Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-09 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2009-01-23
Severity: 3
Type: Local
------------------------------------------------------------------------
Summary
=======
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow
context-dependent attackers to have an unknown impact via a large
integer value in the tabsize argument to the expandtabs method, as
implemented by (1) the string_expandtabs function in
Objects/stringobject.c and (2) the unicode_expandtabs function in
Objects/unicodeobject.c.
Description
===========
NOTE: this vulnerability reportedly exists because of an incomplete fix
for CVE-2008-2315.
Affected packages:
Pardus 2008:
python, all before 2.5.4-39-10
python-tk, all before 2.5.4-3-2
idle, all before 2.5.4-3-2
Resolution
==========
There are update(s) for python, python-tk, idle. You can update them via
Package Manager or with a single command from console:
pisi up python python-tk idle
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=9028
* http://svn.python.org/view?rev=61350&view=rev
* http://www.openwall.com/lists/oss-security/2008/11/05/3
* http://www.openwall.com/lists/oss-security/2008/11/05/2