Alerta de Segurança Debian
DSA-458-3 python2.2 -- estouro de buffer
- Data do Alerta:
- 10 Out 2004
- Pacotes Afetados:
- python2.2
- Vulnerável:
- Sim
- Referência à base de dados de segurança:
- No sistema de acompanhamento de bugs do Debian: Bug 248946, Bug 269548.
Na base de dados do BugTraq (na SecurityFocus): ID BugTraq 9836.
No dicionário CVE do Mitre: CVE-2004-0150. - Informações adicionais:
-
Este alerta de segurança corrige o DSA 458-2 que causou um problema na rotina gethostbyaddr.
O alerta original dizia:
Sebastian Schmidt descobriu um buffer overflow na função getaddrinfo do Python, que pode permitir que um endereço IPV6, fornecido por um atacante remoto via DNS, sobrescreva a memória na pilha.
Esta falha existe somente no python 2.2 e 2.2.1, e apenas quando o suporte a IPv6 está desabilitado. O pacote python2.2 no Debian woody apresenta estas condições (o pacote 'python' não).
Na atual distribuição estável (woody) este problema foi corrigido na versão 2.2.1-4.6.
As distribuições testing e instável (sarge e sid) não foram afetadas por este problema.
Nós recomendamos que você atualize seus pacotes python2.2.
- Corrigido em:
-
Debian GNU/Linux 3.0 (woody)
- Fonte:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.dsc
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.diff.gz
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.diff.gz
- Componente independente de arquitetura:
- http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.6_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.6_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.6_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.6_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.6_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_sparc.deb
Checksums MD5 dos arquivos listados estão disponíveis no alerta original.
Checksums MD5 dos arquivos listados estão disponíveis no alerta revisado.
Checksums MD5 dos arquivos listados estão disponíveis no alerta revisado.