.x86_64.rpm 1e911935ec4cb22679936deafcef042a corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.1.20060mlcs4.x86_64.rpm 1ed352a1529a6776574888b5d8c92767 corporate/4.0/x86_64/python-2.4.1-5.1.20060mlcs4.x86_64.rpm c1cd58bb170bea659c1473597390a467 corporate/4.0/x86_64/python-base-2.4.1-5.1.20060mlcs4.x86_64.rpm cc941f3e8b7f8bfe90350202fdfde139 corporate/4.0/x86_64/python-docs-2.4.1-5.1.20060mlcs4.x86_64.rpm 70a8606fa34b86d046a1c2276d46dc30 corporate/4.0/x86_64/tkinter-2.4.1-5.1.20060mlcs4.x86_64.rpm 7b2b6581795c3df4c2f1ee84323599b7 corporate/4.0/SRPMS/python-2.4.1-5.1.20060mlcs4.src.rpm Multi Network Firewall 2.0: 0cd4a9b86999ad5685b4e44ecaad9ed3 mnf/2.0/i586/libpython2.3-2.3.3-2.3.M20mdk.i586.rpm c5e4c526e8b32dd61d8153ceaf9be7bf mnf/2.0/i586/libpython2.3-devel-2.3.3-2.3.M20mdk.i586.rpm 97943f39f6ffcb1fd9707a8027b1c23f mnf/2.0/i586/python-2.3.3-2.3.M20mdk.i586.rpm 974ac1a02271c5e59daf4f978d9d14a1 mnf/2.0/i586/python-base-2.3.3-2.3.M20mdk.i586.rpm fb2f664290a9af406af50f2114e7d33c mnf/2.0/i586/python-docs-2.3.3-2.3.M20mdk.i586.rpm 5820e40a69985f5d9a7da3c639244c21 mnf/2.0/i586/tkinter-2.3.3-2.3.M20mdk.i586.rpm d4f5afc158538b5424a000ca984aa695 mnf/2.0/SRPMS/python-2.3.3-2.3.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFK+2amqjQ0CJFipgRAjfkAJ9N9WfboDZylSZxAdhxfmfAX6eT8gCgp+Pg stTAuAjDA3wdTnpp6xQqTFU= =YVZd -----END PGP SIGNATURE-----
