python-2.4.3-24.6.1AXS3
エラータID: AXSA:2009-367:02
リリース日:
2009/08/19 Wednesday - 12:15
題名:
python-2.4.3-24.6.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Python には Modules/_localemodule.c の PyLocale_strxfrm() 関数において、一つずれ (off-by-one) エラーのため strxfrm() 関数の使用するバッファサイズを適切に計算しない問題が存在します。(CVE-2007-2052)
- Python の imageop モジュールには、複数の整数オーバーフローが発生する脆弱性が存在します。(CVE-2007-4965)
- Python の zlib 拡張モジュールには、負の整数の処理に不備があるため、任意のコードを実行される脆弱性が存在します。(CVE-2008-1721)
- Python には、PyString_FromStringAndSize 関数に関する不備があるため、任意のコードを実行される脆弱性が存在します。(CVE-2008-1887)
- Python には、stringobject、unicodeobject、bufferobject、longobject、tupleobject、 stropmodule、gcmodule、mmapmodule モジュールに関連する整数オーバーフローの脆弱性が存在します。(CVE-2008-2315)
- 32 ビットプラットフォーム上の Python には、長大な文字列の処理に不備があるため、バッファオーバーフローの脆弱性が存在します。(CVE-2008-3142)
- Python には、複数のモジュールにおいて不備があるため、整数オーバーフローの脆弱性が存在します。(CVE-2008-3143)
- Python の Python/mysnprintf.c 内にある PyOS_vsnprintf 関数には、文字列フォーマット操作への入力処理に不備があることにより、整数オーバーフローの脆弱性が存在します。(CVE-2008-3144)
- Python の imageop モジュール内の imageop.c には、crop 関数に対する大きな整数値の処理に不備があるため、整数オーバーフローの脆弱性が存在します。(CVE-2008-4864)
- Python の expandtabs メソッドには、tabsize 引数の処理に不備があるため、整数オーバーフローの脆弱性が存在します。
尚、本問題は CVE-2008-2315 の修正が不完全だったことによる問題です。(CVE-2008-5031)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2007-2052
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
CVE-2007-4965
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
CVE-2008-1721
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
CVE-2008-1887
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
CVE-2008-2315
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
CVE-2008-3142
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.
CVE-2008-3143
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."
CVE-2008-3144
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.
CVE-2008-4864
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
CVE-2008-5031
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
追加情報:
Asianux Server 3 SP2 からのアップデートパッケージです。
ダウンロード:
SRPMS
- python-2.4.3-24.6.1AXS3.src.rpm
MD5: 00a7c6d1dcace31ce2e355b562cedbf0
SHA-256: ab87106a6824f46c55c7fd1f7d6e42862096e7013cf08e0835877416b08d7bfb
Size: 7.95 MB
Asianux Server 3 for x86
- python-2.4.3-24.6.1AXS3.i386.rpm
MD5: 5882fd844dafdb5bb3ea2b7da88297b5
SHA-256: cefd11b807ee7b533a9b91dc94f92465e21821e5e5ff6bcb97328915af12cd00
Size: 5.91 MB - python-devel-2.4.3-24.6.1AXS3.i386.rpm
MD5: e561d555dfb8b69a2ccdda8596f2a324
SHA-256: c6c27a44aad88653ada080bef3aac084c8fd0cc836cc1f207d039e5d002133d4
Size: 2.96 MB - python-tools-2.4.3-24.6.1AXS3.i386.rpm
MD5: 67cf5d710543fb9cd6a3e857d0228895
SHA-256: 2c1203769e1cf21ad0dfa1e7aeaec03c3ac5a642ee815a27a3755ba5c57a5d68
Size: 964.80 kB - tkinter-2.4.3-24.6.1AXS3.i386.rpm
MD5: 6b342a67e3953fbd5c3b315225867589
SHA-256: 550d57e1b84907326fff48bd1d90d022cc8ed2e5907bbf2edf43a8749f431e88
Size: 276.56 kB
Asianux Server 3 for x86_64
- python-2.4.3-24.6.1AXS3.x86_64.rpm
MD5: f0e804dc718ab4a559e2966d498be370
SHA-256: 44cc7f9dc3ff212990f8d8dba25e1de77c69e4325308d17ddc88caea9c3a3ccc
Size: 5.98 MB - python-devel-2.4.3-24.6.1AXS3.x86_64.rpm
MD5: 3644afdac1083508e0448a75da364d4a
SHA-256: 8c6dbe5bd8cac047c8f421bb1349aca7a847f50076d6c0ebb8b1efb677d48204
Size: 2.98 MB - python-tools-2.4.3-24.6.1AXS3.x86_64.rpm
MD5: 977f1d7e319ade240f630567d09000a8
SHA-256: adc6e0ef643a27ffbb068824d735146cdf2d9d8ad78f50e1897245d85c096227
Size: 965.00 kB - tkinter-2.4.3-24.6.1AXS3.x86_64.rpm
MD5: fea61d5138cfc3359d2cf4dd5df7c9b0
SHA-256: fd0389970d65c3097260606de5a0442754f14fde5fad8eed4d281ca6f33b15f3
Size: 277.98 kB