FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1721

This CVE name corresponds to:

Entered	Topic
2008-04-25	python -- Integer Signedness Error in zlib Module

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-1721 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-1721
Phase	Assigned(20080410)

Description

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.

References

Source	Reference
BUGTRAQ	20080409 IOActive Security Advisory: Buffer overflow in Python zlib extension module
BUGTRAQ	20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
CONFIRM	http://bugs.python.org/issue2586
CONFIRM	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149
CONFIRM	https://issues.rpath.com/browse/RPL-2444
CONFIRM	http://support.apple.com/kb/HT3438
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
CONFIRM	http://support.avaya.com/css/P8/documents/100074697
APPLE	APPLE-SA-2009-02-12
DEBIAN	DSA-1551
DEBIAN	DSA-1620
GENTOO	GLSA-200807-01
MANDRIVA	MDVSA-2008:085
SLACKWARE	SSA:2008-217-01
UBUNTU	USN-632-1
BID	28715
OVAL	oval:org.mitre.oval:def:8249
OVAL	oval:org.mitre.oval:def:8494
OVAL	oval:org.mitre.oval:def:9407
SECUNIA	37471
SECUNIA	38675
VUPEN	ADV-2008-1229
SECTRACK	1019823
SECUNIA	29889
SECUNIA	29955
SECUNIA	30872
SECUNIA	31255
SECUNIA	31358
SECUNIA	31365
SECUNIA	33937
SREASON	3802
VUPEN	ADV-2009-3316
XF	zlib-pystringfromstringandsize-bo(41748)