=========================================================== 
Ubuntu Security Notice USN-632-1            August 01, 2008
python2.4, python2.5 vulnerabilities
CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315,
CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  python2.4                       2.4.3-0ubuntu6.2
  python2.4-minimal               2.4.3-0ubuntu6.2

Ubuntu 7.04:
  python2.4                       2.4.4-2ubuntu7.2
  python2.4-minimal               2.4.4-2ubuntu7.2
  python2.5                       2.5.1-0ubuntu1.2
  python2.5-minimal               2.5.1-0ubuntu1.2

Ubuntu 7.10:
  python2.4                       2.4.4-6ubuntu4.2
  python2.4-minimal               2.4.4-6ubuntu4.2
  python2.5                       2.5.1-5ubuntu5.2
  python2.5-minimal               2.5.1-5ubuntu5.2

Ubuntu 8.04 LTS:
  python2.4                       2.4.5-1ubuntu4.1
  python2.4-minimal               2.4.5-1ubuntu4.1
  python2.5                       2.5.2-2ubuntu4.1
  python2.5-minimal               2.5.2-2ubuntu4.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

It was discovered that there were new integer overflows in the imageop
module.  If an attacker were able to trick a Python application into
processing a specially crafted image, they could execute arbitrary code
with user privileges. (CVE-2008-1679)

Justin Ferguson discovered that the zlib module did not correctly
handle certain archives.  If an attacker were able to trick a Python
application into processing a specially crafted archive file, they could
execute arbitrary code with user privileges. (CVE-2008-1721)

Justin Ferguson discovered that certain string manipulations in Python
could be made to overflow.  If an attacker were able to pass a specially
crafted string through the PyString_FromStringAndSize function, they
could execute arbitrary code with user privileges. (CVE-2008-1887)

Multiple integer overflows were discovered in Python's core and modules
including hashlib, binascii, pickle, md5, stringobject, unicodeobject,
bufferobject, longobject, tupleobject, stropmodule, gcmodule, and
mmapmodule.  If an attacker were able to exploit these flaws they could
execute arbitrary code with user privileges or cause Python applications
to crash, leading to a denial of service. (CVE-2008-2315, CVE-2008-2316,
CVE-2008-3142, CVE-2008-3143, CVE-2008-3144).


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:  2659655 79cfb16c20f87377a79ae1068eefd7fe
          Size/MD5:     1261 59b4e269522696105572fb2d23ecae75
          Size/MD5:  9328584 fd9dd825b8c680fa04c2fc2c957964b1

  Architecture independent packages:

          Size/MD5:   243158 237a537ba8a40032311ce70b9b142908
          Size/MD5:  3357934 424d51830d26cc3a80d8df9dae578b9a
          Size/MD5:   587390 a878b5a8ab9a6544106a8c779ef341a6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  5568776 c5a350c0953b4eb23633e58c2a267799
          Size/MD5:  1635048 ec18f029d34290df08cb2a1aaba8a9c5
          Size/MD5:    30072 b2c8e4c4437baa9c2cbd5949d86abe4f
          Size/MD5:   793962 6c81a3e2e045cdf4c2684a05121218c9
          Size/MD5:   113812 c463a7a7be42bd01f918ad9ff01bd6ae
          Size/MD5:  2861788 41d6a96da599a5d09d436dee2292e793

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  4828590 6b803d0ad098dbd0ea770bc3a321712f
          Size/MD5:  1466074 064333d1ce7d52c271dca3ffca1b73d9
          Size/MD5:    29310 be8ba92ee319623ad8e1dae2e46e850b
          Size/MD5:   703370 1d6f7f0a6649be443337d245bf1cf947
          Size/MD5:   110160 020aabfe30e265b0c48995a9e3cd12c8
          Size/MD5:  2739420 999ce42fcfacb4322fdb45e7976cdaa3

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  5671080 30a519a3be8c332d483011002c283841
          Size/MD5:  1630992 6d69e39045790639a5d5bdbce36ed30f
          Size/MD5:    31278 f7be4c74b7ae71ffa0032df26825e49c
          Size/MD5:   783202 a96948d6153e9ccdb86b9880aa77d241
          Size/MD5:   113074 393ca0b1b2ee68533538d691fbc5c742
          Size/MD5:  2887496 69d604dfbfcaf8db1b881a136f30e828

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  5004064 a07fd7a1b6425f06bc382c653b9096a7
          Size/MD5:  1578922 3b77f095775183c6fa81c916c6113348
          Size/MD5:    29490 6bd9c5fa849ae8d641193eb3c5837d82
          Size/MD5:   723648 f57275440a13ee0bc69e403482575ce9
          Size/MD5:   110918 40dcac5ff4b112845c40994629de636b
          Size/MD5:  2803228 d40fcf17483d3cf3f7ab0db9445730c8

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:  2701347 b84fda955aa57371cc3fb36298f9c01e
          Size/MD5:     1330 147dfc5fef334b337e41e9b8e671f0f8
          Size/MD5:  9508940 f74ef9de91918f8927e75e8c3024263a
          Size/MD5:  2995766 b91a12102be5bfc9fd9c432f1b5e47e9
          Size/MD5:     1452 81a359ebdca2b6e2ebc03ffde59c76a9
          Size/MD5: 11073614 b7e26a0039645f1145ceb6f4dea4a758

  Architecture independent packages:

          Size/MD5:  3467124 9b0d217aa828f74f9bfe2c494dff3242
          Size/MD5:   590720 b6c4a64c013757ebb242fd5795073dcc
          Size/MD5:  2504620 f17f63d4222e0c9443fc0ec6e5c0dc43
          Size/MD5:   647548 272e8cb7a7d3446eeea7db9d5e0ed86e
          Size/MD5:    61950 ebede71649b619574e27af37f4f30ec2
          Size/MD5:    66330 821bee47fa6b2271353a3bfbab572c26

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  6980942 59ce0a2ad07d439fd2316b2397701370
          Size/MD5:  1618280 92a5f4824b36bdefdf1fac46c2408d77
          Size/MD5:  1047530 9dca597560b8fb8f71e5dc9fd0dd5262
          Size/MD5:  2899052 1f0cdceec1bb1142b92bcd26fbf074c5
          Size/MD5:  8055664 8b28335ab58c9c686351cbc850b1421f
          Size/MD5:  1793064 07bdf1e57eb63f780acfd4cab8cf2a2d
          Size/MD5:  1248758 2af929adf69381f29ee94efbe32c01fb
          Size/MD5:  3208140 4976a32e3287d31f655dc7beb970d254

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  6410254 f0e3e0404a8be84bd6152c6a9a2e3aa3
          Size/MD5:  1477124 a1ba850d8c2150896e57f7baada05442
          Size/MD5:   972230 1409d1329ceea6374910c139a656a3cb
          Size/MD5:  2799520 814cefbadf2ccf3a4d0233a4a7d436d2
          Size/MD5:  7429402 30aba61653609ec966490844113dec72
          Size/MD5:  1645714 2cfa05249742fef96e9f3e9921b4c83b
          Size/MD5:  1168856 d69a774f2300d0e3bebfa5026a0590b1
          Size/MD5:  3090648 512360defc19f2ca31abebf208cfc604

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  7309592 ec89ecd19f6eb0b34312ff3827fb89e0
          Size/MD5:  1637656 23b507740d06aa06ec9a0a1c71cbccec
          Size/MD5:  1072396 958e96a0a05675f7287d72c98d8f2883
          Size/MD5:  2958110 9110078db67be9ff5c3aff37565f5e6a
          Size/MD5:  8419522 c19cfb1c5d00e3d1a340ae0945509502
          Size/MD5:  1811154 561a18fe8a51437a46d099964cde2216
          Size/MD5:  1277790 aa569520cd1a4d7c2d8524099045744f
          Size/MD5:  3284928 bd6da448cc2dd9a97191560afb4e1eb7

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  6591548 7a984306066b0648f2fc35e892ee9485
          Size/MD5:  1570200 47f0a83ed70f97a7f541638363362931
          Size/MD5:   998314 3d8bf6db785d502f57417aac842be74e
          Size/MD5:  2829580 d50b08645a4b5346f683fe4ad9f1e7c4
          Size/MD5:  7628064 8fd81cf0ff7ad80828c06a8e53143fb2
          Size/MD5:  1747038 fcbf92c2ded2e2c339df7e17eaad2c98
          Size/MD5:  1196320 41daa3cb6b2c970b849cc92248b778d0
          Size/MD5:  3128594 d1c0a71bd660017181a115156d7ca540

Updated packages for Ubuntu 7.10:

  Source archives:

          Size/MD5:  2665505 d3b48d2d2363eae6e9311f32143fb166
          Size/MD5:     1387 33390484e8187f5896007e11dc73d13b
          Size/MD5:  9508940 f74ef9de91918f8927e75e8c3024263a
          Size/MD5:  3085721 c8d25c1eada232d40178aeb95e898476
          Size/MD5:     1441 378bd6b5c0bb11e0dc46fdb824075e62
          Size/MD5: 11073614 b7e26a0039645f1145ceb6f4dea4a758

  Architecture independent packages:

          Size/MD5:  3366838 86b53516b0d2651c0309445eb74cd220
          Size/MD5:   591332 00c1ad4ccb000a7a6231a07ddfbb8b10
          Size/MD5:  3724666 70e98768659d070e60a7f30c014572b7
          Size/MD5:   648892 d2bc23ec61ef990182527f0a4d25fab3
          Size/MD5:    62482 70d9d2268b9cfa97ea636fac97360800
          Size/MD5:    67300 36684dc3985d17d9fc20df38d4159bf6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  6932036 d1843d75bcda73cbef1aae2acf110541
          Size/MD5:  1623636 a4722bfc9d32de2ff2e2a42b58ce2e9a
          Size/MD5:  1049154 33c7f2d43953817e6a51127d3e5cd3c1
          Size/MD5:  2902650 7ae0e26a366bcbef4721be1b986ea455
          Size/MD5:  8008182 e5a849ec651c68e3ed05fa40deeba12f
          Size/MD5:  2036908 7ea63a59e73a40e3739c595212b0b8c1
          Size/MD5:  1252758 22238a8e564f0002dca9d3d7330254e0
          Size/MD5:  2992366 e071e0116893c7276bcda4ab7e76145e

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  6415256 3c8ddaaf54ca494c2110f7dd9a918660
          Size/MD5:  1479690 2c38233f9eada9e8f5ffe38e11500378
          Size/MD5:   973528 235558dce9adbd9e42902b179db493ce
          Size/MD5:  2801720 83fb8fb3e4e6cb4cba7f358d7dd0e296
          Size/MD5:  7441082 a160a5e8c312e41b43a3625f94c48e52
          Size/MD5:  1880674 0d48d7b75ffceaa7c3d7f74036cffd2e
          Size/MD5:  1171198 8987698f641a027f5313d02fc0401493
          Size/MD5:  2871008 b962811c9138713398ba656acc068a3f

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:  6557610 ec5a40c3c76ee7b039d3eb76104746cb
          Size/MD5:  1482274 bcb624ab7ac3443242bf17f56f60f570
          Size/MD5:   978296 fcf10a77a2ea47045c51024dcef9c8bd
          Size/MD5:  2809990 0ac942a92e9fce3aa23ff25817f20a2b
          Size/MD5:  7558660 9441ba23b2a4fa4789f40c82bfb5a951
          Size/MD5:  1878546 899a53b2dcec9f51611021c4f0e3f2c7
          Size/MD5:  1176698 57245ff934f1295dfe1664c3aa79e463
          Size/MD5:  2877828 9acbe0c10365c3fa0de46ba952ade420

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  7224792 82ba59b25b54a95fd4a86c9af9316213
          Size/MD5:  1639076 230b59e095d8ef033ccf47320f114e7e
          Size/MD5:  1073736 5f32a92d1fe529d68603d0e73523a761
          Size/MD5:  2959224 323021b2d48914a0611d85616a6a0182
          Size/MD5:  8339992 6d4c57d5531d7bb0077fa4b64fc9b298
          Size/MD5:  2050894 df0f1ae42f24a23ae71306f6154cecd0
          Size/MD5:  1279780 c5d9df3f094fc761cbd232e0f0f570b0
          Size/MD5:  3066380 2027ebc2b326901e3daac24693bb36ac

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  6528160 dda7795f7cf234aa3ef81fbf4bfc993e
          Size/MD5:  1570180 997078e6cb4879383c52000797d23bb8
          Size/MD5:   998962 c75c4d8889dd8169e06f0f7fa0b54f1a
          Size/MD5:  2831116 6ec859f6d67a173c63b74a8cf68c0156
          Size/MD5:  7563582 c0ce6a10b8b5427835b47bebc8564bf8
          Size/MD5:  1985884 57377d3d739c50e80c6e73c70a6d7f7f
          Size/MD5:  1199170 688de7bf6c1eb05737feddf5299f17be
          Size/MD5:  2909220 36bd139e9b931289d7f457e6e77062d1

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:  2664328 b791317a007fef4552c2bf8ba55a13ec
          Size/MD5:     1457 3271c840e59a8f68b52cde12a0fddd25
          Size/MD5:  9523188 9a615c6868074f60872084ecd240de3e
          Size/MD5:  2954400 432a052851cecca3bf0f3bb2e7619322
          Size/MD5:     1628 515cdb24298d56b8b46d7608293853bc
          Size/MD5: 11577883 87619e5bf07b3506fec639b7e4d86215

  Architecture independent packages:

          Size/MD5:  3369502 77b604e32ec8be3d38004ced3d2913dc
          Size/MD5:   591744 c8bc2182eeafeafce1cf053d86f7f725
          Size/MD5:  3729274 1e20f6ea290807e6734823b437267716
          Size/MD5:   650848 8c69cd9104f936747ab07055dbeaeb13
          Size/MD5:    63660 0a7cec3255e8a3fdf85d8fbb3d603b51
          Size/MD5:    69920 3471e8296a305341663c6a0e2d7e12d3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  6880894 59fc6616382c6b3be06a5aa0e99ee908
          Size/MD5:  1623462 de07524181fe7542eb2ec0c4fed8c188
          Size/MD5:  1051750 468b4a0c355d69c80696c881fb044217
          Size/MD5:  2911726 70a036abacd3c3ef5247194b060e8bb0
          Size/MD5:  7934918 8311de45b9e1a0e0935b10921d598ba9
          Size/MD5:  2036884 ffdb8e536dba3bbd50a55f7e165b50ad
          Size/MD5:  1256342 9a898e693f08656566eaa11e8cfec1e2
          Size/MD5:  3018212 02326bdd7eb6ff8b54a9f9a0749f027a

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  6357278 20f2772f2114370a357bb74bc5fb4ed1
          Size/MD5:  1486704 318eb4e469300f6523933cb3245fffd1
          Size/MD5:   976528 2dea5ac9a51b3ce713100d1053a86312
          Size/MD5:  2813212 d1dcfb72638dd943c584b276cfc3a693
          Size/MD5:  7359816 c11f17e491af48ef2975603db2cce874
          Size/MD5:  1887972 30a72144a884e19125d46f96eb4e9a07
          Size/MD5:  1175566 fc4522bcd3cfd37d0c2e8a1685010282
          Size/MD5:  2898404 b467f8e3b32c20575030a38cae4bf8b3

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:  6453538 fb5d36acc06c55f3a44e155ba29363a6
          Size/MD5:  1483110 6c6de10c9e5195668a27a6ce9d55407b
          Size/MD5:   980308 9f93d1ab422e5fe4a22f03d258ae5ee8
          Size/MD5:  2811346 6c9e254561c4a7d12fe191b8675f38cd
          Size/MD5:  7464684 0cbc5c070fb53ef2010b9c66a7af502c
          Size/MD5:  1881994 b5174f4bb8ab70d9eb066adae062abf3
          Size/MD5:  1180302 5e3fbff4ec243011cf91795ecc19d922
          Size/MD5:  2893664 ec96b8ed643304896e28df3d2fb6fcce

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  7112922 c51953d92698ec4abafafba488503a60
          Size/MD5:  1627356 999b775a73118f743cfe77073aa19911
          Size/MD5:  1075066 162652fcf9d0be540784c15e7058b8c6
          Size/MD5:  2960838 b598804be180210c6c483d1d5c69e952
          Size/MD5:  8197372 58238bee17c6263da3bd843719936b39
          Size/MD5:  2032736 9091810f6e7c7e1e5f149502e6388d9a
          Size/MD5:  1282966 bd3c93b79c97f0762509b3367a17e61d
          Size/MD5:  3068794 bef00fa11c3adfb7e3b92a33f0ef060d

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  6441580 90d57d762bca5953da492e0e7dbca661
          Size/MD5:  1559836 8d40dd82f993c4e792193e64785b32b6
          Size/MD5:   998482 303ab52af3356ba45d7c15193e4245b7
          Size/MD5:  2828918 7fcfa07199afa36d63d5f51256aea267
          Size/MD5:  7435650 f4ae9009a1fd3809a5b0848f44cf9a9f
          Size/MD5:  1974952 60cf295076b2d6a7ecec4f606ca1c08b
          Size/MD5:  1199130 1491c043e971f7f67b9306a309905ed3
          Size/MD5:  2921542 45322b5997c0cf7406471d8f0087f7e4

Ubuntu: Python vulnerabilities

August 1, 2008
It was discovered that there were new integer overflows in the imageop module

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-632-1 August 01, 2008

Package Information

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved