Bug 214395 - CVE-2006-4980 repr unicode buffer overflow
Summary: CVE-2006-4980 repr unicode buffer overflow
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: python
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeff Sheltren
QA Contact:
URL:
Whiteboard: impact=important, LEGACY, 3, 4, publi...
: 168318 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-11-07 13:26 UTC by Jeff Sheltren
Modified: 2007-04-18 17:52 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-04-09 22:20:34 UTC
Embargoed:


Attachments (Terms of Use)

Description Jeff Sheltren 2006-11-07 13:26:51 UTC
A flaw was discovered in the way that the Python repr() function handled
UTF-32/UCS-4 strings. If an application written in Python used the repr()
function on untrusted data, this could lead to a denial of service or
possibly allow the execution of arbitrary code with the privileges of the
Python application. (CVE-2006-4980)

RH announcement: http://rhn.redhat.com/errata/RHSA-2006-0713.html

Looks like both FC3 and FC4 need patches.

Also, Bug #168318 has another possible python bug we need to investigate before
pushing a python update.

Comment 1 Jeff Sheltren 2006-11-10 00:54:33 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've created updated packages to fix this issue.

The FC3 package also includes a patch for CAN-2005-2491
see bug #168318

The patches are based off of EL4 patches, but I had to
modify the line numbers for FC4.

For both this and CAN-2005-2491, FC3 uses
the same patches as used in the EL4 updates.

FC3:
http://www.cs.ucsb.edu/~jeff/legacy/python-2.3.4-13.2.legacy.src.rpm
10cadc979b55487f7e7cf4701052512d756e099a  python-2.3.4-13.2.legacy.src.rpm

FC4:
http://www.cs.ucsb.edu/~jeff/legacy/python-2.4.3-8.FC4.1.legacy.src.rpm
717c99f5b9c46e2662a00c167ff2d2f1b83a701c  python-2.4.3-8.FC4.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFU82vKe7MLJjUbNMRAoo0AJ9SpbCGKntSDEQTBhWnzO0bte6btACfeMg3
LLPCV271uGKlmPC0+SsfKwA=
=Ly2D
-----END PGP SIGNATURE-----

Comment 2 David Eisenstein 2006-11-11 06:58:38 UTC
*** Bug 168318 has been marked as a duplicate of this bug. ***

Comment 3 David Eisenstein 2006-11-11 07:03:31 UTC
Thanks for the packages, Jeff.  You have been one busy guy!!  :)  Now I need
to get busy!  :)

Comment 4 Jeff Sheltren 2007-04-09 22:20:34 UTC
FC3 and FC4 are no longer supported.


Note You need to log in before you can comment on or make changes to this bug.