===========================================================
Ubuntu Security Notice USN-632-1 August 01, 2008
python2.4, python2.5 vulnerabilities
CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315,
CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
python2.4 2.4.3-0ubuntu6.2
python2.4-minimal 2.4.3-0ubuntu6.2
Ubuntu 7.04:
python2.4 2.4.4-2ubuntu7.2
python2.4-minimal 2.4.4-2ubuntu7.2
python2.5 2.5.1-0ubuntu1.2
python2.5-minimal 2.5.1-0ubuntu1.2
Ubuntu 7.10:
python2.4 2.4.4-6ubuntu4.2
python2.4-minimal 2.4.4-6ubuntu4.2
python2.5 2.5.1-5ubuntu5.2
python2.5-minimal 2.5.1-5ubuntu5.2
Ubuntu 8.04 LTS:
python2.4 2.4.5-1ubuntu4.1
python2.4-minimal 2.4.5-1ubuntu4.1
python2.5 2.5.2-2ubuntu4.1
python2.5-minimal 2.5.2-2ubuntu4.1
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
It was discovered that there were new integer overflows in the imageop
module. If an attacker were able to trick a Python application into
processing a specially crafted image, they could execute arbitrary code
with user privileges. (CVE-2008-1679)
Justin Ferguson discovered that the zlib module did not correctly
handle certain archives. If an attacker were able to trick a Python
application into processing a specially crafted archive file, they could
execute arbitrary code with user privileges. (CVE-2008-1721)
Justin Ferguson discovered that certain string manipulations in Python
could be made to overflow. If an attacker were able to pass a specially
crafted string through the PyString_FromStringAndSize function, they
could execute arbitrary code with user privileges. (CVE-2008-1887)
Multiple integer overflows were discovered in Python's core and modules
including hashlib, binascii, pickle, md5, stringobject, unicodeobject,
bufferobject, longobject, tupleobject, stropmodule, gcmodule, and
mmapmodule. If an attacker were able to exploit these flaws they could
execute arbitrary code with user privileges or cause Python applications
to crash, leading to a denial of service. (CVE-2008-2315, CVE-2008-2316,
CVE-2008-3142, CVE-2008-3143, CVE-2008-3144).
Updated packages for Ubuntu 6.06 LTS:
Source archives:
Size/MD5: 2659655 79cfb16c20f87377a79ae1068eefd7fe
Size/MD5: 1261 59b4e269522696105572fb2d23ecae75
Size/MD5: 9328584 fd9dd825b8c680fa04c2fc2c957964b1
Architecture independent packages:
Size/MD5: 243158 237a537ba8a40032311ce70b9b142908
Size/MD5: 3357934 424d51830d26cc3a80d8df9dae578b9a
Size/MD5: 587390 a878b5a8ab9a6544106a8c779ef341a6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 5568776 c5a350c0953b4eb23633e58c2a267799
Size/MD5: 1635048 ec18f029d34290df08cb2a1aaba8a9c5
Size/MD5: 30072 b2c8e4c4437baa9c2cbd5949d86abe4f
Size/MD5: 793962 6c81a3e2e045cdf4c2684a05121218c9
Size/MD5: 113812 c463a7a7be42bd01f918ad9ff01bd6ae
Size/MD5: 2861788 41d6a96da599a5d09d436dee2292e793
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 4828590 6b803d0ad098dbd0ea770bc3a321712f
Size/MD5: 1466074 064333d1ce7d52c271dca3ffca1b73d9
Size/MD5: 29310 be8ba92ee319623ad8e1dae2e46e850b
Size/MD5: 703370 1d6f7f0a6649be443337d245bf1cf947
Size/MD5: 110160 020aabfe30e265b0c48995a9e3cd12c8
Size/MD5: 2739420 999ce42fcfacb4322fdb45e7976cdaa3
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 5671080 30a519a3be8c332d483011002c283841
Size/MD5: 1630992 6d69e39045790639a5d5bdbce36ed30f
Size/MD5: 31278 f7be4c74b7ae71ffa0032df26825e49c
Size/MD5: 783202 a96948d6153e9ccdb86b9880aa77d241
Size/MD5: 113074 393ca0b1b2ee68533538d691fbc5c742
Size/MD5: 2887496 69d604dfbfcaf8db1b881a136f30e828
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 5004064 a07fd7a1b6425f06bc382c653b9096a7
Size/MD5: 1578922 3b77f095775183c6fa81c916c6113348
Size/MD5: 29490 6bd9c5fa849ae8d641193eb3c5837d82
Size/MD5: 723648 f57275440a13ee0bc69e403482575ce9
Size/MD5: 110918 40dcac5ff4b112845c40994629de636b
Size/MD5: 2803228 d40fcf17483d3cf3f7ab0db9445730c8
Updated packages for Ubuntu 7.04:
Source archives:
Size/MD5: 2701347 b84fda955aa57371cc3fb36298f9c01e
Size/MD5: 1330 147dfc5fef334b337e41e9b8e671f0f8
Size/MD5: 9508940 f74ef9de91918f8927e75e8c3024263a
Size/MD5: 2995766 b91a12102be5bfc9fd9c432f1b5e47e9
Size/MD5: 1452 81a359ebdca2b6e2ebc03ffde59c76a9
Size/MD5: 11073614 b7e26a0039645f1145ceb6f4dea4a758
Architecture independent packages:
Size/MD5: 3467124 9b0d217aa828f74f9bfe2c494dff3242
Size/MD5: 590720 b6c4a64c013757ebb242fd5795073dcc
Size/MD5: 2504620 f17f63d4222e0c9443fc0ec6e5c0dc43
Size/MD5: 647548 272e8cb7a7d3446eeea7db9d5e0ed86e
Size/MD5: 61950 ebede71649b619574e27af37f4f30ec2
Size/MD5: 66330 821bee47fa6b2271353a3bfbab572c26
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 6980942 59ce0a2ad07d439fd2316b2397701370
Size/MD5: 1618280 92a5f4824b36bdefdf1fac46c2408d77
Size/MD5: 1047530 9dca597560b8fb8f71e5dc9fd0dd5262
Size/MD5: 2899052 1f0cdceec1bb1142b92bcd26fbf074c5
Size/MD5: 8055664 8b28335ab58c9c686351cbc850b1421f
Size/MD5: 1793064 07bdf1e57eb63f780acfd4cab8cf2a2d
Size/MD5: 1248758 2af929adf69381f29ee94efbe32c01fb
Size/MD5: 3208140 4976a32e3287d31f655dc7beb970d254
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 6410254 f0e3e0404a8be84bd6152c6a9a2e3aa3
Size/MD5: 1477124 a1ba850d8c2150896e57f7baada05442
Size/MD5: 972230 1409d1329ceea6374910c139a656a3cb
Size/MD5: 2799520 814cefbadf2ccf3a4d0233a4a7d436d2
Size/MD5: 7429402 30aba61653609ec966490844113dec72
Size/MD5: 1645714 2cfa05249742fef96e9f3e9921b4c83b
Size/MD5: 1168856 d69a774f2300d0e3bebfa5026a0590b1
Size/MD5: 3090648 512360defc19f2ca31abebf208cfc604
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 7309592 ec89ecd19f6eb0b34312ff3827fb89e0
Size/MD5: 1637656 23b507740d06aa06ec9a0a1c71cbccec
Size/MD5: 1072396 958e96a0a05675f7287d72c98d8f2883
Size/MD5: 2958110 9110078db67be9ff5c3aff37565f5e6a
Size/MD5: 8419522 c19cfb1c5d00e3d1a340ae0945509502
Size/MD5: 1811154 561a18fe8a51437a46d099964cde2216
Size/MD5: 1277790 aa569520cd1a4d7c2d8524099045744f
Size/MD5: 3284928 bd6da448cc2dd9a97191560afb4e1eb7
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 6591548 7a984306066b0648f2fc35e892ee9485
Size/MD5: 1570200 47f0a83ed70f97a7f541638363362931
Size/MD5: 998314 3d8bf6db785d502f57417aac842be74e
Size/MD5: 2829580 d50b08645a4b5346f683fe4ad9f1e7c4
Size/MD5: 7628064 8fd81cf0ff7ad80828c06a8e53143fb2
Size/MD5: 1747038 fcbf92c2ded2e2c339df7e17eaad2c98
Size/MD5: 1196320 41daa3cb6b2c970b849cc92248b778d0
Size/MD5: 3128594 d1c0a71bd660017181a115156d7ca540
Updated packages for Ubuntu 7.10:
Source archives:
Size/MD5: 2665505 d3b48d2d2363eae6e9311f32143fb166
Size/MD5: 1387 33390484e8187f5896007e11dc73d13b
Size/MD5: 9508940 f74ef9de91918f8927e75e8c3024263a
Size/MD5: 3085721 c8d25c1eada232d40178aeb95e898476
Size/MD5: 1441 378bd6b5c0bb11e0dc46fdb824075e62
Size/MD5: 11073614 b7e26a0039645f1145ceb6f4dea4a758
Architecture independent packages:
Size/MD5: 3366838 86b53516b0d2651c0309445eb74cd220
Size/MD5: 591332 00c1ad4ccb000a7a6231a07ddfbb8b10
Size/MD5: 3724666 70e98768659d070e60a7f30c014572b7
Size/MD5: 648892 d2bc23ec61ef990182527f0a4d25fab3
Size/MD5: 62482 70d9d2268b9cfa97ea636fac97360800
Size/MD5: 67300 36684dc3985d17d9fc20df38d4159bf6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 6932036 d1843d75bcda73cbef1aae2acf110541
Size/MD5: 1623636 a4722bfc9d32de2ff2e2a42b58ce2e9a
Size/MD5: 1049154 33c7f2d43953817e6a51127d3e5cd3c1
Size/MD5: 2902650 7ae0e26a366bcbef4721be1b986ea455
Size/MD5: 8008182 e5a849ec651c68e3ed05fa40deeba12f
Size/MD5: 2036908 7ea63a59e73a40e3739c595212b0b8c1
Size/MD5: 1252758 22238a8e564f0002dca9d3d7330254e0
Size/MD5: 2992366 e071e0116893c7276bcda4ab7e76145e
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 6415256 3c8ddaaf54ca494c2110f7dd9a918660
Size/MD5: 1479690 2c38233f9eada9e8f5ffe38e11500378
Size/MD5: 973528 235558dce9adbd9e42902b179db493ce
Size/MD5: 2801720 83fb8fb3e4e6cb4cba7f358d7dd0e296
Size/MD5: 7441082 a160a5e8c312e41b43a3625f94c48e52
Size/MD5: 1880674 0d48d7b75ffceaa7c3d7f74036cffd2e
Size/MD5: 1171198 8987698f641a027f5313d02fc0401493
Size/MD5: 2871008 b962811c9138713398ba656acc068a3f
lpia architecture (Low Power Intel Architecture):
Size/MD5: 6557610 ec5a40c3c76ee7b039d3eb76104746cb
Size/MD5: 1482274 bcb624ab7ac3443242bf17f56f60f570
Size/MD5: 978296 fcf10a77a2ea47045c51024dcef9c8bd
Size/MD5: 2809990 0ac942a92e9fce3aa23ff25817f20a2b
Size/MD5: 7558660 9441ba23b2a4fa4789f40c82bfb5a951
Size/MD5: 1878546 899a53b2dcec9f51611021c4f0e3f2c7
Size/MD5: 1176698 57245ff934f1295dfe1664c3aa79e463
Size/MD5: 2877828 9acbe0c10365c3fa0de46ba952ade420
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 7224792 82ba59b25b54a95fd4a86c9af9316213
Size/MD5: 1639076 230b59e095d8ef033ccf47320f114e7e
Size/MD5: 1073736 5f32a92d1fe529d68603d0e73523a761
Size/MD5: 2959224 323021b2d48914a0611d85616a6a0182
Size/MD5: 8339992 6d4c57d5531d7bb0077fa4b64fc9b298
Size/MD5: 2050894 df0f1ae42f24a23ae71306f6154cecd0
Size/MD5: 1279780 c5d9df3f094fc761cbd232e0f0f570b0
Size/MD5: 3066380 2027ebc2b326901e3daac24693bb36ac
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 6528160 dda7795f7cf234aa3ef81fbf4bfc993e
Size/MD5: 1570180 997078e6cb4879383c52000797d23bb8
Size/MD5: 998962 c75c4d8889dd8169e06f0f7fa0b54f1a
Size/MD5: 2831116 6ec859f6d67a173c63b74a8cf68c0156
Size/MD5: 7563582 c0ce6a10b8b5427835b47bebc8564bf8
Size/MD5: 1985884 57377d3d739c50e80c6e73c70a6d7f7f
Size/MD5: 1199170 688de7bf6c1eb05737feddf5299f17be
Size/MD5: 2909220 36bd139e9b931289d7f457e6e77062d1
Updated packages for Ubuntu 8.04 LTS:
Source archives:
Size/MD5: 2664328 b791317a007fef4552c2bf8ba55a13ec
Size/MD5: 1457 3271c840e59a8f68b52cde12a0fddd25
Size/MD5: 9523188 9a615c6868074f60872084ecd240de3e
Size/MD5: 2954400 432a052851cecca3bf0f3bb2e7619322
Size/MD5: 1628 515cdb24298d56b8b46d7608293853bc
Size/MD5: 11577883 87619e5bf07b3506fec639b7e4d86215
Architecture independent packages:
Size/MD5: 3369502 77b604e32ec8be3d38004ced3d2913dc
Size/MD5: 591744 c8bc2182eeafeafce1cf053d86f7f725
Size/MD5: 3729274 1e20f6ea290807e6734823b437267716
Size/MD5: 650848 8c69cd9104f936747ab07055dbeaeb13
Size/MD5: 63660 0a7cec3255e8a3fdf85d8fbb3d603b51
Size/MD5: 69920 3471e8296a305341663c6a0e2d7e12d3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 6880894 59fc6616382c6b3be06a5aa0e99ee908
Size/MD5: 1623462 de07524181fe7542eb2ec0c4fed8c188
Size/MD5: 1051750 468b4a0c355d69c80696c881fb044217
Size/MD5: 2911726 70a036abacd3c3ef5247194b060e8bb0
Size/MD5: 7934918 8311de45b9e1a0e0935b10921d598ba9
Size/MD5: 2036884 ffdb8e536dba3bbd50a55f7e165b50ad
Size/MD5: 1256342 9a898e693f08656566eaa11e8cfec1e2
Size/MD5: 3018212 02326bdd7eb6ff8b54a9f9a0749f027a
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 6357278 20f2772f2114370a357bb74bc5fb4ed1
Size/MD5: 1486704 318eb4e469300f6523933cb3245fffd1
Size/MD5: 976528 2dea5ac9a51b3ce713100d1053a86312
Size/MD5: 2813212 d1dcfb72638dd943c584b276cfc3a693
Size/MD5: 7359816 c11f17e491af48ef2975603db2cce874
Size/MD5: 1887972 30a72144a884e19125d46f96eb4e9a07
Size/MD5: 1175566 fc4522bcd3cfd37d0c2e8a1685010282
Size/MD5: 2898404 b467f8e3b32c20575030a38cae4bf8b3
lpia architecture (Low Power Intel Architecture):
Size/MD5: 6453538 fb5d36acc06c55f3a44e155ba29363a6
Size/MD5: 1483110 6c6de10c9e5195668a27a6ce9d55407b
Size/MD5: 980308 9f93d1ab422e5fe4a22f03d258ae5ee8
Size/MD5: 2811346 6c9e254561c4a7d12fe191b8675f38cd
Size/MD5: 7464684 0cbc5c070fb53ef2010b9c66a7af502c
Size/MD5: 1881994 b5174f4bb8ab70d9eb066adae062abf3
Size/MD5: 1180302 5e3fbff4ec243011cf91795ecc19d922
Size/MD5: 2893664 ec96b8ed643304896e28df3d2fb6fcce
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 7112922 c51953d92698ec4abafafba488503a60
Size/MD5: 1627356 999b775a73118f743cfe77073aa19911
Size/MD5: 1075066 162652fcf9d0be540784c15e7058b8c6
Size/MD5: 2960838 b598804be180210c6c483d1d5c69e952
Size/MD5: 8197372 58238bee17c6263da3bd843719936b39
Size/MD5: 2032736 9091810f6e7c7e1e5f149502e6388d9a
Size/MD5: 1282966 bd3c93b79c97f0762509b3367a17e61d
Size/MD5: 3068794 bef00fa11c3adfb7e3b92a33f0ef060d
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 6441580 90d57d762bca5953da492e0e7dbca661
Size/MD5: 1559836 8d40dd82f993c4e792193e64785b32b6
Size/MD5: 998482 303ab52af3356ba45d7c15193e4245b7
Size/MD5: 2828918 7fcfa07199afa36d63d5f51256aea267
Size/MD5: 7435650 f4ae9009a1fd3809a5b0848f44cf9a9f
Size/MD5: 1974952 60cf295076b2d6a7ecec4f606ca1c08b
Size/MD5: 1199130 1491c043e971f7f67b9306a309905ed3
Size/MD5: 2921542 45322b5997c0cf7406471d8f0087f7e4
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
