First published: Mon Jul 27 2009(Updated: )
Python is an interpreted, interactive, object-oriented programming<br>language.<br>When the assert() system call was disabled, an input sanitization flaw was<br>revealed in the Python string object implementation that led to a buffer<br>overflow. The missing check for negative size values meant the Python<br>memory allocator could allocate less memory than expected. This could<br>result in arbitrary code execution with the Python interpreter's<br>privileges. (CVE-2008-1887)<br>Multiple buffer and integer overflow flaws were found in the Python Unicode<br>string processing and in the Python Unicode and string object<br>implementations. An attacker could use these flaws to cause a denial of<br>service (Python application crash). (CVE-2008-3142, CVE-2008-5031)<br>Multiple integer overflow flaws were found in the Python imageop module. If<br>a Python application used the imageop module to process untrusted images,<br>it could cause the application to crash or, potentially, execute arbitrary<br>code with the Python interpreter's privileges. (CVE-2008-1679,<br>CVE-2008-4864)<br>Multiple integer underflow and overflow flaws were found in the Python<br>snprintf() wrapper implementation. An attacker could use these flaws to<br>cause a denial of service (memory corruption). (CVE-2008-3144)<br>Multiple integer overflow flaws were found in various Python modules. An<br>attacker could use these flaws to cause a denial of service (Python<br>application crash). (CVE-2008-2315, CVE-2008-3143)<br>Red Hat would like to thank David Remahl of the Apple Product Security team<br>for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.<br>All Python users should upgrade to these updated packages, which contain<br>backported patches to correct these issues.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.