Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1887 to the following vulnerability: Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. Refences: http://bugs.python.org/issue2587 http://www.securityfocus.com/archive/1/490776 http://www.debian.org/security/2008/dsa-1551
Upstream SVN commits: http://svn.python.org/view?rev=62262&view=rev http://svn.python.org/view?rev=62261&view=rev
This really is a cause of CVE-2008-1721 tracked via bug bug #442005. Upstream bug reports suggest that this may cause problems in other modules as well (PySSL also mentioned). This underlying issue seems to exist in all Python versions we ship in Red Hat Enterprise Linux 2.1, 3, 4, and 5 and Fedora. On Fedora 7 and later, interpreter is aborted when assertion on size being >= 0 is hit.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1176 https://rhn.redhat.com/errata/RHSA-2009-1176.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1177 https://rhn.redhat.com/errata/RHSA-2009-1177.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2009:1178 https://rhn.redhat.com/errata/RHSA-2009-1178.html