Pardus: Python: Multiple Integer Overflows
Posted by Benjamin D. Thomas   
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-09            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-01-23
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow
context-dependent attackers to have  an  unknown  impact  via  a  large 
integer value in the tabsize argument  to  the  expandtabs  method,  as 
implemented    by (1)    the    string_expandtabs    function     in    
Objects/stringobject.c  and (2)  the  unicode_expandtabs  function  in  
Objects/unicodeobject.c. 


Description
===========

NOTE: this vulnerability reportedly exists because of an incomplete fix 
for CVE-2008-2315. 


Affected packages:

  Pardus 2008:
    python, all before 2.5.4-39-10
    python-tk, all before 2.5.4-3-2

    idle, all before 2.5.4-3-2



Resolution
==========

There are update(s) for python, python-tk, idle. You can update them via
Package Manager or with a single command from console: 

    pisi up python python-tk idle

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=9028
  * http://svn.python.org/view?rev=61350&view=rev
  * http://www.openwall.com/lists/oss-security/2008/11/05/3
  * http://www.openwall.com/lists/oss-security/2008/11/05/2