[python] Multiple integer overflow vulnerabilities possibly resulting in the execution of arbitrary code or DoS

dapper has no python2.5

wrong distro...grmpf..lp is slow

This version should work out of the box.
Nontheless, it can't be build, because in dapper the tix8.1-dev package is totally missing.
This has to be fixed first, before we can build for dapper any python2.2 version.

Regarding the maintainance time of dapper, I wonder what really happened here.
Even if python2.2 is not actively maintained anymore, it should work for interessted people to build those versions.

there are typos resulting in build failures:

+diff -ruN ./Modules/imageop.c ../python2.5-2.5.1/Modules/imageop.c
+--- ./Modules/imageop.c 2006-01-19 07:09:39.000000000 +0100
++++ ../python2.5-2.5.1/Modules/imageop.c 2007-11-24 17:00:43.000000000 +0100
+@@ -78,7 +78,7 @@
+ char *cp, *ncp;
+ short *nsp;
+ Py_Int32 *nlp;
+- int len, size, x, y, newx1, newx2, newy1, newy2;
++ int len, size, x, y, newx1, newx2, newy1, newy2. nlen;
                                                                                    ^^^
+ int ix, iy, xstep, ystep;
+ PyObject *rv;
+

HI Matthias,

could you give me a snippet of the build failures, because I built all the versions (not the dapper one because of the known issues) just fine without any failures...

Regards,

\sh

This bug was fixed in the package python2.4 - 2.4.4-7ubuntu1

---------------
python2.4 (2.4.4-7ubuntu1) hardy; urgency=low

  * Merge with Debian; remaining changes:
    - Rebuild the control file.
    - Build the -doc package from this source.

python2.4 (2.4.4-7) unstable; urgency=low

  * SVN update up to 2007-12-23.
  * Register binfmt for .py[co] files.
  * Use -fwrapv when GCC supports it.
  * Rename all exported symbols to avoid conflicts with similarly named
    symbols in other libraries (Robert Edmonds). Closes: #440272.
  * Use absolute paths when byte-compiling files. Closes: #453346.
  * CVE-2007-4965, http://bugs.python.org/issue1179:
    Multiple integer overflows in the imageop module in Python 2.5.1 and
    earlier allow context-dependent attackers to cause a denial of service
    (application crash) and possibly obtain sensitive information (memory
    contents) via crafted arguments to (1) the tovideo method, and unspecified
    other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
    files, which trigger heap-based buffer overflows.
    Patch prepared by Stephan Herrmann. Closes: #443335, LP: #163845.
  * Remove deprecated value from categories in desktop file. LP: #172874.
  * python2.4-dbg: Don't include the gdbm and _tkinter extensions, now provided
    in separate packages.
  * Provide a symlink changelog -> NEWS. Closes: #439271.

 -- Matthias Klose <email address hidden> Thu, 03 Jan 2008 13:11:54 +0000

This bug was fixed in the package python2.5 - 2.5.1-6ubuntu1

---------------
python2.5 (2.5.1-6ubuntu1) hardy; urgency=low

  * Merge with Debian; remaining changes:
    - Include the pregenerated documentation.
    - Set priority of python2.5-minimal to required.
    - Build python2.5-doc from the pregenerated documentation.

python2.5 (2.5.1-6) unstable; urgency=low

  * Update to 20080102, taken from the 2.5 release branch.
    - Only define _BSD_SOURCE on OpenBSD systems. Closes: #455400.
  * Fix handling of packages in linecache.py (Kevin Goodsell). LP: #70902.
  * Bump debhelper to v5.
  * Register binfmt for .py[co] files.
  * Use absolute paths when byte-compiling files. Addresses: #453346.
    Closes: #413566, LP: #177722.
  * CVE-2007-4965, http://bugs.python.org/issue1179:
    Multiple integer overflows in the imageop module in Python 2.5.1 and
    earlier allow context-dependent attackers to cause a denial of service
    (application crash) and possibly obtain sensitive information (memory
    contents) via crafted arguments to (1) the tovideo method, and unspecified
    other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
    files, which trigger heap-based buffer overflows.
    Patch prepared by Stephan Herrmann. Closes: #443333, LP: #163845.
  * Register info docs when doing source only uploads. LP: #174786.
  * Remove deprecated value from categories in desktop file. LP: #172874.
  * python2.5-dbg: Don't include the gdbm and _tkinter extensions, now provided
    in separate packages.
  * Provide a symlink changelog -> NEWS. Closes: #439271.
  * Fix build failure on hurd, working around poll() on systems on which it
    returns an error on invalid FDs. Closes: #438914.
  * Configure --with-system-ffi on all architectures. Closes: #448520.
  * Fix version numbers in copyright and README files (Dan O'Huiginn).
    Closes: #446682.

 -- Matthias Klose <email address hidden> Thu, 03 Jan 2008 16:21:32 +0100

Have there been any updates for the stable releases?

This is being uploaded to -security shortly. Thanks for helping prepare the updates!

The python2.2 and python2.3 debdiffs FTBFS (the same typo Matthias pointed out). If you can get new debdiffs, build, and test them, I can get 2.2 and 2.3 rolled out too.

Thanks!

Kees,

will do this...there is more on my todo for -security, so this typo is a nobrainer...

Thx,

\sh

http://www.ubuntu.com/usn/usn-585-1

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.