RHSA-2009:1177: Moderate: python security update
First published: Mon Jul 27 2009(Updated: )
Python is an interpreted, interactive, object-oriented programming<br>language.<br>When the assert() system call was disabled, an input sanitization flaw was<br>revealed in the Python string object implementation that led to a buffer<br>overflow. The missing check for negative size values meant the Python<br>memory allocator could allocate less memory than expected. This could<br>result in arbitrary code execution with the Python interpreter's<br>privileges. (CVE-2008-1887)<br>Multiple buffer and integer overflow flaws were found in the Python Unicode<br>string processing and in the Python Unicode and string object<br>implementations. An attacker could use these flaws to cause a denial of<br>service (Python application crash). (CVE-2008-3142, CVE-2008-5031)<br>Multiple integer overflow flaws were found in the Python imageop module. If<br>a Python application used the imageop module to process untrusted images,<br>it could cause the application to crash or, potentially, execute arbitrary<br>code with the Python interpreter's privileges. (CVE-2008-1679,<br>CVE-2008-4864)<br>Multiple integer underflow and overflow flaws were found in the Python<br>snprintf() wrapper implementation. An attacker could use these flaws to<br>cause a denial of service (memory corruption). (CVE-2008-3144)<br>Multiple integer overflow flaws were found in various Python modules. An<br>attacker could use these flaws to cause a denial of service (Python<br>application crash). (CVE-2008-2315, CVE-2008-3143)<br>An integer signedness error, leading to a buffer overflow, was found<br>in the Python zlib extension module. If a Python application requested<br>the negative byte count be flushed for a decompression stream, it could<br>cause the application to crash or, potentially, execute arbitrary code<br>with the Python interpreter's privileges. (CVE-2008-1721)<br>Red Hat would like to thank David Remahl of the Apple Product Security team<br>for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.<br>All Python users should upgrade to these updated packages, which contain<br>backported patches to correct these issues.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/python | <2.3.4-14.7.el4_8.2 | 2.3.4-14.7.el4_8.2 |
| redhat/python | <2.3.4-14.7.el4_8.2 | 2.3.4-14.7.el4_8.2 |
| redhat/python-devel | <2.3.4-14.7.el4_8.2 | 2.3.4-14.7.el4_8.2 |
| redhat/python-docs | <2.3.4-14.7.el4_8.2 | 2.3.4-14.7.el4_8.2 |
| redhat/python-tools | <2.3.4-14.7.el4_8.2 | 2.3.4-14.7.el4_8.2 |
| redhat/tkinter | <2.3.4-14.7.el4_8.2 | 2.3.4-14.7.el4_8.2 |
| redhat/python-devel | <2.3.4-14.7.el4_8.2 | 2.3.4-14.7.el4_8.2 |
| redhat/python-docs | <2.3.4-14.7.el4_8.2 | 2.3.4-14.7.el4_8.2 |
| redhat/python-tools | <2.3.4-14.7.el4_8.2 | 2.3.4-14.7.el4_8.2 |
| redhat/tkinter | <2.3.4-14.7.el4_8.2 | 2.3.4-14.7.el4_8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=441306
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=442005
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=443810
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=454990
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=455008
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=455013
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=455018
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=469656
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=470915
- http://www.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/errata/RHSA-2009:1177 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2009:1177?
The severity of RHSA-2009:1177 is classified as moderate due to an input sanitization flaw that leads to a buffer overflow.
How do I fix RHSA-2009:1177?
To fix RHSA-2009:1177, update the affected packages to version 2.3.4-14.7.el4_8.2.
Which packages are affected by RHSA-2009:1177?
The affected packages include python, python-devel, python-docs, python-tools, and tkinter.
What is the nature of the vulnerability in RHSA-2009:1177?
RHSA-2009:1177 involves an input sanitization flaw in the Python string object implementation that can cause a buffer overflow.
What are the symptoms of the vulnerability in RHSA-2009:1177?
Symptoms may include application crashes or unexpected behavior when processing certain inputs in Python.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2009:1177
- agent/software-canonical-lookup
- package-manager/redhat