Upstream information

CVE-2008-3144 at MITRE

Description

Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 406051 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • python >= 2.6.0-8.9.28
  • python-32bit >= 2.6.0-8.9.28
  • python-curses >= 2.6.0-8.9.28
  • python-demo >= 2.6.0-8.9.28
  • python-gdbm >= 2.6.0-8.9.28
  • python-idle >= 2.6.0-8.9.28
  • python-tk >= 2.6.0-8.9.28
  • python-x86 >= 2.6.0-8.9.28
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA python
SUSE Linux Enterprise Server 11 SP2
  • python >= 2.6.0-8.12.2
  • python-32bit >= 2.6.0-8.12.2
  • python-curses >= 2.6.0-8.12.2
  • python-demo >= 2.6.0-8.12.2
  • python-gdbm >= 2.6.0-8.12.2
  • python-idle >= 2.6.0-8.12.2
  • python-tk >= 2.6.0-8.12.2
  • python-x86 >= 2.6.0-8.12.2
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA python
SUSE Linux Enterprise Server 11 SP3
  • python >= 2.6.8-0.15.1
  • python-32bit >= 2.6.8-0.15.1
  • python-curses >= 2.6.8-0.15.1
  • python-demo >= 2.6.8-0.15.1
  • python-gdbm >= 2.6.8-0.15.1
  • python-idle >= 2.6.8-0.15.1
  • python-tk >= 2.6.8-0.15.1
  • python-x86 >= 2.6.8-0.15.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA python
SUSE Linux Enterprise Server 11 SP4
  • python >= 2.6.9-0.35.1
  • python-32bit >= 2.6.9-0.35.1
  • python-curses >= 2.6.9-0.35.1
  • python-demo >= 2.6.9-0.35.1
  • python-gdbm >= 2.6.9-0.35.1
  • python-idle >= 2.6.9-0.35.1
  • python-tk >= 2.6.9-0.35.1
  • python-x86 >= 2.6.9-0.35.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA python
SUSE Linux Enterprise Software Development Kit 11 SP4
  • python-32bit >= 2.6.9-0.35.1
  • python-demo >= 2.6.9-0.35.1
  • python-gdbm >= 2.6.9-0.35.1
  • python-idle >= 2.6.9-0.35.1
  • python-tk >= 2.6.9-0.35.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA python-32bit
SUSE Linux Enterprise SDK 10 SP2
  • python-demo >= 2.4.2-18.22
  • python-devel >= 2.4.2-18.22
  • python-doc >= 2.4.2-18.19
  • python-doc-pdf >= 2.4.2-18.19
  • python-idle >= 2.4.2-18.22
sles10-sp2.x86
sle10-sp2-sdk.x86
core9.ia64
sle10-sp2-sdk.s390x
sles9-oes.x86
sled10.x86
sles9-nlpos.x86
sles10.ia64
sles10-sp2.ia64
sled10-sp2.x86
sles9-nld.x86
sles10-sp2.x86-64
sle10-sp2-sdk.x86-64
core9.ppc
sled10.x86-64
sle10-sp2-sdk.ia64
sle10-sp1-sdk.x86-64
sle10-sp1-sdk.s390x
sles9-nld.x86-64
sle10-sp1-sdk.x86
sles10-sp2.s390x
sles10-sp2.ppc
core9.x86-64
sles10.ppc
sles10.s390x
sle10-sp2-sdk.ppc
sles10.x86
sles10.x86-64
sle10-sp1-sdk.ppc
sled10-sp2.x86-64
core9.x86
core9.s390
core9.s390x
sle10-sp1-sdk.ia64
ZYPP Patch Nr: 5490
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • python >= 2.3.3-88.24
  • python-curses >= 2.3.3-88.24
  • python-demo >= 2.3.3-88.24
  • python-devel >= 2.3.3-88.24
  • python-doc >= 2.3.3-88.24
  • python-doc-pdf >= 2.3.3-88.24
  • python-gdbm >= 2.3.3-88.24
  • python-idle >= 2.3.3-88.24
  • python-mpz >= 2.3.3-88.24
  • python-tk >= 2.3.3-88.24
  • python-xml >= 2.3.3-88.24
sles10-sp2.x86
sle10-sp2-sdk.x86
core9.ia64
sle10-sp2-sdk.s390x
sles9-oes.x86
sled10.x86
sles9-nlpos.x86
sles10.ia64
sles10-sp2.ia64
sled10-sp2.x86
sles9-nld.x86
sles10-sp2.x86-64
sle10-sp2-sdk.x86-64
core9.ppc
sled10.x86-64
sle10-sp2-sdk.ia64
sle10-sp1-sdk.x86-64
sle10-sp1-sdk.s390x
sles9-nld.x86-64
sle10-sp1-sdk.x86
sles10-sp2.s390x
sles10-sp2.ppc
core9.x86-64
sles10.ppc
sles10.s390x
sle10-sp2-sdk.ppc
sles10.x86
sles10.x86-64
sle10-sp1-sdk.ppc
sled10-sp2.x86-64
core9.x86
core9.s390
core9.s390x
sle10-sp1-sdk.ia64
ZYPP Patch Nr: 5490
Novell Linux Desktop 9 for x86_64
  • python >= 2.3.3-88.24
  • python-32bit >= 9-200808010009
  • python-curses >= 2.3.3-88.24
  • python-demo >= 2.3.3-88.24
  • python-devel >= 2.3.3-88.24
  • python-doc >= 2.3.3-88.24
  • python-doc-pdf >= 2.3.3-88.24
  • python-gdbm >= 2.3.3-88.24
  • python-idle >= 2.3.3-88.24
  • python-mpz >= 2.3.3-88.24
  • python-tk >= 2.3.3-88.24
  • python-xml >= 2.3.3-88.24
sles10-sp2.x86
sle10-sp2-sdk.x86
core9.ia64
sle10-sp2-sdk.s390x
sles9-oes.x86
sled10.x86
sles9-nlpos.x86
sles10.ia64
sles10-sp2.ia64
sled10-sp2.x86
sles9-nld.x86
sles10-sp2.x86-64
sle10-sp2-sdk.x86-64
core9.ppc
sled10.x86-64
sle10-sp2-sdk.ia64
sle10-sp1-sdk.x86-64
sle10-sp1-sdk.s390x
sles9-nld.x86-64
sle10-sp1-sdk.x86
sles10-sp2.s390x
sles10-sp2.ppc
core9.x86-64
sles10.ppc
sles10.s390x
sle10-sp2-sdk.ppc
sles10.x86
sles10.x86-64
sle10-sp1-sdk.ppc
sled10-sp2.x86-64
core9.x86
core9.s390
core9.s390x
sle10-sp1-sdk.ia64
ZYPP Patch Nr: 5490
openSUSE 11.0
  • python-debuginfo >= 2.5.2-26.2
  • python-debugsource >= 2.5.2-26.2
openSUSE 11.0
  • python >= 2.5.2-26.2
  • python-32bit >= 2.5.2-26.2
  • python-64bit >= 2.5.2-26.2
  • python-curses >= 2.5.2-26.2
  • python-demo >= 2.5.2-26.2
  • python-devel >= 2.5.2-26.2
  • python-gdbm >= 2.5.2-26.2
  • python-idle >= 2.5.2-26.2
  • python-tk >= 2.5.2-26.2
  • python-xml >= 2.5.2-26.2