English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61372
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1620-1)
Summary:The remote host is missing an update for the Debian 'python2.5' package(s) announced via the DSA-1620-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'python2.5' package(s) announced via the DSA-1620-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-2052

Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure.

CVE-2007-4965

It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch.

CVE-2008-1721

Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code.

CVE-2008-1887

Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code.

For the stable distribution (etch), these problems have been fixed in version 2.5-5+etch1.

For the unstable distribution (sid), these problems have been fixed in version 2.5.2-3.

We recommend that you upgrade your python2.5 packages.

Affected Software/OS:
'python2.5' package(s) on Debian 4.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-2052
BugTraq ID: 23887
http://www.securityfocus.com/bid/23887
Bugtraq: 20070521 FLEA-2007-0019-1: python (Google Search)
http://www.securityfocus.com/archive/1/469294/30/6450/threaded
Bugtraq: 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (Google Search)
http://www.securityfocus.com/archive/1/488457/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Debian Security Information: DSA-1551 (Google Search)
http://www.debian.org/security/2008/dsa-1551
Debian Security Information: DSA-1620 (Google Search)
http://www.debian.org/security/2008/dsa-1620
http://www.mandriva.com/security/advisories?name=MDKSA-2007:099
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353
http://www.redhat.com/support/errata/RHSA-2007-1076.html
http://www.redhat.com/support/errata/RHSA-2007-1077.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://secunia.com/advisories/25190
http://secunia.com/advisories/25217
http://secunia.com/advisories/25233
http://secunia.com/advisories/25353
http://secunia.com/advisories/25787
http://secunia.com/advisories/28027
http://secunia.com/advisories/28050
http://secunia.com/advisories/29032
http://secunia.com/advisories/29303
http://secunia.com/advisories/29889
http://secunia.com/advisories/31255
http://secunia.com/advisories/31492
http://secunia.com/advisories/37471
SuSE Security Announcement: SUSE-SR:2007:013 (Google Search)
http://www.novell.com/linux/security/advisories/2007_13_sr.html
http://www.trustix.org/errata/2007/0019/
http://www.ubuntu.com/usn/usn-585-1
http://www.vupen.com/english/advisories/2007/1465
http://www.vupen.com/english/advisories/2008/0637
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: python-localemodule-information-disclosure(34060)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34060
Common Vulnerability Exposure (CVE) ID: CVE-2007-4965
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 25696
http://www.securityfocus.com/bid/25696
Bugtraq: 20080212 FLEA-2008-0002-1 python (Google Search)
http://www.securityfocus.com/archive/1/487990/100/0/threaded
Cert/CC Advisory: TA07-352A
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496
http://secunia.com/advisories/26837
http://secunia.com/advisories/27460
http://secunia.com/advisories/27562
http://secunia.com/advisories/27872
http://secunia.com/advisories/28136
http://secunia.com/advisories/28480
http://secunia.com/advisories/28838
http://secunia.com/advisories/33937
http://secunia.com/advisories/38675
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://www.vupen.com/english/advisories/2007/3201
http://www.vupen.com/english/advisories/2007/4238
XForce ISS Database: python-imageop-bo(36653)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653
Common Vulnerability Exposure (CVE) ID: CVE-2008-1679
http://security.gentoo.org/glsa/glsa-200807-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
http://bugs.python.org/msg64682
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10583
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7800
http://secunia.com/advisories/29955
http://secunia.com/advisories/30872
http://secunia.com/advisories/31358
http://secunia.com/advisories/31365
http://secunia.com/advisories/31518
http://secunia.com/advisories/31687
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/usn-632-1
XForce ISS Database: python-imageopc-bo(41958)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41958
Common Vulnerability Exposure (CVE) ID: CVE-2008-1721
BugTraq ID: 28715
http://www.securityfocus.com/bid/28715
Bugtraq: 20080409 IOActive Security Advisory: Buffer overflow in Python zlib extension module (Google Search)
http://www.securityfocus.com/archive/1/490690/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2008:085
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8249
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8494
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9407
http://www.securitytracker.com/id?1019823
http://securityreason.com/securityalert/3802
http://www.vupen.com/english/advisories/2008/1229/references
XForce ISS Database: zlib-pystringfromstringandsize-bo(41748)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41748
Common Vulnerability Exposure (CVE) ID: CVE-2008-1887
BugTraq ID: 28749
http://www.securityfocus.com/bid/28749
Bugtraq: 20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows (Google Search)
http://www.securityfocus.com/archive/1/490776
Bugtraq: 20090824 rPSA-2009-0122-1 idle python (Google Search)
http://www.securityfocus.com/archive/1/506056/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624
XForce ISS Database: python-pystringfromstringandsize-bo(41944)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41944
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.