| /// File Name: | MDVSA-2008-164.txt | Description:
| Mandriva Linux Security Advisory - Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules. Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems. Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2. Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption. The updated packages have been patched to correct these issues. As well, Python packages on Corporate Server 4 have been updated to the latest version 2.4.5. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4425 | | Related CVE(s): | CVE-2008-1679, CVE-2008-2315, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144 | | Last Modified: | Aug 8 14:47:30 2008 | | MD5 Checksum: | 0b29999d94491af074711977113ac9c1 |
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
