-----  B a l a B i t   S e c u r i t y   A d v i s o r y   ( B B S A )  -----
PACKAGE             : python2.3, python2.4
AFFECTED VERSION    : <= 2.3.5-3.zorpos8, <= 2.4.1-2.zorpos4,
                      <= 2.3.5-9ubuntu1.2.zorpos33.5,
                      <= 2.4.3-0ubuntu6.zorpos33.5
FIXED               : 2.3.5-3.zorpos9, 2.4.1-2.zorpos5,
		      2.3.5-9ubuntu1.2.zorpos33.6,
		      2.4.3-0ubuntu6.zorpos33.6
SUMMARY             : multiple integer overflows
TYPE                : remote
AFFECTED            : ZorpOS 3.1, ZorpOS 3.3
ZORP-OS SPECIFIC    : NO
BBSA-AUTHOR         : Tamás Pál <tamas.pal@balabit.hu>
BBSA-ID             : BBSA-2008-039
BBSA-ADDRESS        : advisory@balabit.hu
GNUPG FINGERPRINT   : 933E 6763 D32D A01C 1A75  F228 9CB1 81C7 D91E 8915
CVE                 : CVE-2008-2315, CVE-2008-3142, CVE-2008-3143,
		      CVE-2008-3144
DATE                : Aug 8, 2008
-----------------------------------------------------------------------------

BACKGROUND:

  Multiple integer overflows has been discovered in the Python script
  language's core and modules.  Attackers exploiting these
  flaws could execute arbitrary code with user privileges or cause
  Python applications to crash, leading to a denial of service.

SOLUTION:

  We recommend that you update the affected packages immediately.

  Upgrading using apt:
  ~~~~~~~~~~~~~~~~~~~~
  Add the following line to /etc/apt/sources.list (if it doesn't
  contain this line already)

  ZorpOS version 3.1:

    deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os \
      zorp-os-3.1/3.1security zorp-os zorp-os-extra

  ZorpOS version 3.3:

    deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os \
      zorp-os-3.3/3.3security zorp-os zorp-os-extra

  then issue the following commands as root:

  apt-get update

  apt-get -u upgrade

  The latest upgrades will be downloaded and installed.

REFERENCES:

  http://www.ubuntu.com/usn/usn-632-1
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2315
  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3142
  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3143
  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3144