VUPEN Security - Mandriva Security Update Fixes Python Buffer Overflow Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Mandriva Security Update Fixes Python Buffer Overflow Vulnerability

Title : Mandriva Security Update Fixes Python Buffer Overflow Vulnerability
VUPEN ID : VUPEN/ADV-2008-1230
CVE ID : CVE-2008-1721
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-04-16

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service or compromise an affected system. This issue is caused by an error in Python. For additional information, see : VUPEN/ADV-2008-1229

Affected Products

Mandriva Linux 2007.1
Mandriva Linux 2008.0
Mandriva Linux 2008.1
Mandriva Corporate 3.0
Mandriva Corporate 4.0
Mandriva Multi Network Firewall 2.0

Solution

Upgrade the affected packages :

Mandriva Linux 2007.1:
9ecc4c94fe365970d42278e55bc02b73 2007.1/i586/libpython2.5-2.5-4.3mdv2007.1.i586.rpm
47b7294690cc9a34714394602ec52fe3 2007.1/i586/libpython2.5-devel-2.5-4.3mdv2007.1.i586.rpm
eebd7eb038b8b8e8646f660a1979919c 2007.1/i586/python-2.5-4.3mdv2007.1.i586.rpm
35e7b42b7537d448d10266aff4c4d8e8 2007.1/i586/python-base-2.5-4.3mdv2007.1.i586.rpm
8af1b52823f5c185e317ad1284b2466b 2007.1/i586/python-docs-2.5-4.3mdv2007.1.i586.rpm
29a99c607e0890685053959399368dbd 2007.1/i586/tkinter-2.5-4.3mdv2007.1.i586.rpm
d1c1500f11921e027dc1e84bd731d86c 2007.1/SRPMS/python-2.5-4.3mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
dfea89865b1020c76acc6f3df20613a5 2007.1/x86_64/lib64python2.5-2.5-4.3mdv2007.1.x86_64.rpm
53a6e2ffe62fc8872a45383c237a9144 2007.1/x86_64/lib64python2.5-devel-2.5-4.3mdv2007.1.x86_64.rpm
2f519a0aa522130441d6fc714e6e5a1f 2007.1/x86_64/python-2.5-4.3mdv2007.1.x86_64.rpm
6329e55974fb9dcf0a326a5535bccd7f 2007.1/x86_64/python-base-2.5-4.3mdv2007.1.x86_64.rpm
51abb3bd7c674e075b94313ee2c25e34 2007.1/x86_64/python-docs-2.5-4.3mdv2007.1.x86_64.rpm
819a9ec6f5e5a875f217763405f00734 2007.1/x86_64/tkinter-2.5-4.3mdv2007.1.x86_64.rpm
d1c1500f11921e027dc1e84bd731d86c 2007.1/SRPMS/python-2.5-4.3mdv2007.1.src.rpm

Mandriva Linux 2008.0:
b9282fc19b011a9b43f020f818e6f5d9 2008.0/i586/libpython2.5-2.5.1-5.2mdv2008.0.i586.rpm
bc5a47bd0868f980a93a50a66914659b 2008.0/i586/libpython2.5-devel-2.5.1-5.2mdv2008.0.i586.rpm
2e9a41c20c32f8f603e7647fb8c078ad 2008.0/i586/python-2.5.1-5.2mdv2008.0.i586.rpm
a754a2f3173faef023ab6ef2b28accd1 2008.0/i586/python-base-2.5.1-5.2mdv2008.0.i586.rpm
7d0e443b4ad27f61168de7324f1abb15 2008.0/i586/python-docs-2.5.1-5.2mdv2008.0.i586.rpm
8a06ec0b5558ad0145157f63be1aa1f8 2008.0/i586/tkinter-2.5.1-5.2mdv2008.0.i586.rpm
ea387f81431c29c2ddf572bf81a2d27e 2008.0/i586/tkinter-apps-2.5.1-5.2mdv2008.0.i586.rpm
75d0dc8f3cf8525827277937eb290b5a 2008.0/SRPMS/python-2.5.1-5.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
760186761b14ec8caf69d12cbe1addb9 2008.0/x86_64/lib64python2.5-2.5.1-5.2mdv2008.0.x86_64.rpm
8984e11f060c41701d543cdf4c3e5d64 2008.0/x86_64/lib64python2.5-devel-2.5.1-5.2mdv2008.0.x86_64.rpm
959bf382deca1676ef6ba2b3c822e2d9 2008.0/x86_64/python-2.5.1-5.2mdv2008.0.x86_64.rpm
ec86c6c883320f391a4ce21723232910 2008.0/x86_64/python-base-2.5.1-5.2mdv2008.0.x86_64.rpm
8bc0bd727053aeb53167afb222e51c9f 2008.0/x86_64/python-docs-2.5.1-5.2mdv2008.0.x86_64.rpm
ba4a22d3512b03e3cae9c3bd0fd71a04 2008.0/x86_64/tkinter-2.5.1-5.2mdv2008.0.x86_64.rpm
ab687389eb62b10f7982098a6f6c6e21 2008.0/x86_64/tkinter-apps-2.5.1-5.2mdv2008.0.x86_64.rpm
75d0dc8f3cf8525827277937eb290b5a 2008.0/SRPMS/python-2.5.1-5.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
a2347d1f0b230414da44a5097e0f8a32 2008.1/i586/libpython2.5-2.5.2-2.1mdv2008.1.i586.rpm
ea4af4cfec51a91394898f81f8a7fa00 2008.1/i586/libpython2.5-devel-2.5.2-2.1mdv2008.1.i586.rpm
0ff272fb044538a38b667921f4e3b68d 2008.1/i586/python-2.5.2-2.1mdv2008.1.i586.rpm
39c4d2740ae5ab10c900de38516f22a9 2008.1/i586/python-base-2.5.2-2.1mdv2008.1.i586.rpm
398e79bf4049c5a4daa78e9e6d79c1fa 2008.1/i586/python-docs-2.5.2-2.1mdv2008.1.i586.rpm
19ec255c149be19420f1f92cfd48f7c7 2008.1/i586/tkinter-2.5.2-2.1mdv2008.1.i586.rpm
f8f679dca16457be4cfe245c8479ae68 2008.1/i586/tkinter-apps-2.5.2-2.1mdv2008.1.i586.rpm
8a5d085ec03be926d64a0662ee339dfd 2008.1/SRPMS/python-2.5.2-2.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
201857de10171d62491b22decde12ed9 2008.1/x86_64/lib64python2.5-2.5.2-2.1mdv2008.1.x86_64.rpm
a8338dd0b2ba9885325010d6bab22c07 2008.1/x86_64/lib64python2.5-devel-2.5.2-2.1mdv2008.1.x86_64.rpm
90160e5fbf2609cb627e5c473ba505b9 2008.1/x86_64/python-2.5.2-2.1mdv2008.1.x86_64.rpm
6f53f6bfc053d7c4f8aba17cf24e9b09 2008.1/x86_64/python-base-2.5.2-2.1mdv2008.1.x86_64.rpm
fc956cd4c279b0b708b7ddf0300dd854 2008.1/x86_64/python-docs-2.5.2-2.1mdv2008.1.x86_64.rpm
10c2c200fb3ba68841111683a4cd2d1d 2008.1/x86_64/tkinter-2.5.2-2.1mdv2008.1.x86_64.rpm
780eb4fde8b103f81af4a1038db720ca 2008.1/x86_64/tkinter-apps-2.5.2-2.1mdv2008.1.x86_64.rpm
8a5d085ec03be926d64a0662ee339dfd 2008.1/SRPMS/python-2.5.2-2.1mdv2008.1.src.rpm

Corporate 3.0:
507662f734c26973c04e3443299c00c1 corporate/3.0/i586/libpython2.3-2.3.3-2.6.C30mdk.i586.rpm
1d9310361901c48226dcd4f57ff8fdd1 corporate/3.0/i586/libpython2.3-devel-2.3.3-2.6.C30mdk.i586.rpm
2759e37bcf5ff3f5d8f7c2771cb9c5c2 corporate/3.0/i586/python-2.3.3-2.6.C30mdk.i586.rpm
e5f6fe7be314d4fda29604915aef00da corporate/3.0/i586/python-base-2.3.3-2.6.C30mdk.i586.rpm
d25cee9658e37217100859b6a660e890 corporate/3.0/i586/python-docs-2.3.3-2.6.C30mdk.i586.rpm
bfcd20c1020cf2605084468b3d489c38 corporate/3.0/i586/tkinter-2.3.3-2.6.C30mdk.i586.rpm
64e71a3e92e2bafa19a91314ca24cd78 corporate/3.0/SRPMS/python-2.3.3-2.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
b509d155a74fd23c23ee0de7f392c80d corporate/3.0/x86_64/lib64python2.3-2.3.3-2.6.C30mdk.x86_64.rpm
fafc422d07ae0dbc9a6262db82f6d566 corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.6.C30mdk.x86_64.rpm
0e6831dcfb2fa5ebeee2dbc7a2446cd2 corporate/3.0/x86_64/python-2.3.3-2.6.C30mdk.x86_64.rpm
7cb4cb33c9df667389af2acf7ed4516f corporate/3.0/x86_64/python-base-2.3.3-2.6.C30mdk.x86_64.rpm
d742fec7cf99137338f9c34eb4f7a236 corporate/3.0/x86_64/python-docs-2.3.3-2.6.C30mdk.x86_64.rpm
28026636183e6b04b3f49e47ec3db488 corporate/3.0/x86_64/tkinter-2.3.3-2.6.C30mdk.x86_64.rpm
64e71a3e92e2bafa19a91314ca24cd78 corporate/3.0/SRPMS/python-2.3.3-2.6.C30mdk.src.rpm

Corporate 4.0:
2961bff452ffe89fe03ca816003673c2 corporate/4.0/i586/libpython2.4-2.4.1-5.4.20060mlcs4.i586.rpm
fd76f53b14a83d43f620684c01983030 corporate/4.0/i586/libpython2.4-devel-2.4.1-5.4.20060mlcs4.i586.rpm
fae94c51aac855a363b952a50797554a corporate/4.0/i586/python-2.4.1-5.4.20060mlcs4.i586.rpm
588102686dae7023e9bf25539e4e2b12 corporate/4.0/i586/python-base-2.4.1-5.4.20060mlcs4.i586.rpm
0e45305806fa29fdd3d05a1f29158b96 corporate/4.0/i586/python-docs-2.4.1-5.4.20060mlcs4.i586.rpm
8306274c8c1a7cdb111c8b1ee0db4917 corporate/4.0/i586/tkinter-2.4.1-5.4.20060mlcs4.i586.rpm
e9f7157f6b42fb228b3e74cba3e8d0a2 corporate/4.0/SRPMS/python-2.4.1-5.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
689360a709e3e2de95300a4eaa9ef1c4 corporate/4.0/x86_64/lib64python2.4-2.4.1-5.4.20060mlcs4.x86_64.rpm
45021f6321ba4922c9c9494a3ac96698 corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.4.20060mlcs4.x86_64.rpm
923176fd1fd9cccf9953e6eee50b1acb corporate/4.0/x86_64/python-2.4.1-5.4.20060mlcs4.x86_64.rpm
af91588191d79ccbe1e2fd4efe37f1cc corporate/4.0/x86_64/python-base-2.4.1-5.4.20060mlcs4.x86_64.rpm
6a2f4518e0bfa766b1fbe6569c354e4e corporate/4.0/x86_64/python-docs-2.4.1-5.4.20060mlcs4.x86_64.rpm
0da11e3e53f8ee50863061ef077530c9 corporate/4.0/x86_64/tkinter-2.4.1-5.4.20060mlcs4.x86_64.rpm
e9f7157f6b42fb228b3e74cba3e8d0a2 corporate/4.0/SRPMS/python-2.4.1-5.4.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
a31e5592f6ffe93f38db4e152643a54a mnf/2.0/i586/libpython2.3-2.3.3-2.6.M20mdk.i586.rpm
ec792a125b774dc32e0705a2ea1876b3 mnf/2.0/i586/libpython2.3-devel-2.3.3-2.6.M20mdk.i586.rpm
f4572438fa53a1bbd4a897d442bdaa28 mnf/2.0/i586/python-2.3.3-2.6.M20mdk.i586.rpm
036db5b3815d43302bb0e4a20b5ab7ce mnf/2.0/i586/python-base-2.3.3-2.6.M20mdk.i586.rpm
24e6a4bb249b08ee63b25fe65f5acc59 mnf/2.0/i586/python-docs-2.3.3-2.6.M20mdk.i586.rpm
291662a5b5dff227bbed5af2443799a4 mnf/2.0/i586/tkinter-2.3.3-2.6.M20mdk.i586.rpm
ff669a40592d615b743d0f5c83b52c2f mnf/2.0/SRPMS/python-2.3.3-2.6.M20mdk.src.rpm

References

http://www.vupen.com/english/advisories/2008/1230
http://archives.mandrivalinux.com/security-announce/2008-04/msg00006.php

ChangeLog

2008-04-16 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-19

CA ARCserve Backup JRE Code Execution and Security Bypass Issues

>> 2010-03-19

Debian Security Update Fixes PHP XML-RPC Denial of Service Issue

>> 2010-03-19

Ubuntu Security Update Fixes Thunderbird Multiple Vulnerabilities

>> 2010-03-18

IBM DB2 Content Manager Web Services Single Sign-on Vulnerability

>> 2010-03-18

Transmission "tr_magnetParse()" Magnet Buffer Overflow Vulnerability

More Informations