Bug 454990 – CVE-2008-3142 python: Multiple buffer overflows in unicode processing

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 454990 - (CVE-2008-3142) CVE-2008-3142 python: Multiple buffer overflows in unicode processing

Summary:	CVE-2008-3142 python: Multiple buffer overflows in unicode processing

Status:	CLOSED ERRATA

Aliases:	CVE-2008-3142

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	source=vendor-sec,reported=20080702,p...
Keywords:	Security

Depends On:	486114 486329 486330 486351 486352 537915 540518
Blocks:
	Show dependency tree / graph

Reported:	2008-07-11 06:44 EDT by Jan Lieskovsky
Modified:	2018-10-27 10:31 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Clones:	540518 (view as bug list)
Environment:
Last Closed:	2015-08-22 12:14:49 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2009:1176	normal	SHIPPED_LIVE	Moderate: python security update	2009-07-27 05:22:50 EDT
Red Hat Product Errata	RHSA-2009:1177	normal	SHIPPED_LIVE	Moderate: python security update	2009-07-27 05:35:19 EDT
Red Hat Product Errata	RHSA-2009:1178	normal	SHIPPED_LIVE	Moderate: python security update	2009-07-27 05:36:40 EDT

Groups: None (edit)

Description Jan Lieskovsky 2008-07-11 06:44:48 EDT

Description of problem:

Justin Ferguson has reported the following python issue:

The unicode_resize() function acts essentially as a wrapper to
realloc(), it accomplishes this via the PyMem_RESIZE() macro which
factors the size with the size of the type, in this case it multiplies
by two as Py_UNICODE is typedef'd to a wchar_t. When resizing large
strings, this results in an incorrect allocation that in turn leads to
buffer overflow.

Public mention of this issue:

http://bugs.python.org/issue2620

Proposed upstream patch:  

http://bugs.python.org/file10825/issue2620-gps02-patch.txt

Comment 1 Jan Lieskovsky 2008-07-11 06:46:48 EDT

Links to reproducers:

http://bugs.python.org/file10011/python-2.5.2-unicode_resize-utf7.py

http://bugs.python.org/file10012/python-2.5.2-unicode_resize-utf8.py

http://bugs.python.org/file10013/python-2.5.2-unicode_resize-utf16.py

Comment 3 Jan Lieskovsky 2008-10-30 10:44:15 EDT

The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.  More information regarding
issue severity can be found here:
http://www.redhat.com/security/updates/classification/

Comment 11 errata-xmlrpc 2009-07-27 05:23:02 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1176 https://rhn.redhat.com/errata/RHSA-2009-1176.html

Comment 12 errata-xmlrpc 2009-07-27 05:35:30 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:1177 https://rhn.redhat.com/errata/RHSA-2009-1177.html

Comment 13 errata-xmlrpc 2009-07-27 05:37:23 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:1178 https://rhn.redhat.com/errata/RHSA-2009-1178.html

Note You need to log in before you can comment on or make changes to this bug.