Bug 454990 (CVE-2008-3142)

Summary: CVE-2008-3142 python: Multiple buffer overflows in unicode processing
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: james.antill, kreilly, psplicha, tao, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 540518 (view as bug list) Environment:
Last Closed: 2015-08-22 16:14:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 486114, 486329, 486330, 486351, 486352, 537915, 540518    
Bug Blocks:    

Description Jan Lieskovsky 2008-07-11 10:44:48 UTC 
Description of problem:

Justin Ferguson has reported the following python issue:

The unicode_resize() function acts essentially as a wrapper to
realloc(), it accomplishes this via the PyMem_RESIZE() macro which
factors the size with the size of the type, in this case it multiplies
by two as Py_UNICODE is typedef'd to a wchar_t. When resizing large
strings, this results in an incorrect allocation that in turn leads to
buffer overflow.

Public mention of this issue:

http://bugs.python.org/issue2620

Proposed upstream patch:  

http://bugs.python.org/file10825/issue2620-gps02-patch.txt
Comment 1 Jan Lieskovsky 2008-07-11 10:46:48 UTC 
Links to reproducers:

http://bugs.python.org/file10011/python-2.5.2-unicode_resize-utf7.py

http://bugs.python.org/file10012/python-2.5.2-unicode_resize-utf8.py

http://bugs.python.org/file10013/python-2.5.2-unicode_resize-utf16.py
Comment 3 Jan Lieskovsky 2008-10-30 14:44:15 UTC 
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.  More information regarding
issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Comment 11 errata-xmlrpc 2009-07-27 09:23:02 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1176 https://rhn.redhat.com/errata/RHSA-2009-1176.html
Comment 12 errata-xmlrpc 2009-07-27 09:35:30 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:1177 https://rhn.redhat.com/errata/RHSA-2009-1177.html
Comment 13 errata-xmlrpc 2009-07-27 09:37:23 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:1178 https://rhn.redhat.com/errata/RHSA-2009-1178.html