David Remahl of Apple reported, that the patch used to address multiple integer overflows in python's imageop module (CVE-2007-4965) did not completely address all overflow cases. Additional test cases were provided as additional comment: http://bugs.python.org/msg64682 in upstream bug report used to track CVE-2007-4965: http://bugs.python.org/issue1179 Red Hat bug used to track CVE-2007-4965: bug #295971 Acknowledgements: Red Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting these issues.
Patch to address this issue in upstream bug report: http://bugs.python.org/file9975/python-2.5-int-overflow-2.patch
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1177 https://rhn.redhat.com/errata/RHSA-2009-1177.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2009:1178 https://rhn.redhat.com/errata/RHSA-2009-1178.html