Bug 168318
Summary: | CAN-2005-2491 - python PCRE heap overflow | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | Josh Bressers <bressers> |
Component: | python | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED DUPLICATE | QA Contact: | Brock Organ <borgan> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | fc3 | CC: | deisenst, katzj, mihai.ibanescu, sheltren |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=moderate, LEGACY, 3 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-11-11 06:57:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 430638 |
Description
Josh Bressers
2005-09-14 21:26:56 UTC
Reassigning to Fedora Legacy. Still not sure if this affects us or not.... Josh, do you know what you all eventually did with this bug for other distros? This issue didn't affect FC4, but does affect RHEL. We have an update in progress. Note the ability to exploit this issue is seriously mitigated by how PCRE is used in a python script which processes unsanitized user input. Josh, did you ever get information on whether or not this effects FC3's python? It seems very close to RHEL4's python... This issue is so old now I honestly can't remember. Your best bet will be to test the FC4 python as detailed here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166335#c4 (Assuming this affects FC3 and FC4 Pythons until proven otherwise. Changing status whiteboard to reflect that assumption & our need to work on this bug.) (Also, research needs to be done to see if there are any other Python secu- rity issues that Legacy needs to fix that have appeared since Legacy inherited FC3 and FC4 maintenance (in January and August, respectively). We can bundle them into this Bugzilla if so.) --dde This does affect python on FC3, but not on FC4 - FC4 python doesn't include the pcre library. Since I'm rolling packages for another Python vulnerability, I'm including a patch in the FC3 package for this issue in the updated FC3 package. See bug #214395 Since this is being fixed in Bug #214395, I am going ahead and closing this bug as a duplicate of that bug. Thanks, Jeff. *** This bug has been marked as a duplicate of 214395 *** |