Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 325593 (CVE-2010-1634) - <dev-lang/python-{2.6.5-r3,3.1.2-r4}: audioop: Multiple vulnerabilities (CVE-2010-{1634,2089})
Summary: <dev-lang/python-{2.6.5-r3,3.1.2-r4}: audioop: Multiple vulnerabilities (CVE-...
Status: RESOLVED FIXED
Alias: CVE-2010-1634
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa]
Keywords:
: 331247 331249 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-06-25 20:46 UTC by Stefan Behte (RETIRED)
Modified: 2014-01-06 21:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 20:46:31 UTC
CVE-2010-1634 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1634):
  Multiple integer overflows in audioop.c in the audioop module in
  Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to
  cause a denial of service (application crash) via a large fragment,
  as demonstrated by a call to audioop.lin2lin with a long string in
  the first argument, leading to a buffer overflow.  NOTE: this
  vulnerability exists because of an incorrect fix for CVE-2008-3143.5.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 21:37:20 UTC
CVE-2010-2089 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2089):
  The audioop module in Python 2.7 and 3.2 does not verify the
  relationships between size arguments and byte string lengths, which
  allows context-dependent attackers to cause a denial of service
  (memory corruption and application crash) via crafted arguments, as
  demonstrated by a call to audioop.reverse with a one-byte string, a
  different vulnerability than CVE-2010-1634.

Comment 2 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2010-06-26 16:33:50 UTC
(In reply to comment #1)
> CVE-2010-2089 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2089):
>   The audioop module in Python 2.7 and 3.2 does not verify the
>   relationships between size arguments and byte string lengths, which
>   allows context-dependent attackers to cause a denial of service
>   (memory corruption and application crash) via crafted arguments, as
>   demonstrated by a call to audioop.reverse with a one-byte string, a
>   different vulnerability than CVE-2010-1634.

This problem is not yet fixed by upstream and also concerns at least Python 2.6.
Comment 3 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2010-07-12 19:40:26 UTC
CVE-2010-1634: http://bugs.python.org/issue8674
CVE-2010-2089: http://bugs.python.org/issue7673
Comment 4 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2010-07-12 19:42:19 UTC
Fixed in 2.6.5-r3 and 3.1.2-r4. I will request stabilizations in separate bugs after some days of testing.
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 12:53:11 UTC
Arfever: What's the status here?
Comment 6 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2010-08-02 22:13:04 UTC
(In reply to comment #5)

2.6.5-r3 and 3.1.2-r4 still have a Gentoo-specific regression in handling of environmental variables (bug #329705). Do you want stabilization of 2.6.5-r3 and 3.1.2-r4 or wait for stabilization of newer, fixed versions?
Comment 7 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2010-08-04 19:48:45 UTC
(In reply to comment #6)

I'm withdrawing this question.
Comment 8 Christian Faulhammer (RETIRED) gentoo-dev 2010-08-05 06:51:50 UTC
*** Bug 331247 has been marked as a duplicate of this bug. ***
Comment 9 Christian Faulhammer (RETIRED) gentoo-dev 2010-08-05 06:51:59 UTC
*** Bug 331249 has been marked as a duplicate of this bug. ***
Comment 10 Christian Faulhammer (RETIRED) gentoo-dev 2010-08-05 06:52:35 UTC
Please stabilize dev-lang/python-2.6.5-r3 and dev-lang/python-3.1.2-r4.
Comment 11 Christian Faulhammer (RETIRED) gentoo-dev 2010-08-06 11:55:26 UTC
stable x86
Comment 12 Markos Chandras (RETIRED) gentoo-dev 2010-08-06 18:14:51 UTC
amd64 done
Comment 13 Raúl Porcel (RETIRED) gentoo-dev 2010-08-08 16:06:32 UTC
alpha/arm/ia64/m68k/s390/sh/sparc stable
Comment 14 Joe Jezak (RETIRED) gentoo-dev 2010-08-11 22:32:31 UTC
Marked both ppc stable, marked 2.6.5-r3 stable on ppc64 because it doesn't have a stable keyword for 3.x yet.
Comment 15 Jeroen Roovers gentoo-dev 2010-08-15 23:14:31 UTC
Stable for HPPA.
Comment 16 Dirkjan Ochtman gentoo-dev 2010-10-27 09:28:22 UTC
Security team, can this be closed?
Comment 17 Brent Baude (RETIRED) gentoo-dev 2010-12-27 15:04:28 UTC
adding ppc64
Comment 18 Brent Baude (RETIRED) gentoo-dev 2010-12-27 18:14:17 UTC
I believe ppc64 is done now.  For the 2.6 branch, I stabilized out of bug 342927 but got the 3.1 branch here.
Comment 19 Tim Sammut (RETIRED) gentoo-dev 2011-01-02 03:23:27 UTC
GLSA request filed.
Comment 20 GLSAMaker/CVETool Bot gentoo-dev 2014-01-06 21:27:57 UTC
This issue was resolved and addressed in
 GLSA 201401-04 at http://security.gentoo.org/glsa/glsa-201401-04.xml
by GLSA coordinator Sergey Popov (pinkbyte).