-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:212 http://www.mandriva.com/security/ _______________________________________________________________________ Package : python Date : August 23, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. _______________________________________________________________________ References: https://bugs.gentoo.org/show_bug.cgi?id=280615 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 836ae8dca4ea5075570308601404f08b 2008.1/i586/libpython2.5-2.5.2-2.4mdv2008.1.i586.rpm c0d2f284c5186fbeffbec54c87c3b16e 2008.1/i586/libpython2.5-devel-2.5.2-2.4mdv2008.1.i586.rpm 9dc6194d0725d98de504d43a6a6be8ee 2008.1/i586/python-2.5.2-2.4mdv2008.1.i586.rpm ff9365c549641ceb5220b95ed839c5a1 2008.1/i586/python-base-2.5.2-2.4mdv2008.1.i586.rpm eaa3f8eb68cb602d4844e49e243ca9cf 2008.1/i586/python-docs-2.5.2-2.4mdv2008.1.i586.rpm 3111537c56613f5597c57a524ed1636b 2008.1/i586/tkinter-2.5.2-2.4mdv2008.1.i586.rpm c1ada1cf0e66f5108f43c72fb9955f72 2008.1/i586/tkinter-apps-2.5.2-2.4mdv2008.1.i586.rpm 7c3531beccdeba86834ab34353b0b63a 2008.1/SRPMS/python-2.5.2-2.4mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 5167564837a0738bbd75a291aff5f9ae 2008.1/x86_64/lib64python2.5-2.5.2-2.4mdv2008.1.x86_64.rpm 39ad271ea137fd9fe5fb7ae6463cd5ed 2008.1/x86_64/lib64python2.5-devel-2.5.2-2.4mdv2008.1.x86_64.rpm 8a3da29b65af4b47d7e6fd71b466b23a 2008.1/x86_64/python-2.5.2-2.4mdv2008.1.x86_64.rpm 48bbff9fdaa65b079be904c4b0605235 2008.1/x86_64/python-base-2.5.2-2.4mdv2008.1.x86_64.rpm f0013decf0a71de2b9d170cffeb4aaf4 2008.1/x86_64/python-docs-2.5.2-2.4mdv2008.1.x86_64.rpm b6503232d22add8000aa5492304299f5 2008.1/x86_64/tkinter-2.5.2-2.4mdv2008.1.x86_64.rpm 90bbc302ae26762062d3e8580765527e 2008.1/x86_64/tkinter-apps-2.5.2-2.4mdv2008.1.x86_64.rpm 7c3531beccdeba86834ab34353b0b63a 2008.1/SRPMS/python-2.5.2-2.4mdv2008.1.src.rpm Mandriva Linux 2009.0: 41a6ff3352ec97287c6ab70e3bb8d2d7 2009.0/i586/libpython2.5-2.5.2-5.3mdv2009.0.i586.rpm 98a906e1203d5b5ca68c45880ed50792 2009.0/i586/libpython2.5-devel-2.5.2-5.3mdv2009.0.i586.rpm 79c828581618bd5595357ee6ff11eb46 2009.0/i586/python-2.5.2-5.3mdv2009.0.i586.rpm ecec77d205b6cb0b573f480cf2ecf416 2009.0/i586/python-base-2.5.2-5.3mdv2009.0.i586.rpm d7e0cba3770581d0ac3a553c85587f74 2009.0/i586/python-docs-2.5.2-5.3mdv2009.0.i586.rpm 39a114e0cffa3e7606cee245c3daa83a 2009.0/i586/tkinter-2.5.2-5.3mdv2009.0.i586.rpm cb9c6dccfda79b7928535f9530554145 2009.0/i586/tkinter-apps-2.5.2-5.3mdv2009.0.i586.rpm 838505a65e7170253df7dd2c6bb2ce29 2009.0/SRPMS/python-2.5.2-5.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: cef3bdd63b557ac45c7fc1caeb7f93fb 2009.0/x86_64/lib64python2.5-2.5.2-5.3mdv2009.0.x86_64.rpm 494082f968c548878504954486de0472 2009.0/x86_64/lib64python2.5-devel-2.5.2-5.3mdv2009.0.x86_64.rpm 53066eba413c19255bff2f96d09fd71b 2009.0/x86_64/python-2.5.2-5.3mdv2009.0.x86_64.rpm 4882e3b56af0ccff57d323b0e81a0c86 2009.0/x86_64/python-base-2.5.2-5.3mdv2009.0.x86_64.rpm 9589abe6325301c18e630da640696925 2009.0/x86_64/python-docs-2.5.2-5.3mdv2009.0.x86_64.rpm 8a34b93f61e1aedd03bd42e80936e702 2009.0/x86_64/tkinter-2.5.2-5.3mdv2009.0.x86_64.rpm aa5f5b193674a3566d599c48dd3bf198 2009.0/x86_64/tkinter-apps-2.5.2-5.3mdv2009.0.x86_64.rpm 838505a65e7170253df7dd2c6bb2ce29 2009.0/SRPMS/python-2.5.2-5.3mdv2009.0.src.rpm Mandriva Linux 2009.1: 698f1c4fe930e04180f90066303f208c 2009.1/i586/libpython2.6-2.6.1-6.1mdv2009.1.i586.rpm 95f44487a6858e974cf7a69e81c4da30 2009.1/i586/libpython2.6-devel-2.6.1-6.1mdv2009.1.i586.rpm f274ff8d9c684f958c792060c7d40377 2009.1/i586/python-2.6.1-6.1mdv2009.1.i586.rpm 80699827f57799ce3aa889cc96f1e370 2009.1/i586/python-docs-2.6.1-6.1mdv2009.1.i586.rpm 5377a66c3d6bb6cec81be0e75ca71f77 2009.1/i586/tkinter-2.6.1-6.1mdv2009.1.i586.rpm be48b1e249242a193a41fb6e1920b1dc 2009.1/i586/tkinter-apps-2.6.1-6.1mdv2009.1.i586.rpm 6b7c29642be5f8aa998fc4bd5f571f9e 2009.1/SRPMS/python-2.6.1-6.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 32ed19f4b67a2740dd78edffef5483ee 2009.1/x86_64/lib64python2.6-2.6.1-6.1mdv2009.1.x86_64.rpm f313d28183f7c0d69c37d5beaddc4e48 2009.1/x86_64/lib64python2.6-devel-2.6.1-6.1mdv2009.1.x86_64.rpm d066fecdbb264e9ba2534b7284724d75 2009.1/x86_64/python-2.6.1-6.1mdv2009.1.x86_64.rpm 9f08828ee1728ae00b1e356cc861b772 2009.1/x86_64/python-docs-2.6.1-6.1mdv2009.1.x86_64.rpm 833945b29fafdfd2dbab7495f101c5f7 2009.1/x86_64/tkinter-2.6.1-6.1mdv2009.1.x86_64.rpm 6f693f90697406427c09f8312ca2bd04 2009.1/x86_64/tkinter-apps-2.6.1-6.1mdv2009.1.x86_64.rpm 6b7c29642be5f8aa998fc4bd5f571f9e 2009.1/SRPMS/python-2.6.1-6.1mdv2009.1.src.rpm Corporate 3.0: 91e05c8b6f93cb16180aa4a843e765c2 corporate/3.0/i586/libpython2.3-2.3.7-0.3.C30mdk.i586.rpm d4ac68c7582712187691bc746ccbff3d corporate/3.0/i586/libpython2.3-devel-2.3.7-0.3.C30mdk.i586.rpm 0b5d65e56944135be61affe8005883d0 corporate/3.0/i586/python-2.3.7-0.3.C30mdk.i586.rpm f75ff9f728b94997571a8d0d74a7ab21 corporate/3.0/i586/python-base-2.3.7-0.3.C30mdk.i586.rpm a8d1dca0dc331ba20370693a40180b8a corporate/3.0/i586/python-docs-2.3.7-0.3.C30mdk.i586.rpm da0d1cde85111104f754f2917c330d43 corporate/3.0/i586/tkinter-2.3.7-0.3.C30mdk.i586.rpm 2e721dd00daf3f183b0b2f08fda11d22 corporate/3.0/SRPMS/python-2.3.7-0.3.C30mdk.src.rpm Corporate 3.0/X86_64: 3cef00123723431a9b732de0d8f78d1d corporate/3.0/x86_64/lib64python2.3-2.3.7-0.3.C30mdk.x86_64.rpm c8ae565114282532d176fdd6bbb57314 corporate/3.0/x86_64/lib64python2.3-devel-2.3.7-0.3.C30mdk.x86_64.rpm 9eef4396d6cf03ca83c1d5b7f7c9eeb3 corporate/3.0/x86_64/python-2.3.7-0.3.C30mdk.x86_64.rpm ad4d0d1cced20b7fd37392f45f14500c corporate/3.0/x86_64/python-base-2.3.7-0.3.C30mdk.x86_64.rpm 6e62cd462a994074536e8aeb553696e2 corporate/3.0/x86_64/python-docs-2.3.7-0.3.C30mdk.x86_64.rpm 9861e393e4e17b014f7be8d6fac63a22 corporate/3.0/x86_64/tkinter-2.3.7-0.3.C30mdk.x86_64.rpm 2e721dd00daf3f183b0b2f08fda11d22 corporate/3.0/SRPMS/python-2.3.7-0.3.C30mdk.src.rpm Corporate 4.0: 15bd9c5d9affc50459c8cd7f7ec1ee93 corporate/4.0/i586/libpython2.4-2.4.5-0.3.20060mlcs4.i586.rpm 0faa2120be98b8f31fd10d2a7175c91e corporate/4.0/i586/libpython2.4-devel-2.4.5-0.3.20060mlcs4.i586.rpm 2da3aeeb0e73febb0d92a41555a86a38 corporate/4.0/i586/python-2.4.5-0.3.20060mlcs4.i586.rpm 2c178dda7e62b4bf7a2f9970b11454ee corporate/4.0/i586/python-base-2.4.5-0.3.20060mlcs4.i586.rpm 2df404bd0b04f16860b1152cd00a52b2 corporate/4.0/i586/python-docs-2.4.5-0.3.20060mlcs4.i586.rpm a095125a026ecaf9187c33a61aa50486 corporate/4.0/i586/tkinter-2.4.5-0.3.20060mlcs4.i586.rpm 86b2985d74be8c13e30372425bb3e549 corporate/4.0/SRPMS/python-2.4.5-0.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 0679e00d989009ec50021d94fc17e94b corporate/4.0/x86_64/lib64python2.4-2.4.5-0.3.20060mlcs4.x86_64.rpm e31a1bc0d0d54e4cff074e168a18bc12 corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.3.20060mlcs4.x86_64.rpm 8bcdde1f348a729b287bc0046503b3ee corporate/4.0/x86_64/python-2.4.5-0.3.20060mlcs4.x86_64.rpm 5ba366f0cfd05b6c237fd54eafc36eb2 corporate/4.0/x86_64/python-base-2.4.5-0.3.20060mlcs4.x86_64.rpm d2d906256924badff5042c8e37234130 corporate/4.0/x86_64/python-docs-2.4.5-0.3.20060mlcs4.x86_64.rpm 46b8d19e7b9538afb024e759de6c4dbb corporate/4.0/x86_64/tkinter-2.4.5-0.3.20060mlcs4.x86_64.rpm 86b2985d74be8c13e30372425bb3e549 corporate/4.0/SRPMS/python-2.4.5-0.3.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 6aeb5877fbf4d54183fbacda6ad9682e mes5/i586/libpython2.5-2.5.2-5.3mdvmes5.i586.rpm 1e9bfe0c30d17f3cf0607d44f9c92c16 mes5/i586/libpython2.5-devel-2.5.2-5.3mdvmes5.i586.rpm c9418d922c8b2f5a8345cc4a392176a2 mes5/i586/python-2.5.2-5.3mdvmes5.i586.rpm 597d30dcf87da029d31a3e8f8c233c48 mes5/i586/python-base-2.5.2-5.3mdvmes5.i586.rpm eedb70bf05cf65fdb630eb58e8e204bd mes5/i586/python-docs-2.5.2-5.3mdvmes5.i586.rpm 13ec4b95422075d9918301c33d436f77 mes5/i586/tkinter-2.5.2-5.3mdvmes5.i586.rpm 48593ff9af36df2463a7b93b734b8543 mes5/i586/tkinter-apps-2.5.2-5.3mdvmes5.i586.rpm 0330dea8c2ebbac05df306a559a73b21 mes5/SRPMS/python-2.5.2-5.3mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 4c0809b8bcf86cac61e822a81243b3b1 mes5/x86_64/lib64python2.5-2.5.2-5.3mdvmes5.x86_64.rpm 3927c5aab093995c5c6905823aa11788 mes5/x86_64/lib64python2.5-devel-2.5.2-5.3mdvmes5.x86_64.rpm be5b5099bf96b950546aad1f7ecfc760 mes5/x86_64/python-2.5.2-5.3mdvmes5.x86_64.rpm 20e7190df22fef0732cbeb483153a263 mes5/x86_64/python-base-2.5.2-5.3mdvmes5.x86_64.rpm eca0caa1153fee3826332d69e4c05d00 mes5/x86_64/python-docs-2.5.2-5.3mdvmes5.x86_64.rpm 0a4f9fdc713d24bc2507ac48b3db0a7b mes5/x86_64/tkinter-2.5.2-5.3mdvmes5.x86_64.rpm 04ca6bc6d763cf68d3e3705d8259172f mes5/x86_64/tkinter-apps-2.5.2-5.3mdvmes5.x86_64.rpm 0330dea8c2ebbac05df306a559a73b21 mes5/SRPMS/python-2.5.2-5.3mdvmes5.src.rpm Multi Network Firewall 2.0: 1452617c693de8d4e955a0c5f743ce67 mnf/2.0/i586/libpython2.3-2.3.7-0.3.C30mdk.i586.rpm 07302c967d11fde4ffdbb6ff81b05b7c mnf/2.0/i586/libpython2.3-devel-2.3.7-0.3.C30mdk.i586.rpm e5f65d271eb9e5793f57c407e2975e6c mnf/2.0/i586/python-2.3.7-0.3.C30mdk.i586.rpm 290432b9d3868acde4e90fa3fe4288f5 mnf/2.0/i586/python-base-2.3.7-0.3.C30mdk.i586.rpm 2d9797eda3b0eca2e6b92d28851fdc8f mnf/2.0/i586/python-docs-2.3.7-0.3.C30mdk.i586.rpm 690e1ebed6b23eb195dc2804249108dd mnf/2.0/i586/tkinter-2.3.7-0.3.C30mdk.i586.rpm 30bc1960b03bb97e3494a3466d878371 mnf/2.0/SRPMS/python-2.3.7-0.3.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKkWClmqjQ0CJFipgRArOMAKClykPz/75lQ1f8+wp1b7M+xUCTAgCg2GrW 7GlYAOU4/RM6do0tWhKZrmw= =mj4E -----END PGP SIGNATURE-----