*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: python2.5 I see in the changelog that CVE-2008-1679 and CVE-2008-1721 have been fixed in Hardy. But no updates for previous releases were issued. It looks like Gutsy, Feisty and Edgy are vulnerable and should be fixed too. CVE-2008-1679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679 "Multiple integer overflows in imageop.c in Python before 2.5.3 [sic] allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965." CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 "Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow." ** Affects: python2.5 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Summary changed: - [CVE-2008-1679, CVE-2008-1721] Python 2.5.1 vulnerabilities + [CVE-2008-1679, CVE-2008-1721] Python 2.5 vulnerabilities ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1679 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1721 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-4965 -- [CVE-2008-1679, CVE-2008-1721] Python 2.5 vulnerabilities https://bugs.launchpad.net/bugs/223196 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
