Mandriva Linux Security Advisory : python (MDVSA-2008:013)

Medium Nessus Plugin ID 37485

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.

The updated packages have been patched to correct this issue.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 37485

File Name: mandriva_MDVSA-2008-013.nasl

Version: $Revision: 1.10 $

Type: local

Published: 2009/04/23

Modified: 2013/06/01

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64python2.4, p-cpe:/a:mandriva:linux:lib64python2.4-devel, p-cpe:/a:mandriva:linux:lib64python2.5, p-cpe:/a:mandriva:linux:lib64python2.5-devel, p-cpe:/a:mandriva:linux:libpython2.4, p-cpe:/a:mandriva:linux:libpython2.4-devel, p-cpe:/a:mandriva:linux:libpython2.5, p-cpe:/a:mandriva:linux:libpython2.5-devel, p-cpe:/a:mandriva:linux:python, p-cpe:/a:mandriva:linux:python-base, p-cpe:/a:mandriva:linux:python-docs, p-cpe:/a:mandriva:linux:tkinter, p-cpe:/a:mandriva:linux:tkinter-apps, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2008/01/14

Reference Information

CVE: CVE-2007-4965

MDVSA: 2008:013

CWE: 189