[CVE-2008-1679, CVE-2008-1721] Python 2.5 vulnerabilities
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| python2.5 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Feisty |
New
|
Undecided
|
Unassigned | ||
| Gutsy |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: python2.5
I see in the changelog that CVE-2008-1679 and CVE-2008-1721 have been fixed in Hardy. But no updates for previous releases were issued. It looks like Gutsy, Feisty and Edgy are vulnerable and should be fixed too.
CVE-2008-1679
http://
"Multiple integer overflows in imageop.c in Python before 2.5.3 [sic] allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965."
CVE-2008-1721
http://
"Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow."
| Till Ulen (tillulen) wrote | #1 |
| Changed in python2.5: | |
| status: | New → Confirmed |
| Changed in python2.5: | |
| status: | Confirmed → Fix Released |
Oh, Edgy is no longer supported. So let it be Gutsy and Feisty.