GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Tue Oct 17, 2006 10:26 pm Post subject: [ GLSA 200610-07 ] Python: Buffer Overflow |
|
|
Gentoo Linux Security Advisory
Title: Python: Buffer Overflow (GLSA 200610-07)
Severity: normal
Exploitable: remote
Date: October 17, 2006
Updated: February 26, 2007
Bug(s): #149065
ID: 200610-07
Synopsis
A buffer overflow in Python's "repr()" function can be exploited to cause a Denial of Service and potentially allows the execution of arbitrary code.
Background
Python is an interpreted, interactive, object-oriented, cross-platform programming language.
Affected Packages
Package: dev-lang/python
Vulnerable: < 2.4.3-r4
Unaffected: >= 2.4.3-r4
Unaffected: >= 2.3.5-r3 < 2.3.6
Unaffected: >= 2.3.6 < 2.3.7
Architectures: All supported architectures
Description
Benjamin C. Wiley Sittler discovered a buffer overflow in Python's "repr()" function when handling UTF-32/UCS-4 encoded strings.
Impact
If a Python application processes attacker-supplied data with the "repr()" function, this could potentially lead to the execution of arbitrary code with the privileges of the affected application or a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Python users should update to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.3-r4" |
References
CVE-2006-4980
Last edited by GLSA on Wed Feb 28, 2007 4:18 am; edited 2 times in total |
|