| Beschreibung: | Description:
The remote host is missing an update to python
announced via advisory MDVSA-2010:132.
Multiple vulnerabilities has been found and corrected in python:
Multiple integer overflows in audioop.c in the audioop module in
Ptthon allow context-dependent attackers to cause a denial of service
(application crash) via a large fragment, as demonstrated by a call
to audioop.lin2lin with a long string in the first argument, leading
to a buffer overflow. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2008-3143.5 (CVE-2010-1634).
The audioop module in Python does not verify the relationships between
size arguments and byte string lengths, which allows context-dependent
attackers to cause a denial of service (memory corruption and
application crash) via crafted arguments, as demonstrated by a call
to audioop.reverse with a one-byte string, a different vulnerability
than CVE-2010-1634 (CVE-2010-2089).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:132
Risk factor : High
CVSS Score:
7.5
|
