Joined: 12 May 2004
|Posted: Sat Feb 23, 2008 7:26 pm Post subject: [ GLSA 200802-10 ] Python: PCRE Integer overflow
|Gentoo Linux Security Advisory
Title: Python: PCRE Integer overflow (GLSA 200802-10)
Date: February 23, 2008
A vulnerability within Python's copy of PCRE might lead to the execution of
Python is an interpreted, interactive, object-oriented programming
Vulnerable: < 2.3.6-r4
Unaffected: >= 2.3.6-r4
Architectures: All supported architectures
Python 2.3 includes a copy of PCRE which is vulnerable to an integer
overflow vulnerability, leading to a buffer overflow.
An attacker could exploit the vulnerability by tricking a vulnerable
Python application to compile a regular expressions, which could
possibly lead to the execution of arbitrary code, a Denial of Service
or the disclosure of sensitive information.
There is no known workaround at this time.
All Python 2.3 users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r4"
Last edited by GLSA on Mon Jun 10, 2013 4:27 am; edited 1 time in total