English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61617
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: python24
Summary:FreeBSD Ports: python24
Description:The remote host is missing an update to the system
as announced in the referenced advisory.

The following packages are affected:
python24
python25
python23

CVE-2008-2315
Multiple integer overflows in Python 2.5.2 and earlier allow
context-dependent attackers to have an unknown impact via vectors
related to the (1) stringobject, (2) unicodeobject, (3) bufferobject,
(4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and
(8) mmapmodule modules.
CVE-2008-2316
Integer overflow in _hashopenssl.c in the hashlib module in Python
2.5.2 and earlier might allow context-dependent attackers to defeat
cryptographic digests, related to 'partial hashlib hashing of data
exceeding 4GB.'
CVE-2008-3142
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit
platforms allow context-dependent attackers to cause a denial of
service (crash) or have unspecified other impact via a long string
that leads to incorrect memory allocation during Unicode string
processing, related to the unicode_resize function and the
PyMem_RESIZE macro.
CVE-2008-3144
Multiple integer overflows in the PyOS_vsnprintf function in
Python/mysnprintf.c in Python 2.5.2 and earlier allow
context-dependent attackers to cause a denial of service (memory
corruption) or have unspecified other impact via crafted input to
string formatting operations. NOTE: the handling of certain integer
values is also affected by related integer underflows and an
off-by-one error.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://bugs.python.org/issue2620
http://bugs.python.org/issue2588
http://bugs.python.org/issue2589
http://secunia.com/advisories/31305
http://mail.python.org/pipermail/python-checkins/2008-July/072276.html
http://mail.python.org/pipermail/python-checkins/2008-July/072174.html
http://mail.python.org/pipermail/python-checkins/2008-June/070481.html
http://www.vuxml.org/freebsd/0dccaa28-7f3c-11dd-8de5-0030843d3802.html
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2315
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://www.openwall.com/lists/oss-security/2008/11/05/2
http://www.openwall.com/lists/oss-security/2008/11/05/3
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Debian Security Information: DSA-1667 (Google Search)
http://www.debian.org/security/2008/dsa-1667
http://security.gentoo.org/glsa/glsa-200807-16.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/usn-632-1
BugTraq ID: 30491
http://www.securityfocus.com/bid/30491
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8445
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8683
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9761
http://secunia.com/advisories/32793
http://secunia.com/advisories/37471
http://secunia.com/advisories/38675
http://www.vupen.com/english/advisories/2008/2288
http://secunia.com/advisories/31358
http://secunia.com/advisories/31305
http://secunia.com/advisories/31332
http://secunia.com/advisories/31365
http://secunia.com/advisories/31518
http://secunia.com/advisories/31687
http://secunia.com/advisories/33937
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: python-multiple-bo(44173)
http://xforce.iss.net/xforce/xfdb/44173
XForce ISS Database: python-modules-bo(44172)
http://xforce.iss.net/xforce/xfdb/44172
Common Vulnerability Exposure (CVE) ID: CVE-2008-2316
Bugtraq: 20080813 rPSA-2008-0243-1 idle python (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495445/100/0/threaded
http://secunia.com/advisories/31473
XForce ISS Database: python-hashlib-overflow(44174)
http://xforce.iss.net/xforce/xfdb/44174
Common Vulnerability Exposure (CVE) ID: CVE-2008-3142
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11466
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8422
XForce ISS Database: python-unicode-bo(44170)
http://xforce.iss.net/xforce/xfdb/44170
Common Vulnerability Exposure (CVE) ID: CVE-2008-3144
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10170
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7725
XForce ISS Database: python-pyosvsnprintf-bo(44171)
http://xforce.iss.net/xforce/xfdb/44171
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.