Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 214395 - CVE-2006-4980 repr unicode buffer overflow
CVE-2006-4980 repr unicode buffer overflow
Status: CLOSED WONTFIX
Product: Fedora Legacy
Classification: Retired
Component: python (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Sheltren
impact=important, LEGACY, 3, 4, publi...
: Security
: 168318 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-07 08:26 EST by Jeff Sheltren
Modified: 2007-04-18 13:52 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-09 18:20:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jeff Sheltren 2006-11-07 08:26:51 EST 
A flaw was discovered in the way that the Python repr() function handled
UTF-32/UCS-4 strings. If an application written in Python used the repr()
function on untrusted data, this could lead to a denial of service or
possibly allow the execution of arbitrary code with the privileges of the
Python application. (CVE-2006-4980)

RH announcement: http://rhn.redhat.com/errata/RHSA-2006-0713.html

Looks like both FC3 and FC4 need patches.

Also, Bug #168318 has another possible python bug we need to investigate before
pushing a python update.
Comment 1 Jeff Sheltren 2006-11-09 19:54:33 EST 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've created updated packages to fix this issue.

The FC3 package also includes a patch for CAN-2005-2491
see bug #168318

The patches are based off of EL4 patches, but I had to
modify the line numbers for FC4.

For both this and CAN-2005-2491, FC3 uses
the same patches as used in the EL4 updates.

FC3:
http://www.cs.ucsb.edu/~jeff/legacy/python-2.3.4-13.2.legacy.src.rpm
10cadc979b55487f7e7cf4701052512d756e099a  python-2.3.4-13.2.legacy.src.rpm

FC4:
http://www.cs.ucsb.edu/~jeff/legacy/python-2.4.3-8.FC4.1.legacy.src.rpm
717c99f5b9c46e2662a00c167ff2d2f1b83a701c  python-2.4.3-8.FC4.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFU82vKe7MLJjUbNMRAoo0AJ9SpbCGKntSDEQTBhWnzO0bte6btACfeMg3
LLPCV271uGKlmPC0+SsfKwA=
=Ly2D
-----END PGP SIGNATURE-----
Comment 2 David Eisenstein 2006-11-11 01:58:38 EST 
*** Bug 168318 has been marked as a duplicate of this bug. ***
Comment 3 David Eisenstein 2006-11-11 02:03:31 EST 
Thanks for the packages, Jeff.  You have been one busy guy!!  :)  Now I need
to get busy!  :)
Comment 4 Jeff Sheltren 2007-04-09 18:20:34 EDT 
FC3 and FC4 are no longer supported.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.