Summary
The remote host is missing an update to python2.5
announced via advisory USN-806-1.
Solution
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS:
python2.4 2.4.3-0ubuntu6.3
python2.4-minimal 2.4.3-0ubuntu6.3
Ubuntu 8.04 LTS:
python2.4 2.4.5-1ubuntu4.2
python2.4-minimal 2.4.5-1ubuntu4.2
python2.5 2.5.2-2ubuntu6
python2.5-minimal 2.5.2-2ubuntu6
Ubuntu 8.10:
python2.4 2.4.5-5ubuntu1.1
python2.4-minimal 2.4.5-5ubuntu1.1
After a standard system upgrade you need to reboot your computer to effect the necessary changes.
https://secure1.securityspace.com/smysecure/catid.html?in=USN-806-1
Insight
It was discovered that Python incorrectly handled certain arguments in the imageop module. If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS.
(CVE-2008-4864)
Multiple integer overflows were discovered in Python's stringobject and unicodeobject expandtabs method. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service.
(CVE-2008-5031)
Severity
Classification
-
CVE CVE-2008-4864, CVE-2008-5031 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities