Red Hat Bugzilla – Bug 214395
CVE-2006-4980 repr unicode buffer overflow
Last modified: 2007-04-18 13:52:35 EDT
A flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. (CVE-2006-4980) RH announcement: http://rhn.redhat.com/errata/RHSA-2006-0713.html Looks like both FC3 and FC4 need patches. Also, Bug #168318 has another possible python bug we need to investigate before pushing a python update.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've created updated packages to fix this issue. The FC3 package also includes a patch for CAN-2005-2491 see bug #168318 The patches are based off of EL4 patches, but I had to modify the line numbers for FC4. For both this and CAN-2005-2491, FC3 uses the same patches as used in the EL4 updates. FC3: http://www.cs.ucsb.edu/~jeff/legacy/python-2.3.4-13.2.legacy.src.rpm 10cadc979b55487f7e7cf4701052512d756e099a python-2.3.4-13.2.legacy.src.rpm FC4: http://www.cs.ucsb.edu/~jeff/legacy/python-2.4.3-8.FC4.1.legacy.src.rpm 717c99f5b9c46e2662a00c167ff2d2f1b83a701c python-2.4.3-8.FC4.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFU82vKe7MLJjUbNMRAoo0AJ9SpbCGKntSDEQTBhWnzO0bte6btACfeMg3 LLPCV271uGKlmPC0+SsfKwA= =Ly2D -----END PGP SIGNATURE-----
*** Bug 168318 has been marked as a duplicate of this bug. ***
Thanks for the packages, Jeff. You have been one busy guy!! :) Now I need to get busy! :)
FC3 and FC4 are no longer supported.