325593 – (CVE-2010-1634) <dev-lang/python-{2.6.5-r3,3.1.2-r4}: audioop: Multiple vulnerabilities (CVE-2010-{1634,2089})

Bug 325593 (CVE-2010-1634) - <dev-lang/python-{2.6.5-r3,3.1.2-r4}: audioop: Multiple vulnerabilities (CVE-2010-{1634,2089})

Summary: <dev-lang/python-{2.6.5-r3,3.1.2-r4}: audioop: Multiple vulnerabilities (CVE-...

Status:	RESOLVED FIXED

Alias:	CVE-2010-1634

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Security

URL:
Whiteboard:	A3 [glsa]
Keywords:

Duplicates (2):	331247 331249 (view as bug list)
Depends on:
Blocks:

Reported:	2010-06-25 20:46 UTC by Stefan Behte (RETIRED)
Modified:	2014-01-06 21:27 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2010-06-25 20:46:31 UTC

CVE-2010-1634 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1634):
  Multiple integer overflows in audioop.c in the audioop module in
  Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to
  cause a denial of service (application crash) via a large fragment,
  as demonstrated by a call to audioop.lin2lin with a long string in
  the first argument, leading to a buffer overflow.  NOTE: this
  vulnerability exists because of an incorrect fix for CVE-2008-3143.5.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-06-25 21:37:20 UTC

CVE-2010-2089 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2089):
  The audioop module in Python 2.7 and 3.2 does not verify the
  relationships between size arguments and byte string lengths, which
  allows context-dependent attackers to cause a denial of service
  (memory corruption and application crash) via crafted arguments, as
  demonstrated by a call to audioop.reverse with a one-byte string, a
  different vulnerability than CVE-2010-1634.

Comment 2 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2010-06-26 16:33:50 UTC

(In reply to comment #1)
> CVE-2010-2089 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2089):
>   The audioop module in Python 2.7 and 3.2 does not verify the
>   relationships between size arguments and byte string lengths, which
>   allows context-dependent attackers to cause a denial of service
>   (memory corruption and application crash) via crafted arguments, as
>   demonstrated by a call to audioop.reverse with a one-byte string, a
>   different vulnerability than CVE-2010-1634.

This problem is not yet fixed by upstream and also concerns at least Python 2.6.

Comment 3 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2010-07-12 19:40:26 UTC

CVE-2010-1634: http://bugs.python.org/issue8674
CVE-2010-2089: http://bugs.python.org/issue7673

Comment 4 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2010-07-12 19:42:19 UTC

Fixed in 2.6.5-r3 and 3.1.2-r4. I will request stabilizations in separate bugs after some days of testing.

Comment 5 Stefan Behte (RETIRED) gentoo-dev

2010-08-01 12:53:11 UTC

Arfever: What's the status here?

Comment 6 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2010-08-02 22:13:04 UTC

(In reply to comment #5)

2.6.5-r3 and 3.1.2-r4 still have a Gentoo-specific regression in handling of environmental variables (bug #329705). Do you want stabilization of 2.6.5-r3 and 3.1.2-r4 or wait for stabilization of newer, fixed versions?

Comment 7 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2010-08-04 19:48:45 UTC

(In reply to comment #6)

I'm withdrawing this question.

Comment 8 Christian Faulhammer (RETIRED) gentoo-dev

2010-08-05 06:51:50 UTC

*** Bug 331247 has been marked as a duplicate of this bug. ***

Comment 9 Christian Faulhammer (RETIRED) gentoo-dev

2010-08-05 06:51:59 UTC

*** Bug 331249 has been marked as a duplicate of this bug. ***

Comment 10 Christian Faulhammer (RETIRED) gentoo-dev

2010-08-05 06:52:35 UTC

Please stabilize dev-lang/python-2.6.5-r3 and dev-lang/python-3.1.2-r4.

Comment 11 Christian Faulhammer (RETIRED) gentoo-dev

2010-08-06 11:55:26 UTC

stable x86

Comment 12 Markos Chandras (RETIRED) gentoo-dev

2010-08-06 18:14:51 UTC

amd64 done

Comment 13 Raúl Porcel (RETIRED) gentoo-dev

2010-08-08 16:06:32 UTC

alpha/arm/ia64/m68k/s390/sh/sparc stable

Comment 14 Joe Jezak (RETIRED) gentoo-dev

2010-08-11 22:32:31 UTC

Marked both ppc stable, marked 2.6.5-r3 stable on ppc64 because it doesn't have a stable keyword for 3.x yet.

Comment 15 Jeroen Roovers (RETIRED) gentoo-dev

2010-08-15 23:14:31 UTC

Stable for HPPA.

Comment 16 Dirkjan Ochtman (RETIRED) gentoo-dev

2010-10-27 09:28:22 UTC

Security team, can this be closed?

Comment 17 Brent Baude (RETIRED) gentoo-dev

2010-12-27 15:04:28 UTC

adding ppc64

Comment 18 Brent Baude (RETIRED) gentoo-dev

2010-12-27 18:14:17 UTC

I believe ppc64 is done now.  For the 2.6 branch, I stabilized out of bug 342927 but got the 3.1 branch here.

Comment 19 Tim Sammut (RETIRED) gentoo-dev

2011-01-02 03:23:27 UTC

GLSA request filed.

Comment 20 GLSAMaker/CVETool Bot gentoo-dev

2014-01-06 21:27:57 UTC

This issue was resolved and addressed in
 GLSA 201401-04 at http://security.gentoo.org/glsa/glsa-201401-04.xml
by GLSA coordinator Sergey Popov (pinkbyte).