Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
python
(Unknown)
Описание
Целочисленное переполнение в Python может позволить злоумышленникам воздействовать на систему по векторам, связанным с Include/pymem.h; _csv.c, _struct.c, arraymodule.c, audioop.c, binascii.c, cPickle.c, cStringIO.c, cjkcodecs/multibytecodec.c, datetimemodule.c, md5.c, rgbimgmodule.c и stropmodule.c в Modules/; bufferobject.c, listobject.c и obmalloc.c в Objects/; Parser/node.c; и asdl.c, ast.c, bltinmodule.c и compile.c в Python/.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.python.org/
http://www.python.org/
Ссылки
UBUNTU (USN-632-1): http://www.ubuntu.com/usn/usn-632-1
BID (30491): http://www.securityfocus.com/bid/30491
BUGTRAQ (20080813 rPSA-2008-0243-1 idle python): http://www.securityfocus.com/archive/1/archive/1/495445/100/0/threaded
CONFIRM (http://www.python.org/download/releases/2.6/NEWS.txt): http://www.python.org/download/releases/2.6/NEWS.txt
CONFIRM (http://www.python.org/download/releases/2.5.2/NEWS.txt): http://www.python.org/download/releases/2.5.2/NEWS.txt
CONFIRM (http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900): http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
MANDRIVA (MDVSA-2008:164): http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
MANDRIVA (MDVSA-2008:163): http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
VUPEN (ADV-2008-2288): http://www.frsirt.com/english/advisories/2008/2288
DEBIAN (DSA-1667): http://www.debian.org/security/2008/dsa-1667
CONFIRM (http://wiki.rpath.com/Advisories:rPSA-2008-0243): http://wiki.rpath.com/Advisories:rPSA-2008-0243
CONFIRM (http://svn.python.org/view?rev=60793&view=rev): http://svn.python.org/view?rev=60793&view=rev
GENTOO (GLSA-200807-16): http://security.gentoo.org/glsa/glsa-200807-16.xml
SUSE (SUSE-SR:2008:017): http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
CONFIRM (http://bugs.gentoo.org/show_bug.cgi?id=232137): http://bugs.gentoo.org/show_bug.cgi?id=232137
BID (30491): http://www.securityfocus.com/bid/30491
BUGTRAQ (20080813 rPSA-2008-0243-1 idle python): http://www.securityfocus.com/archive/1/archive/1/495445/100/0/threaded
CONFIRM (http://www.python.org/download/releases/2.6/NEWS.txt): http://www.python.org/download/releases/2.6/NEWS.txt
CONFIRM (http://www.python.org/download/releases/2.5.2/NEWS.txt): http://www.python.org/download/releases/2.5.2/NEWS.txt
CONFIRM (http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900): http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
MANDRIVA (MDVSA-2008:164): http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
MANDRIVA (MDVSA-2008:163): http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
VUPEN (ADV-2008-2288): http://www.frsirt.com/english/advisories/2008/2288
DEBIAN (DSA-1667): http://www.debian.org/security/2008/dsa-1667
CONFIRM (http://wiki.rpath.com/Advisories:rPSA-2008-0243): http://wiki.rpath.com/Advisories:rPSA-2008-0243
CONFIRM (http://svn.python.org/view?rev=60793&view=rev): http://svn.python.org/view?rev=60793&view=rev
GENTOO (GLSA-200807-16): http://security.gentoo.org/glsa/glsa-200807-16.xml
SUSE (SUSE-SR:2008:017): http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
CONFIRM (http://bugs.gentoo.org/show_bug.cgi?id=232137): http://bugs.gentoo.org/show_bug.cgi?id=232137