| Description: | Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.
Vulnerability Insight:
The following packages are affected:
python24
python25
python23
CVE-2008-2315
Multiple integer overflows in Python 2.5.2 and earlier allow
context-dependent attackers to have an unknown impact via vectors
related to the (1) stringobject, (2) unicodeobject, (3) bufferobject,
(4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and
(8) mmapmodule modules.
CVE-2008-2316
Integer overflow in _hashopenssl.c in the hashlib module in Python
2.5.2 and earlier might allow context-dependent attackers to defeat
cryptographic digests, related to 'partial hashlib hashing of data
exceeding 4GB.'
CVE-2008-3142
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit
platforms allow context-dependent attackers to cause a denial of
service (crash) or have unspecified other impact via a long string
that leads to incorrect memory allocation during Unicode string
processing, related to the unicode_resize function and the
PyMem_RESIZE macro.
CVE-2008-3144
Multiple integer overflows in the PyOS_vsnprintf function in
Python/mysnprintf.c in Python 2.5.2 and earlier allow
context-dependent attackers to cause a denial of service (memory
corruption) or have unspecified other impact via crafted input to
string formatting operations. NOTE: the handling of certain integer
values is also affected by related integer underflows and an
off-by-one error.
Solution:
Update your system with the appropriate patches or
software upgrades.
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
