455008 – (CVE-2008-2315) CVE-2008-2315 python: Multiple integer overflows in python core

Bug 455008 (CVE-2008-2315) - CVE-2008-2315 python: Multiple integer overflows in python core

Summary: CVE-2008-2315 python: Multiple integer overflows in python core

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2008-2315
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	486106 486114 486329 486330 486351 486352 537915
Blocks:
TreeView+	depends on / blocked

Reported:	2008-07-11 13:06 UTC by Jan Lieskovsky
Modified:	2023-05-11 13:08 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Clones:	531768 (view as bug list)
Environment:
Last Closed:	2015-08-22 15:27:41 UTC
Embargoed:

Attachments	(Terms of Use)
Proposed patch from David against the release25-maint branch of python (17.81 KB, patch) 2008-07-11 13:10 UTC, Jan Lieskovsky	no flags	Details \| Diff
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2009:1176	normal	SHIPPED_LIVE	Moderate: python security update	2009-07-27 09:22:50 UTC
Red Hat Product Errata	RHSA-2009:1177	normal	SHIPPED_LIVE	Moderate: python security update	2009-07-27 09:35:19 UTC
Red Hat Product Errata	RHSA-2009:1178	normal	SHIPPED_LIVE	Moderate: python security update	2009-07-27 09:36:40 UTC

Description Jan Lieskovsky 2008-07-11 13:06:23 UTC

Description of problem:

David Remahl from Apple reported a number of integer overflow security issues in
the core python library (dealing with some of the basic types).

CVE-2008-2315: Multiple integer overflows in python core  
(stringobject, unicodeobject, bufferobject, longobject, tupleobject,  
stropmodule, gcmodule, mmapmodule)

Acknowledgements:

Red Hat would like to thank David Remahl of the Apple Product Security team
for responsibly reporting these issues.

Comment 1 Jan Lieskovsky 2008-07-11 13:10:34 UTC

Created attachment 311570 [details]
Proposed patch from David against the release25-maint branch of python

Comment 7 Tomas Hoger 2008-08-01 08:18:22 UTC

Public now via:

http://www.gentoo.org/security/en/glsa/glsa-200807-16.xml
http://bugs.gentoo.org/show_bug.cgi?id=230640

Comment 8 Tomas Hoger 2008-08-01 08:32:35 UTC

Upstream commits in 2.4, 2.5 and trunk branch:

http://svn.python.org/view?view=rev&rev=65333
http://svn.python.org/view?view=rev&rev=65334
http://svn.python.org/view?view=rev&rev=65335

Comment 10 Jan Lieskovsky 2008-10-30 14:43:06 UTC

The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.  More information regarding
issue severity can be found here:
http://www.redhat.com/security/updates/classification/

Comment 21 errata-xmlrpc 2009-07-27 09:23:07 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1176 https://rhn.redhat.com/errata/RHSA-2009-1176.html

Comment 22 errata-xmlrpc 2009-07-27 09:35:34 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:1177 https://rhn.redhat.com/errata/RHSA-2009-1177.html

Comment 23 errata-xmlrpc 2009-07-27 09:37:27 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:1178 https://rhn.redhat.com/errata/RHSA-2009-1178.html

Note You need to log in before you can comment on or make changes to this bug.