LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MeeGo alert MeeGo-SA-10:16 (python)



From:
    	      "Ware, Ryan R" <ryan.r.ware@intel.com> 


To:
    	      "meego-security@meego.com" <meego-security@meego.com> 


Subject:
    	      [MeeGo-security] [MeeGo-SA-10:16.python] Multiple Python Audioop
	Issues 


Date:
    	      Fri, 27 Aug 2010 16:22:45 -0700


Message-ID:
    	      <C89D96D5.363B7%ryan.r.ware@intel.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
==
MeeGo-SA-10:16.python                Security Advisory
                                                                MeeGo
Project

Topic:          Multiple Python Audioop Issues

Category:       Scripting
Module:         python
Announced:      August 3, 2010
Affects:        MeeGo 1.0
Corrected:      August 3, 2010
MeeGo BID: 2614, 1616
CVE:  CVE-2010-2089, CVE-2010-1634

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

Python is an interpreted, interactive, object-oriented programming
language often compared to Tcl, Perl, Scheme or Java. Python includes
modules, classes, exceptions, very high level dynamic data types and
dynamic typing. Python supports interfaces to many system calls and
libraries, as well as to various windowing systems (X11, Motif, Tk,
Mac and MFC).

II.  Problem Description

CVE-2010-2089: The audioop module in Python 2.7 and 3.2 does not
verify the relationships between size arguments and byte string
lengths, which allows context-dependent attackers to cause a denial of
service (memory corruption and application crash) via crafted
arguments, as demonstrated by a call to audioop.reverse with a
one-byte string, a different vulnerability than CVE-2010-1634.
CVSS v2 Base: 5.0 (MEDIUM)
Access Vector: Network exploitable

CVE-2010-1634: Multiple integer overflows in audioop.c in the audioop
module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent
attackers to cause a denial of service (application crash) via a large
fragment, as demonstrated by a call to audioop.lin2lin with a long
string in the first argument, leading to a buffer overflow. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2008-3143.5.
CVSS v2 Base: 5.0 (MEDIUM)
Access Vector: Network exploitable

III. Impact

CVE-2010-2089: Denial of service due to buffer errors (CWE-119)

CVE-2010-1634: Denial of service due to numeric errors (CWE-189)

IV.  Workaround

None

V.   Solution

Update to package python-2.6.4-6.1 or later.

VI. References

http://bugs.meego.com/show_bug.cgi?id=2614
http://bugs.meego.com/show_bug.cgi?id=1616
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...
http://cwe.mitre.org/data/definitions/119.html
http://cwe.mitre.org/data/definitions/189.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (Darwin)

iQEcBAEBAgAGBQJMeEPhAAoJECxjfBlj7RcKk2MIAJFpWrciJ9VmKm+iCtWVKyXu
1N77Z3PiTLwXzh3MPNgBDAh4r5EMjXFez7HvocOXDhGnQL7k94Tux6Q9YJd5CnE5
ZrsysfDMwrH/x9WFva7dY8Z1RKCQlwyRCfqHldJvuw0AlyKEXJoKAz/+hul2DMTE
YjG+H+uigiSwnK8SpYGY32joxpiDyblkSHXmbd/cL7tW4m2KuaE6Km6HjpT5raOW
hoe0Rh7hGaH7MNmEMIzP4bNaytXrPAyB+IqchkHtsivxFSpWzNkA3PSi3vxAgmoG
tj1E+CfB08lCR8ie2kuHjrWyJzTsLWkeQ1D3zOvLHfipIDNcFmPdZk3AdPg1A7E=
=6fxk
-----END PGP SIGNATURE-----

_______________________________________________
MeeGo-security mailing list
MeeGo-security@meego.com
http://lists.meego.com/listinfo/meego-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds