[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2009:003 -- Mandriva python

ID: oval:org.secpod.oval:def:300536Date: (C)2012-01-07   (M)2023-08-10
Class: PATCHFamily: unix




Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by the string_expandtabs function in Objects/stringobject.c and the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. The updated Python packages have been patched to correct these issues.

Platform:
Mandriva Linux 2009.0
Mandriva Linux 2008.1
Mandriva Linux 2008.0
Product:
python
Reference:
MDVSA-2009:003
CVE-2008-5031
CVE-2008-4864
CVE    2
CVE-2008-4864
CVE-2008-5031
CPE    3
cpe:/o:mandriva:linux:2008.1
cpe:/o:mandriva:linux:2009.0
cpe:/o:mandriva:linux:2008.0

© SecPod Technologies