[Technik] [SECURITY] [DSA 1197-1] New python2.4 packages fix
arbitrary code execution
Noèl Köthe
noel at debian.org
Sun Oct 22 22:56:34 CEST 2006
Am Sonntag, den 22.10.2006, 22:19 +0200 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA 1197-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> October 22nd, 2006 http://www.debian.org/security/faq
> Package : python2.4
> Vulnerability : buffer overflow
> Problem-Type : local(remote)
> Debian-specific: no
> CVE ID : CVE-2006-4980
> Debian Bug : 391589
python2.4 auf pima, pomo, yuma, h01, h02 und h03 aktualisiert.
> For the stable distribution (sarge) this problem has been fixed in
> version 2.4.1-2sarge1. Due to build problems this update lacks fixed
> packages for the m68k architecture. Once they are sorted out, binaries
> for m68k will be released.
changelog:
python2.4 (2.4.1-2sarge1) stable-security; urgency=high
* SECURITY UPDATE: crafted wide unicode strings can overflow heap leading
to arbitrary code execution.
* Add 'debian/patches/sf1541585.dpatch' to fix overflow.
* References
CVE-2006-4980
http://svn.python.org/view?view=rev&rev=51466
-- Matthias Klose <doko at debian.org> Fri, 13 Oct 2006 08:16:52 +0000
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20061022/1fb1b24e/attachment.pgp
More information about the Technik
mailing list