Joined: 12 May 2004
|Posted: Tue Oct 17, 2006 10:26 pm Post subject: [ GLSA 200610-07 ] Python: Buffer Overflow
|Gentoo Linux Security Advisory
Title: Python: Buffer Overflow (GLSA 200610-07)
Date: October 17, 2006
Updated: February 26, 2007
A buffer overflow in Python's "repr()" function can be exploited to cause a Denial of Service and potentially allows the execution of arbitrary code.
Python is an interpreted, interactive, object-oriented, cross-platform programming language.
Vulnerable: < 2.4.3-r4
Unaffected: >= 2.4.3-r4
Unaffected: >= 2.3.5-r3 < 2.3.6
Unaffected: >= 2.3.6 < 2.3.7
Architectures: All supported architectures
Benjamin C. Wiley Sittler discovered a buffer overflow in Python's "repr()" function when handling UTF-32/UCS-4 encoded strings.
If a Python application processes attacker-supplied data with the "repr()" function, this could potentially lead to the execution of arbitrary code with the privileges of the affected application or a Denial of Service.
There is no known workaround at this time.
All Python users should update to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.3-r4"
Last edited by GLSA on Wed Feb 28, 2007 4:18 am; edited 2 times in total