Red Hat Bugzilla – Bug 214395
CVE-2006-4980 repr unicode buffer overflow
Last modified: 2007-04-18 13:52:35 EDT
A flaw was discovered in the way that the Python repr() function handled
UTF-32/UCS-4 strings. If an application written in Python used the repr()
function on untrusted data, this could lead to a denial of service or
possibly allow the execution of arbitrary code with the privileges of the
Python application. (CVE-2006-4980)
RH announcement: http://rhn.redhat.com/errata/RHSA-2006-0713.html
Looks like both FC3 and FC4 need patches.
Also, Bug #168318 has another possible python bug we need to investigate before
pushing a python update.
-----BEGIN PGP SIGNED MESSAGE-----
I've created updated packages to fix this issue.
The FC3 package also includes a patch for CAN-2005-2491
see bug #168318
The patches are based off of EL4 patches, but I had to
modify the line numbers for FC4.
For both this and CAN-2005-2491, FC3 uses
the same patches as used in the EL4 updates.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
*** Bug 168318 has been marked as a duplicate of this bug. ***
Thanks for the packages, Jeff. You have been one busy guy!! :) Now I need
to get busy! :)
FC3 and FC4 are no longer supported.