Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1145792

Summary: CVE-2014-1912 - Buffer overflow in the socket.recvfrom_into function
Product: Red Hat Software Collections Reporter: Orion Poplawski <orion>
Component: python27Assignee: Matej Stuchlik <mstuchli>
Status: CLOSED WONTFIX QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: medium Docs Contact:
Priority: unspecified    
Version: python27CC: hhorak, jberan, mstuchli
Target Milestone: rcKeywords: Security, SecurityTracking
Target Release: 1.2   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-03 11:45:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Orion Poplawski 2014-09-23 18:56:01 UTC 
Description of problem:

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. 

Version-Release number of selected component (if applicable):
python27-python-2.7.5-10.el6
Comment 2 Honza Horak 2014-10-03 11:45:07 UTC 
I consulted this issue with the Red Hat Security Response Team, which has rated this issue as having Moderate security impact (https://bugzilla.redhat.com/show_bug.cgi?id=1062370#c12). Even if a future update may address this issue in Red Hat Software Collections 1, the bug needs to be cloned by the Security Response Team itself, so closing this bug for now. Thanks for understanding.