[Technik] [SECURITY] [DSA 1198-1] New python2.3 packages fix
arbitrary code execution
Noèl Köthe
noel at debian.org
Mon Oct 23 23:19:41 CEST 2006
Am Montag, den 23.10.2006, 21:39 +0200 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA 1198-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> October 23rd, 2006 http://www.debian.org/security/faq
>
> Package : python2.3
> Vulnerability : buffer overflow
> Problem-Type : local(remote)
> Debian-specific: no
> CVE ID : CVE-2006-4980
> Debian Bug : 391589
python2.3 auf pima, pomo, yuma, cree, crow, wasco, cupa, kiowa, karuk,
kansa und acoma aktualisiert.
> For the stable distribution (sarge) this problem has been fixed in
> version 2.3.5-3sarge2. Due to build problems this update lacks fixed
> packages for the Alpha and Sparc architectures. Once they are sorted
> out, fixed binaries will be released.
changelog:
python2.3 (2.3.5-3sarge2) stable-security; urgency=high
* SECURITY UPDATE: crafted wide unicode strings can overflow heap leading
to arbitrary code execution.
* Add 'debian/patches/unicode-repr.dpatch' to fix overflow.
* References
CVE-2006-4980
http://svn.python.org/view?view=rev&rev=51466
-- Matthias Klose <doko at debian.org> Thu, 12 Oct 2006 23:59:58 +0000
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20061023/02c11647/attachment.pgp
More information about the Technik
mailing list