Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2008:164 | First vendor Publication | 2008-08-07 |
Vendor | Mandriva | Last vendor Modification | 2008-08-07 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). This was due to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules (CVE-2008-2315). Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems (CVE-2008-3142). Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2 (CVE-2008-3143). Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption (CVE-2008-3144). The updated packages have been patched to correct these issues. As well, Python packages on Corporate Server 4 have been updated to the latest version 2.4.5. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
83 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
17 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10170 | |||
Oval ID: | oval:org.mitre.oval:def:10170 | ||
Title: | Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. | ||
Description: | Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3144 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10583 | |||
Oval ID: | oval:org.mitre.oval:def:10583 | ||
Title: | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. | ||
Description: | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1679 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10804 | |||
Oval ID: | oval:org.mitre.oval:def:10804 | ||
Title: | Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. | ||
Description: | Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4965 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11466 | |||
Oval ID: | oval:org.mitre.oval:def:11466 | ||
Title: | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. | ||
Description: | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3142 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17381 | |||
Oval ID: | oval:org.mitre.oval:def:17381 | ||
Title: | USN-632-1 -- python2.4, python2.5 vulnerabilities | ||
Description: | It was discovered that there were new integer overflows in the imageop module. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-632-1 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | python2.4 python2.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17622 | |||
Oval ID: | oval:org.mitre.oval:def:17622 | ||
Title: | USN-585-1 -- python2.4/2.5 vulnerabilities | ||
Description: | Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-585-1 CVE-2007-2052 CVE-2007-4965 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | python2.4 python2.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19316 | |||
Oval ID: | oval:org.mitre.oval:def:19316 | ||
Title: | DSA-1667-1 python2.4 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1667-1 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.4 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7720 | |||
Oval ID: | oval:org.mitre.oval:def:7720 | ||
Title: | VMware python multiple integer overflows vulnerability | ||
Description: | Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3143 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7725 | |||
Oval ID: | oval:org.mitre.oval:def:7725 | ||
Title: | VMware python multiple integer overflows vulnerability in the PyOS_vsnprintf function | ||
Description: | Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3144 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7800 | |||
Oval ID: | oval:org.mitre.oval:def:7800 | ||
Title: | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code | ||
Description: | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1679 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7901 | |||
Oval ID: | oval:org.mitre.oval:def:7901 | ||
Title: | DSA-1667 python2.4 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules. Justin Ferguson discovered that incorrect memory allocation in the unicode_resize() function can lead to buffer overflows. Several integer overflows were discovered in various Python core modules. Several integer overflows were discovered in the PyOS_vsnprintf() function. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1667 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8422 | |||
Oval ID: | oval:org.mitre.oval:def:8422 | ||
Title: | VMware python multiple buffer overflows vulnerability | ||
Description: | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3142 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8445 | |||
Oval ID: | oval:org.mitre.oval:def:8445 | ||
Title: | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code | ||
Description: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2315 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8486 | |||
Oval ID: | oval:org.mitre.oval:def:8486 | ||
Title: | VMware python integer overflows vulnerability in the imageop module | ||
Description: | Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4965 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8496 | |||
Oval ID: | oval:org.mitre.oval:def:8496 | ||
Title: | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code | ||
Description: | Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4965 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8683 | |||
Oval ID: | oval:org.mitre.oval:def:8683 | ||
Title: | VMware python multiple integer overflows vulnerability | ||
Description: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2315 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8996 | |||
Oval ID: | oval:org.mitre.oval:def:8996 | ||
Title: | Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." | ||
Description: | Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3143 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9761 | |||
Oval ID: | oval:org.mitre.oval:def:9761 | ||
Title: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Description: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2315 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for python CESA-2009:1176 centos5 i386 File : nvt/gb_CESA-2009_1176_python_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for python CESA-2009:1178 centos3 i386 File : nvt/gb_CESA-2009_1178_python_centos3_i386.nasl |
2010-11-16 | Name : Mandriva Update for python MDVSA-2010:215 (python) File : nvt/gb_mandriva_MDVSA_2010_215.nasl |
2010-07-16 | Name : Mandriva Update for python MDVSA-2010:132 (python) File : nvt/gb_mandriva_MDVSA_2010_132.nasl |
2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
2010-05-12 | Name : Mac OS X Security Update 2007-009 File : nvt/macosx_secupd_2007-009.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for Python File : nvt/sles10_python1.nasl |
2009-10-13 | Name : SLES10: Security update for Python File : nvt/sles10_python.nasl |
2009-10-10 | Name : SLES9: Security update for Python File : nvt/sles9p5032900.nasl |
2009-10-10 | Name : SLES9: Security update for Python File : nvt/sles9p5021835.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1176 (python) File : nvt/ovcesa2009_1176.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1177 File : nvt/RHSA_2009_1177.nasl |
2009-07-29 | Name : CentOS Security Advisory CESA-2009:1178 (python) File : nvt/ovcesa2009_1178.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1176 File : nvt/RHSA_2009_1176.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1178 File : nvt/RHSA_2009_1178.nasl |
2009-04-09 | Name : Mandriva Update for python MDVSA-2008:163 (python) File : nvt/gb_mandriva_MDVSA_2008_163.nasl |
2009-04-09 | Name : Mandriva Update for python MDVSA-2008:013 (python) File : nvt/gb_mandriva_MDVSA_2008_013.nasl |
2009-03-23 | Name : Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1 File : nvt/gb_ubuntu_USN_585_1.nasl |
2009-03-23 | Name : Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1 File : nvt/gb_ubuntu_USN_632_1.nasl |
2009-03-06 | Name : RedHat Update for python RHSA-2007:1076-02 File : nvt/gb_RHSA-2007_1076-02_python.nasl |
2009-02-27 | Name : Fedora Update for python FEDORA-2007-2663 File : nvt/gb_fedora_2007_2663_python_fc7.nasl |
2009-02-27 | Name : CentOS Update for python-docs CESA-2007:1076 centos3 x86_64 File : nvt/gb_CESA-2007_1076_python-docs_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for python-docs CESA-2007:1076 centos3 i386 File : nvt/gb_CESA-2007_1076_python-docs_centos3_i386.nasl |
2009-02-13 | Name : Mandrake Security Advisory MDVSA-2009:036 (python) File : nvt/mdksa_2009_036.nasl |
2009-01-13 | Name : Mandrake Security Advisory MDVSA-2009:003 (python) File : nvt/mdksa_2009_003.nasl |
2008-11-24 | Name : Debian Security Advisory DSA 1667-1 (python2.4) File : nvt/deb_1667_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-16 (python) File : nvt/glsa_200807_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-01 (python) File : nvt/glsa_200807_01.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-07 (python) File : nvt/glsa_200711_07.nasl |
2008-09-17 | Name : FreeBSD Ports: python24 File : nvt/freebsd_python24.nasl |
2008-08-22 | Name : Python Multiple Vulnerabilities (Linux) File : nvt/secpod_python_mult_vuln_lin_900106.nasl |
2008-08-22 | Name : Python Multiple Vulnerabilities (Win) File : nvt/secpod_python_mult_vuln_win_900105.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1620-1 (python2.5) File : nvt/deb_1620_1.nasl |
2008-04-21 | Name : Debian Security Advisory DSA 1551-1 (python2.4) File : nvt/deb_1551_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-217-01 python File : nvt/esoft_slk_ssa_2008_217_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50096 | Python Overflow Python/ Multiple Files Unspecified Overflow |
50095 | Python Overflow Parser/node.c Unspecified Overflow |
50094 | Python Overflow Objects/ Multiple Files Unspecified Overflow |
50093 | Python Overflow Modules/ Multiple Files Unspecified Overflow |
50092 | Python Overflow Include/pymem.h Unspecified Overflow |
47481 | Python mysnprintf.c PyOS_vsnprintf Function Multiple Overflows Python contains a flaw that may allow a denial of service. The issue is triggered by an integer overflow in the PyOS_vsnprintf function in Python/mysnprintf.c, and will result in loss of availability for the affected process. |
47480 | Python PyMem_RESIZE Macro unicode_resize Function Unicode String Handling Mul... |
47478 | Python Multiple Modules Multiple Unspecified Overflows |
44463 | Python imageop.c Crafted Images Multiple Overflows |
40142 | Python imageop Module tovideo() Function Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_python_20130313.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1178.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1177.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1076.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090728_python_for_SL_4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090728_python_for_SL_3_0_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090727_python_for_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071210_python_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-215.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-132.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0264.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0629.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0525.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12046.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12215.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1178.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1178.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1177.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0003.nasl - Type : ACT_GATHER_INFO |
2009-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-806-1.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_python-080801.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-013.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-003.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-163.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1667.nasl - Type : ACT_GATHER_INFO |
2008-09-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0dccaa287f3c11dd8de50030843d3802.nasl - Type : ACT_GATHER_INFO |
2008-08-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-5490.nasl - Type : ACT_GATHER_INFO |
2008-08-17 | Name : The remote openSUSE host is missing a security update. File : suse_python-5491.nasl - Type : ACT_GATHER_INFO |
2008-08-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-217-01.nasl - Type : ACT_GATHER_INFO |
2008-08-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-632-1.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-16.nasl - Type : ACT_GATHER_INFO |
2008-07-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1620.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-01.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1551.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-585-1.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-4902.nasl - Type : ACT_GATHER_INFO |
2008-02-01 | Name : The remote openSUSE host is missing a security update. File : suse_python-4900.nasl - Type : ACT_GATHER_INFO |
2007-12-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1076.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1076.nasl - Type : ACT_GATHER_INFO |
2007-11-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-07.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2663.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:47:01 |
|