Säkerhetsbulletin från Debian
DSA-458-3 python2.2 -- buffertspill
- Rapporterat den:
- 2004-10-10
- Berörda paket:
- python2.2
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Debians felrapporteringssystem: Fel 248946, Fel 269548.
I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 9836.
I Mitres CVE-förteckning: CVE-2004-0150. - Ytterligare information:
-
Denna säkerhetsbulletin rättar DSA 458-2, vilken orsakade ett problem i gethostbyaddr-rutinen.
Originalbulletinen lyder:
Sebastian Schmidt upptäckte ett buffertspillsfel i Pythons getaddrinfo-funktion vilket kunde göra att en IPv6-adress, sänd från angriparen utifrån via DNA, skriver över minne på stacken.
Felet finns enbart i Python 2.2 och 2.2.1, och endast då IPv6-stöd är inaktiverat. Paketet python2.2 i Debian Woody uppfyller dessa kriterier (”python”-paketet gör det inte).
För den stabila utgåvan (Woody) har detta fel rättats i version 2.2.1-4.6.
Uttestningsutgåvan (Sarge) och den instabila utgåvan (Sid) påverkas inte av detta fel.
Vi rekommenderar att ni uppgraderar ert python2.2-paket.
- Rättat i:
-
Debian GNU/Linux 3.0 (woody)
- Källkod:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.dsc
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.diff.gz
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.6_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.6_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.6_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.6_all.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.6_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_alpha.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_arm.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_i386.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_ia64.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_hppa.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_m68k.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mips.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mipsel.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_powerpc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_s390.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_sparc.deb
- http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.
MD5-kontrollsummor för dessa filer finns i reviderade bulletinen.
MD5-kontrollsummor för dessa filer finns i reviderade bulletinen.