English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.61407
Categoría:Mandrake Local Security Checks
Título:Mandrake Security Advisory MDVSA-2008:163 (python)
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing an update to python
announced via advisory MDVSA-2008:163.

Multiple integer overflows in the imageop module in Python prior to
2.5.3 allowed context-dependent attackers to cause a denial of service
(crash) or possibly execute arbitrary code via crafted images that
trigger heap-based buffer overflows (CVE-2008-1679). This was due
to an incomplete fix for CVE-2007-4965.

David Remahl of Apple Product Security reported several integer
overflows in a number of core modules (CVE-2008-2315). He also
reported an integer overflow in the hashlib module on Python 2.5 that
lead to unreliable cryptographic digest results (CVE-2008-2316).

Justin Ferguson reported multiple buffer overflows in unicode string
processing that affected 32bit systems (CVE-2008-3142).

Multiple integer overflows were reported by the Google Security Team
that had been fixed in Python 2.5.2 (CVE-2008-3143).

Justin Ferguson reported a number of integer overflows and underflows
in the PyOS_vsnprintf() function, as well as an off-by-one error
when passing zero-length strings, that led to memory corruption
(CVE-2008-3144).

The updated packages have been patched to correct these issues.
As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have
been updated to version 2.5.2. Due to slight packaging changes on
Mandriva Linux 2007.1, a new package is available (tkinter-apps) that
contains binary files (such as /usr/bin/idle) that were previously
in the tkinter package.

Affected: 2007.1, 2008.0, 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:163

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-1679
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Debian Security Information: DSA-1551 (Google Search)
http://www.debian.org/security/2008/dsa-1551
Debian Security Information: DSA-1620 (Google Search)
http://www.debian.org/security/2008/dsa-1620
http://security.gentoo.org/glsa/glsa-200807-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
http://bugs.python.org/msg64682
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10583
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7800
http://secunia.com/advisories/29889
http://secunia.com/advisories/29955
http://secunia.com/advisories/30872
http://secunia.com/advisories/31255
http://secunia.com/advisories/31358
http://secunia.com/advisories/31365
http://secunia.com/advisories/31518
http://secunia.com/advisories/31687
http://secunia.com/advisories/33937
http://secunia.com/advisories/38675
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/usn-632-1
XForce ISS Database: python-imageopc-bo(41958)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41958
Common Vulnerability Exposure (CVE) ID: CVE-2007-4965
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
BugTraq ID: 25696
http://www.securityfocus.com/bid/25696
Bugtraq: 20080212 FLEA-2008-0002-1 python (Google Search)
http://www.securityfocus.com/archive/1/487990/100/0/threaded
Bugtraq: 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (Google Search)
http://www.securityfocus.com/archive/1/488457/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Cert/CC Advisory: TA07-352A
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496
http://www.redhat.com/support/errata/RHSA-2007-1076.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://secunia.com/advisories/26837
http://secunia.com/advisories/27460
http://secunia.com/advisories/27562
http://secunia.com/advisories/27872
http://secunia.com/advisories/28136
http://secunia.com/advisories/28480
http://secunia.com/advisories/28838
http://secunia.com/advisories/29032
http://secunia.com/advisories/29303
http://secunia.com/advisories/31492
http://secunia.com/advisories/37471
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://www.ubuntu.com/usn/usn-585-1
http://www.vupen.com/english/advisories/2007/3201
http://www.vupen.com/english/advisories/2007/4238
http://www.vupen.com/english/advisories/2008/0637
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: python-imageop-bo(36653)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653
Common Vulnerability Exposure (CVE) ID: CVE-2008-2315
BugTraq ID: 30491
http://www.securityfocus.com/bid/30491
Debian Security Information: DSA-1667 (Google Search)
http://www.debian.org/security/2008/dsa-1667
http://security.gentoo.org/glsa/glsa-200807-16.xml
http://www.openwall.com/lists/oss-security/2008/11/05/2
http://www.openwall.com/lists/oss-security/2008/11/05/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761
http://secunia.com/advisories/31305
http://secunia.com/advisories/31332
http://secunia.com/advisories/32793
http://www.vupen.com/english/advisories/2008/2288
XForce ISS Database: python-modules-bo(44172)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44172
XForce ISS Database: python-multiple-bo(44173)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44173
Common Vulnerability Exposure (CVE) ID: CVE-2008-2316
Bugtraq: 20080813 rPSA-2008-0243-1 idle python (Google Search)
http://www.securityfocus.com/archive/1/495445/100/0/threaded
http://secunia.com/advisories/31473
XForce ISS Database: python-hashlib-overflow(44174)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44174
Common Vulnerability Exposure (CVE) ID: CVE-2008-3142
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8422
XForce ISS Database: python-unicode-bo(44170)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44170
Common Vulnerability Exposure (CVE) ID: CVE-2008-3143
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7720
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8996
Common Vulnerability Exposure (CVE) ID: CVE-2008-3144
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10170
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7725
XForce ISS Database: python-pyosvsnprintf-bo(44171)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44171
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.