Debian Security Advisory DSA 458-2                     security@debian.org 
Debian -- Security Information                              Martin Schulze
Aughst 31st, 2004                        Debian -- Debian security FAQ 

Package        : python2.2
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2004-0150
BugTraq ID     : 9836
Debian Bug     : 248946

This security advisory corrects DSA 458-1 which caused some
segmentation faults in gethostbyaddr with non-localhost input.  This
update also disables IPv6 on all architectures.

The original advisory said:

   Sebastian Schmidt discovered a buffer overflow bug in Python's
   getaddrinfo function, which could allow an IPv6 address, supplied by a
   remote attacker via DNS, to overwrite memory on the stack.

   This bug only exists in python 2.2 and 2.2.1, and only when IPv6
   support is disabled.  The python2.2 package in Debian woody meets
   these conditions (the 'python' package does not).

For the stable distribution (woody), this bug has been fixed in
version 2.2.1-4.5.

The testing and unstable distribution (sid) are not affected by this problem.

We recommend that you update your python2.2 package.

Upgrade Instructions

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

  Source archives:

      Size/MD5 checksum:     1150 cf66b7df147cd3abe5f7996ef1d798a1
      Size/MD5 checksum:    92754 6e8bdacbe3ab45e44614062d88d8058a
      Size/MD5 checksum:  6536167 88aa07574673ccfaf35904253c78fc7d

  Architecture independent components:

      Size/MD5 checksum:   112964 4b3199bd24e653365a70a84a7e776e71
      Size/MD5 checksum:  1314152 f6159965926afd04d721ed7b1f26766a
      Size/MD5 checksum:    50044 d0a163f95e67375503f44d1cbd06a766
      Size/MD5 checksum:   477718 caff59139f30f7afb067ff7adf4def81

  Alpha architecture:

      Size/MD5 checksum:  2138578 a33063f19dfaa15665c20d58cdb73bf0
      Size/MD5 checksum:   863826 d58d2a8280abb6617a32e151494258a0
      Size/MD5 checksum:    18048 212a1f4d3c361c516a0b1415152a6b0b
      Size/MD5 checksum:    21686 7bf08f71e1c0eb371cbb2783497b19f4
      Size/MD5 checksum:    86200 f37e71e03c8ffdc3c93707f4b35340ed
      Size/MD5 checksum:    52292 fae41d3795662264abdeab61e545dc75

  ARM architecture:

      Size/MD5 checksum:  1951870 822b2d62e146e1eaefa8d6f501528f56
      Size/MD5 checksum:   774482 040afadb3bd8f4f6a9de9c5244725875
      Size/MD5 checksum:    16860 cd400949fd539fc97580ce35c05f0bcd
      Size/MD5 checksum:    20102 4aa03c8213d64b7f84b1415cf3b676a1
      Size/MD5 checksum:    84480 af25e64589130d50ea5ac9be616f66fc
      Size/MD5 checksum:    49704 3bde8cb677e9aa8ce0d9223866914f82

  Intel IA-32 architecture:

      Size/MD5 checksum:  1888726 436d2ed1731063b83fca919845480fa9
      Size/MD5 checksum:   684000 51122edfefa820a42d80edb8e3983b6b
      Size/MD5 checksum:    16658 29d9a3dea27ae4b5f3daab542192f590
      Size/MD5 checksum:    20040 7540f4b9f60ad14126fcd66d6e7da3aa
      Size/MD5 checksum:    83280 2ced34d765dc4916885251a8d3b70548
      Size/MD5 checksum:    48678 ac6e9fdad6443eb316e767fd570812f2

  Intel IA-64 architecture:

      Size/MD5 checksum:  2489766 94e9bb04dc16839e7c58c804fbdb532d
      Size/MD5 checksum:   936530 8e7e149b9a88476312ed4843d1b409cd
      Size/MD5 checksum:    19466 96eb4f653a816458ea185be60bfadb01
      Size/MD5 checksum:    25410 0073429e3953ac49859f354019a250b5
      Size/MD5 checksum:    90336 55464dae099820960f7e18e3641f2f4b
      Size/MD5 checksum:    56362 9505164b5a445e25424c3d2999193af4

  HP Precision architecture:

      Size/MD5 checksum:  2356458 a5347c22d8e5fff386931a205a408fd9
      Size/MD5 checksum:   924798 db38537800027eeac634fd3d86033bf9
      Size/MD5 checksum:    18198 2a1e0e73f5f8e2a502d083a134734489
      Size/MD5 checksum:    24008 5bc5d723dbf8967d8abfebd6eb246051
      Size/MD5 checksum:    88038 9d2d5a229986c09cc24f18e00ba7f4ec
      Size/MD5 checksum:    54914 76a19df9685652a813fc7cb6d78631e8

  Motorola 680x0 architecture:

      Size/MD5 checksum:  1894230 638aaee1095e8a9f7e195dac11dbf9db
      Size/MD5 checksum:   660790 9303e0a962e847b073156efc4fdf9490
      Size/MD5 checksum:    16778 073a581cf3aacc8e3d190162badea45a
      Size/MD5 checksum:    19720 cb652d481c6dc183924438d29a9c2dc7
      Size/MD5 checksum:    84166 c929a6e6f2e465406e318c495461ab12
      Size/MD5 checksum:    49494 ad110ab5d060a7d40913615ca7baa190

  Big endian MIPS architecture:

      Size/MD5 checksum:  1952764 aae122721f5f0417a90be9cc2cd651e4
      Size/MD5 checksum:   790258 4a65c4709a023a9c6391ec7fd6d87b5f
      Size/MD5 checksum:    16868 954c72b264e65069549cf15d896bafc0
      Size/MD5 checksum:    20136 2277a007679ca89f27c12cb48066d850
      Size/MD5 checksum:    83296 5d0540445a5e9f994fba2ef86a0edf92
      Size/MD5 checksum:    48882 2df2ffa6eadf8df8324229cd7124eb2a

  Little endian MIPS architecture:

      Size/MD5 checksum:  1947544 556a6c3a1b9601652d0c4875b038b939
      Size/MD5 checksum:   790136 14f595e7373683cd647bb69144552359
      Size/MD5 checksum:    16878 46f24850ebabf78dc9b51cb5ff9408be
      Size/MD5 checksum:    20152 a81e9b7db0c15603bac6210207b09b6c
      Size/MD5 checksum:    83248 e2c8b60375307c2aad8ab27f72498561
      Size/MD5 checksum:    48822 95a0795df1d65d250ff9c9592114c71d

  PowerPC architecture:

      Size/MD5 checksum:  1998458 31062fa45fe2301a7d3ad9d6f0f26bd4
      Size/MD5 checksum:   775322 3917f645b81febfa0b945d936a326c10
      Size/MD5 checksum:    16992 190c42311e3ac49edbafd6d716239086
      Size/MD5 checksum:    20692 65fda13391da2bb6ac5cc0d5c5240254
      Size/MD5 checksum:    84894 90ede0567beaf59e73f8ba7d1576bd67
      Size/MD5 checksum:    50218 0448a5f92d10b9170e2a28e29ceb5f91

  IBM S/390 architecture:

      Size/MD5 checksum:  1940432 f970a892475237f0f8a1cb23774009d9
      Size/MD5 checksum:   692566 034e05df689e471713732f8ffec64baf
      Size/MD5 checksum:    17234 2dc518f352a8750405caf5381998e51a
      Size/MD5 checksum:    20474 17c7bf9dd87d040fc843420fcd21d10a
      Size/MD5 checksum:    85278 903c1d5a078c215b7518c635e28eb743
      Size/MD5 checksum:    49756 786da3d0572811f2b113c2f7a7a82b2a

  Sun Sparc architecture:

      Size/MD5 checksum:  2036844 5afa6fef3493a74ebfb5b62940e54549
      Size/MD5 checksum:   738110 512c476def1ccd06acf18d71cc79d3ac
      Size/MD5 checksum:    19980 eb2c3f81a9161de148d0d3b78ffac1b9
      Size/MD5 checksum:    19632 3900b210f66c620462aa8e6000b070a4
      Size/MD5 checksum:    84110 5ad581c3e6cde9f851e7cd54b530068b
      Size/MD5 checksum:    49476 7d9584eb01d6793667d2b19cc47727ce

  These files will probably be moved into the stable distribution on
  its next update.

For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: python2.2 really fix buffer overflow

August 31, 2004
This security advisory corrects DSA 458-1 which caused somesegmentation faults in gethostbyaddr with non-localhost input


This security advisory corrects DSA 458-1 which caused some
segmentation faults in gethostbyaddr with non-localhost input. This
update also disables IPv6 on all architectures.

The original advisory said:

Sebastian Schmidt discovered a buffer overflow bug in Python's
getaddrinfo function, which could allow an IPv6 address, supplied by a
remote attacker via DNS, to overwrite memory on the stack.

This bug only exists in python 2.2 and 2.2.1, and only when IPv6
support is disabled. The python2.2 package in Debian woody meets
these conditions (the 'python' package does not).

For the stable distribution (woody), this bug has been fixed in
version 2.2.1-4.5.

The testing and unstable distribution (sid) are not affected by this problem.

We recommend that you update your python2.2 package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for

Read the Full Advisory

Package : python2.2

Related News