Test Kennung:	1.3.6.1.4.1.25623.1.0.61408
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2008:164 (python)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to python announced via advisory MDVSA-2008:164. Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). This was due to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules (CVE-2008-2315). Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems (CVE-2008-3142). Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2 (CVE-2008-3143). Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption (CVE-2008-3144). The updated packages have been patched to correct these issues. As well, Python packages on Corporate Server 4 have been updated to the latest version 2.4.5. Affected: Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:164 Risk factor : High CVSS Score: 7.5
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1679 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Debian Security Information: DSA-1551 (Google Search) http://www.debian.org/security/2008/dsa-1551 Debian Security Information: DSA-1620 (Google Search) http://www.debian.org/security/2008/dsa-1620 http://security.gentoo.org/glsa/glsa-200807-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 http://bugs.python.org/msg64682 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10583 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7800 http://secunia.com/advisories/29889 http://secunia.com/advisories/29955 http://secunia.com/advisories/30872 http://secunia.com/advisories/31255 http://secunia.com/advisories/31358 http://secunia.com/advisories/31365 http://secunia.com/advisories/31518 http://secunia.com/advisories/31687 http://secunia.com/advisories/33937 http://secunia.com/advisories/38675 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 SuSE Security Announcement: SUSE-SR:2008:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://www.ubuntu.com/usn/usn-632-1 XForce ISS Database: python-imageopc-bo(41958) https://exchange.xforce.ibmcloud.com/vulnerabilities/41958 Common Vulnerability Exposure (CVE) ID: CVE-2007-4965 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html BugTraq ID: 25696 http://www.securityfocus.com/bid/25696 Bugtraq: 20080212 FLEA-2008-0002-1 python (Google Search) http://www.securityfocus.com/archive/1/487990/100/0/threaded Bugtraq: 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (Google Search) http://www.securityfocus.com/archive/1/488457/100/0/threaded Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Cert/CC Advisory: TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 http://www.mandriva.com/security/advisories?name=MDVSA-2008:013 http://lists.vmware.com/pipermail/security-announce/2008/000005.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496 http://www.redhat.com/support/errata/RHSA-2007-1076.html http://www.redhat.com/support/errata/RHSA-2008-0629.html http://secunia.com/advisories/26837 http://secunia.com/advisories/27460 http://secunia.com/advisories/27562 http://secunia.com/advisories/27872 http://secunia.com/advisories/28136 http://secunia.com/advisories/28480 http://secunia.com/advisories/28838 http://secunia.com/advisories/29032 http://secunia.com/advisories/29303 http://secunia.com/advisories/31492 http://secunia.com/advisories/37471 SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://www.ubuntu.com/usn/usn-585-1 http://www.vupen.com/english/advisories/2007/3201 http://www.vupen.com/english/advisories/2007/4238 http://www.vupen.com/english/advisories/2008/0637 http://www.vupen.com/english/advisories/2009/3316 XForce ISS Database: python-imageop-bo(36653) https://exchange.xforce.ibmcloud.com/vulnerabilities/36653 Common Vulnerability Exposure (CVE) ID: CVE-2008-2315 BugTraq ID: 30491 http://www.securityfocus.com/bid/30491 Debian Security Information: DSA-1667 (Google Search) http://www.debian.org/security/2008/dsa-1667 http://security.gentoo.org/glsa/glsa-200807-16.xml http://www.openwall.com/lists/oss-security/2008/11/05/2 http://www.openwall.com/lists/oss-security/2008/11/05/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761 http://secunia.com/advisories/31305 http://secunia.com/advisories/31332 http://secunia.com/advisories/32793 http://www.vupen.com/english/advisories/2008/2288 XForce ISS Database: python-modules-bo(44172) https://exchange.xforce.ibmcloud.com/vulnerabilities/44172 XForce ISS Database: python-multiple-bo(44173) https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 Common Vulnerability Exposure (CVE) ID: CVE-2008-3142 Bugtraq: 20080813 rPSA-2008-0243-1 idle python (Google Search) http://www.securityfocus.com/archive/1/495445/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11466 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8422 http://secunia.com/advisories/31473 XForce ISS Database: python-unicode-bo(44170) https://exchange.xforce.ibmcloud.com/vulnerabilities/44170 Common Vulnerability Exposure (CVE) ID: CVE-2008-3143 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7720 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8996 Common Vulnerability Exposure (CVE) ID: CVE-2008-3144 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10170 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7725 XForce ISS Database: python-pyosvsnprintf-bo(44171) https://exchange.xforce.ibmcloud.com/vulnerabilities/44171
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.