Debian DSA-1977-1 : python2.4 python2.5 - several vulnerabilities

High Nessus Plugin ID 44841

Synopsis

The remote Debian host is missing a security-related update.

Description

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. (CVE-2009-3560 CVE-2009-3720 ) This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.

In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316 ) It only affects the oldstable distribution (etch).

Solution

Upgrade the python packages.

For the oldstable distribution (etch), these problems have been fixed in version 2.4.4-3+etch3 for python2.4 and version 2.5-5+etch2 for python2.5.

For the stable distribution (lenny), these problems have been fixed in version 2.4.6-1+lenny1 for python2.4 and version 2.5.2-15+lenny1 for python2.5.

Debian DSA-1977-1 : python2.4 python2.5 - several vulnerabilities

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

Vulnerability Information

Reference Information