GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Feb 23, 2008 7:26 pm Post subject: [ GLSA 200802-10 ] Python: PCRE Integer overflow |
 |
|
Gentoo Linux Security Advisory
Title: Python: PCRE Integer overflow (GLSA 200802-10)
Severity: normal
Exploitable: remote
Date: February 23, 2008
Bug(s): #198373
ID: 200802-10
Synopsis
A vulnerability within Python's copy of PCRE might lead to the execution of
arbitrary code.
Background
Python is an interpreted, interactive, object-oriented programming
language.
Affected Packages
Package: dev-lang/python
Vulnerable: < 2.3.6-r4
Unaffected: >= 2.3.6-r4
Architectures: All supported architectures
Description
Python 2.3 includes a copy of PCRE which is vulnerable to an integer
overflow vulnerability, leading to a buffer overflow.
Impact
An attacker could exploit the vulnerability by tricking a vulnerable
Python application to compile a regular expressions, which could
possibly lead to the execution of arbitrary code, a Denial of Service
or the disclosure of sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Python 2.3 users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-2.3.6-r4" |
References
CVE-2006-7228
GLSA 200711-30
Last edited by GLSA on Mon Jun 10, 2013 4:27 am; edited 1 time in total |
|
News & Announcements
