FrSIRT - Mandriva Security Update Fixes Python Code Execution Vulnerabilities / Exploit

French Security Incident Response Team

Français

English

Mandriva Security Update Fixes Python Code Execution Vulnerabilities

Date de Publication : 2008-01-15 © FrSIRT.COM
Titre : Mandriva Security Update Fixes Python Code Execution Vulnerabilities
Identifiant : FrSIRT/AVIS-2008-0142
CVE ID : CVE-2006-7228 - CVE-2007-4965
Risque : Modéré (2/4) -

Exploitable à distance : Oui
Exploitable en local : Oui

En savoir plus

Description

Produits affectés

Solution

Références

Description Technique

Plusieurs vulnérabilités ont été identifiées dans Mandriva, elles pourraient être exploitées par des attaquants afin de causer un déni de service ou compromettre un système vulnérable [...]

Solution

Installer les mises à jour :

Mandriva Linux 2007.0:
2aa2d395f88ba6a4d59c9768d838bbc9 2007.0/i586/libpython2.4-2.4.3-3.3mdv2007.0.i586.rpm
42e7a809d98b494c397b02536f563e3f 2007.0/i586/libpython2.4-devel-2.4.3-3.3mdv2007.0.i586.rpm
8047a106fcacb1a389fc62a4c0a1ffe1 2007.0/i586/python-2.4.3-3.3mdv2007.0.i586.rpm
5fc7ec936e59f3dbaf4195e68838c260 2007.0/i586/python-base-2.4.3-3.3mdv2007.0.i586.rpm
3f08259502861bfd057c9a675824eed1 2007.0/i586/python-docs-2.4.3-3.3mdv2007.0.i586.rpm
295ec06fd92677faa81958b3dc15673f 2007.0/i586/tkinter-2.4.3-3.3mdv2007.0.i586.rpm
3f4dcfcafa39b91533d2a6995d57900b 2007.0/SRPMS/python-2.4.3-3.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
caaa07f3f09cfcea0bd1e8973799ffef 2007.0/x86_64/lib64python2.4-2.4.3-3.3mdv2007.0.x86_64.rpm
969e366d80532376e1eea4679b0ac0fb 2007.0/x86_64/lib64python2.4-devel-2.4.3-3.3mdv2007.0.x86_64.rpm
df60e3b77cc2e0653781fba0d2dd0b55 2007.0/x86_64/python-2.4.3-3.3mdv2007.0.x86_64.rpm
e23dadbd0a78fe5a3ed85d5cc1aec10b 2007.0/x86_64/python-base-2.4.3-3.3mdv2007.0.x86_64.rpm
19b0ae3d1ab4fe68ea3ffbe43c3b0942 2007.0/x86_64/python-docs-2.4.3-3.3mdv2007.0.x86_64.rpm
9daa7753a70117f94e478357824ee274 2007.0/x86_64/tkinter-2.4.3-3.3mdv2007.0.x86_64.rpm
3f4dcfcafa39b91533d2a6995d57900b 2007.0/SRPMS/python-2.4.3-3.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
83789918b32161771fc31de1c0276abc 2007.1/i586/libpython2.5-2.5-4.2mdv2007.1.i586.rpm
fb805a3c75630617183bddd8b1876317 2007.1/i586/libpython2.5-devel-2.5-4.2mdv2007.1.i586.rpm
e33c7874ed3d6d567f581c5698925ec8 2007.1/i586/python-2.5-4.2mdv2007.1.i586.rpm
0397f12fdddf81747abdee00035aa652 2007.1/i586/python-base-2.5-4.2mdv2007.1.i586.rpm
9afc73871e8e9aac908728f2895fad17 2007.1/i586/python-docs-2.5-4.2mdv2007.1.i586.rpm
36dbd270e4ce9d14a4cf00cb82218721 2007.1/i586/tkinter-2.5-4.2mdv2007.1.i586.rpm
e87524f2a4ba782fb8dc1616d52a5210 2007.1/SRPMS/python-2.5-4.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
a4e9f1cac6e2f4bb101ec44993787e8a 2007.1/x86_64/lib64python2.5-2.5-4.2mdv2007.1.x86_64.rpm
d36b5ee8b915aeb0aeacfb31c72b0d5b 2007.1/x86_64/lib64python2.5-devel-2.5-4.2mdv2007.1.x86_64.rpm
11c9d94ace60556d0742b7df15f26e20 2007.1/x86_64/python-2.5-4.2mdv2007.1.x86_64.rpm
5733c0d34ad9d474f09d72e081e8abb5 2007.1/x86_64/python-base-2.5-4.2mdv2007.1.x86_64.rpm
c111909ca5e251969157d0846aaddab5 2007.1/x86_64/python-docs-2.5-4.2mdv2007.1.x86_64.rpm
d0ebc98fb24040adada7f5a1cb0786da 2007.1/x86_64/tkinter-2.5-4.2mdv2007.1.x86_64.rpm
e87524f2a4ba782fb8dc1616d52a5210 2007.1/SRPMS/python-2.5-4.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
402de17d03c279d7473dc00bfb30fa29 2008.0/i586/libpython2.5-2.5.1-5.1mdv2008.0.i586.rpm
460006b33d6d8d221119e757d0e53997 2008.0/i586/libpython2.5-devel-2.5.1-5.1mdv2008.0.i586.rpm
006d53e8c4c5344f3333a5e88a8e5353 2008.0/i586/python-2.5.1-5.1mdv2008.0.i586.rpm
6f688cfe64f97febd7b4b1fde1444a4e 2008.0/i586/python-base-2.5.1-5.1mdv2008.0.i586.rpm
2cfbc489e172026680449de3549e4451 2008.0/i586/python-docs-2.5.1-5.1mdv2008.0.i586.rpm
55dbf574855f61c4cddcf24d86004fef 2008.0/i586/tkinter-2.5.1-5.1mdv2008.0.i586.rpm
b0a635daa3bd47a95ea97fa1e28869e4 2008.0/i586/tkinter-apps-2.5.1-5.1mdv2008.0.i586.rpm
aa344e978d53a329b717cae3ffaa6a38 2008.0/SRPMS/python-2.5.1-5.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
c759088550b15fe216d9d42d4f205ae3 2008.0/x86_64/lib64python2.5-2.5.1-5.1mdv2008.0.x86_64.rpm
c98822c30fff7d1b28f77db91c20e094 2008.0/x86_64/lib64python2.5-devel-2.5.1-5.1mdv2008.0.x86_64.rpm
786551ac171968deba675aac73bd25f9 2008.0/x86_64/python-2.5.1-5.1mdv2008.0.x86_64.rpm
ded534c04a11298591276b573cd84fac 2008.0/x86_64/python-base-2.5.1-5.1mdv2008.0.x86_64.rpm
7cdc40b041fab7c0462e7d01accd72e2 2008.0/x86_64/python-docs-2.5.1-5.1mdv2008.0.x86_64.rpm
70ce8cebd5a034e45da35152feb07c4d 2008.0/x86_64/tkinter-2.5.1-5.1mdv2008.0.x86_64.rpm
6bc778f57d71c0206a265e817644395a 2008.0/x86_64/tkinter-apps-2.5.1-5.1mdv2008.0.x86_64.rpm
aa344e978d53a329b717cae3ffaa6a38 2008.0/SRPMS/python-2.5.1-5.1mdv2008.0.src.rpm

Corporate 4.0:
38717e896327570dbbe5bf52099b45a4 corporate/4.0/i586/libpython2.4-2.4.1-5.3.20060mlcs4.i586.rpm
4584b1a54de62e416aa088d0f5c58aaf corporate/4.0/i586/libpython2.4-devel-2.4.1-5.3.20060mlcs4.i586.rpm
c17ae6ab96b00477d4d43f9503dd5586 corporate/4.0/i586/python-2.4.1-5.3.20060mlcs4.i586.rpm
f6e5380393fbaab901856846f45cb872 corporate/4.0/i586/python-base-2.4.1-5.3.20060mlcs4.i586.rpm
2e153a8f3d28c7bcdf203429601dd5a3 corporate/4.0/i586/python-docs-2.4.1-5.3.20060mlcs4.i586.rpm
c09dbfa148bc49ff700c534e60456249 corporate/4.0/i586/tkinter-2.4.1-5.3.20060mlcs4.i586.rpm
ed33c06ab7a6c1235121330dfc7c14ea corporate/4.0/SRPMS/python-2.4.1-5.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
dc60e48b88c515fd370bef76434df88e corporate/4.0/x86_64/lib64python2.4-2.4.1-5.3.20060mlcs4.x86_64.rpm
cd4810341e9e49cc2e607a4ae067fd78 corporate/4.0/x86_64/lib64python2.4-devel-2.4.1-5.3.20060mlcs4.x86_64.rpm
d71bbb307d68599831ff0c30d0968cc3 corporate/4.0/x86_64/python-2.4.1-5.3.20060mlcs4.x86_64.rpm
945f1355d6a357b0666512f1fd485f61 corporate/4.0/x86_64/python-base-2.4.1-5.3.20060mlcs4.x86_64.rpm
f905de87ed4a5d0dd0239d8896d39243 corporate/4.0/x86_64/python-docs-2.4.1-5.3.20060mlcs4.x86_64.rpm
cca9d202eb85b96a1c61c396e125637d corporate/4.0/x86_64/tkinter-2.4.1-5.3.20060mlcs4.x86_64.rpm
ed33c06ab7a6c1235121330dfc7c14ea corporate/4.0/SRPMS/python-2.4.1-5.3.20060mlcs4.src.rpm

Corporate 3.0:
6c3c9196c69a9590c2337ec47b812512 corporate/3.0/i586/libpython2.3-2.3.3-2.5.C30mdk.i586.rpm
633d4e1b82ffb0bab95dbad17c8658c7 corporate/3.0/i586/libpython2.3-devel-2.3.3-2.5.C30mdk.i586.rpm
2437c3ef65df378ea6b91e18515e31a5 corporate/3.0/i586/python-2.3.3-2.5.C30mdk.i586.rpm
4cbdfcb886ccfea966976a0e8b45eed7 corporate/3.0/i586/python-base-2.3.3-2.5.C30mdk.i586.rpm
2b0da1499ae353820f062b2566964c56 corporate/3.0/i586/python-docs-2.3.3-2.5.C30mdk.i586.rpm
9cfe879d13ca873e5b3f925e01afe738 corporate/3.0/i586/tkinter-2.3.3-2.5.C30mdk.i586.rpm
d45b5129aa7e97f4b486a2b54e2b10e0 corporate/3.0/SRPMS/python-2.3.3-2.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
58eb34e9829788ee0d0c9a2aca9d9b4d corporate/3.0/x86_64/lib64python2.3-2.3.3-2.5.C30mdk.x86_64.rpm
a7c01d1746edbf260c67c982d62ab5f8 corporate/3.0/x86_64/lib64python2.3-devel-2.3.3-2.5.C30mdk.x86_64.rpm
e5e3cd26caee40c1a89896b3dd99f183 corporate/3.0/x86_64/python-2.3.3-2.5.C30mdk.x86_64.rpm
250e98c26995e58d5c074b483bc5168b corporate/3.0/x86_64/python-base-2.3.3-2.5.C30mdk.x86_64.rpm
d3763c75ed560b944f2900ec27fc3a24 corporate/3.0/x86_64/python-docs-2.3.3-2.5.C30mdk.x86_64.rpm
aefa7c0274efa2d0c4d546b88940f7d0 corporate/3.0/x86_64/tkinter-2.3.3-2.5.C30mdk.x86_64.rpm
d45b5129aa7e97f4b486a2b54e2b10e0 corporate/3.0/SRPMS/python-2.3.3-2.5.C30mdk.src.rpm

Multi Network Firewall 2.0:
f431a6aadd0f4e952c4b0515bbd21d9e mnf/2.0/i586/libpython2.3-2.3.3-2.5.M20mdk.i586.rpm
ed3b1c628b9165e1562e56b91c8762b2 mnf/2.0/i586/libpython2.3-devel-2.3.3-2.5.M20mdk.i586.rpm
fa2bc6f689c780f406a5eb7a035d3d51 mnf/2.0/i586/python-2.3.3-2.5.M20mdk.i586.rpm
a6a3082c9a938ae17ac55a90e1f34159 mnf/2.0/i586/python-base-2.3.3-2.5.M20mdk.i586.rpm
aa492f1068bdaeaa07450844a36e53f0 mnf/2.0/i586/python-docs-2.3.3-2.5.M20mdk.i586.rpm
69e1686a9dcc20bd77e2925b2fc9f4ca mnf/2.0/i586/tkinter-2.3.3-2.5.M20mdk.i586.rpm
b4f010845985ce30fd8eef89d348f61f mnf/2.0/SRPMS/python-2.3.3-2.5.M20mdk.src.rpm

Historique

2008-01-15 : Version Initiale

Recevez les bulletins FrSIRT

Le service FrSIRT VNS permet aux professionnels de la sécurité (RSSI, DSI, administrateurs et consultants) de recevoir en temps-réel, par email, SMS et flux RSS/XML, des bulletins de vulnérabilités complets, détaillés et personnalisés.

Recherche

Newsletter

	Oracle Products Multiple Code Execution Vulnerabilities
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Apple Mac OS X Code Execution Vulnerabilities
	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution Vulnerabilities
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability
	IBM Lotus Quickr Multiple Cross Site Scripting Vulnerabilities
	IBM WebSphere Portal Remote Authentication Bypass Vulnerability
	IBM Rational ClearQuest Login Page Cross Site Scripting Vulnerability
	IBM WebSphere Application Server Security Exposure Vulnerabilities