Bug 1146026 (CVE-2014-7185)
Summary: | CVE-2014-7185 python: buffer() integer overflow leading to out of bounds read | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | adev88, amcnabb, derks, dmalcolm, extras-orphan, ivazqueznet, jberan, jeffrey.ness, jonathansteffan, jorton, jshort, katzj, mmaslano, python-maint, tomspur, tradej |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | python 2.7.8 | Doc Type: | Bug Fix |
Doc Text: |
An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:35:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1146027, 1146028, 1187779, 1206572, 1206574 | ||
Bug Blocks: | 1146029, 1210268 |
Description
Vasyl Kaigorodov
2014-09-24 10:26:38 UTC
Created python tracking bugs for this issue: Affects: fedora-all [bug 1146027] Created python26 tracking bugs for this issue: Affects: epel-5 [bug 1146028] MITRE assigned CVE-2014-7185 to this issue: http://openwall.com/lists/oss-security/2014/09/25/47 python-2.7.5-14.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. Upstream bug report: http://bugs.python.org/issue21831 Statement: This issue affects the versions of python as shipped with Red Hat Enterprise Linux 7. A future update may address this issue. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Full upstream commit: https://hg.python.org/cpython/rev/8d963c7db507 Related commit adding the CVE id to the NEWS file: https://hg.python.org/cpython/rev/5ef28c22dc24 This problem is in the buffer() implementation. When creating new buffer object, offset and size arguments were not checked properly to ensure they are within bounds of the existing object. An integer overflow in the check could cause python to allow out of bounds read, which could lead to information disclosure or application crash. https://docs.python.org/2/library/functions.html?highlight=buffer#buffer This bug is only an issue if offset and size arguments are untrusted. The buffer() was removed from Python 3 and hence Python 3 was not affected by this issue. python-2.7.5-14.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Via RHSA-2015:1064 https://rhn.redhat.com/errata/RHSA-2015-1064.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1330 https://rhn.redhat.com/errata/RHSA-2015-1330.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2101 https://rhn.redhat.com/errata/RHSA-2015-2101.html |