SB2008073101 - Gentoo update for Python

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2008073101

SB2008073101 - Gentoo update for Python

Published: July 31, 2008 Updated: June 28, 2025

Security Bulletin ID SB2008073101
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2008-2315)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.


2) Input validation error (CVE-ID: CVE-2008-2316)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."


3) Buffer overflow (CVE-ID: CVE-2008-3142)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.


4) Integer overflow (CVE-ID: CVE-2008-3143)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."


5) Input validation error (CVE-ID: CVE-2008-3144)

The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations.


6) Input validation error (CVE-ID: CVE-2008-3144)

The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations.


Remediation

Install update from vendor's website.

References