Bug 455008 - (CVE-2008-2315) CVE-2008-2315 python: Multiple integer overflows in python core
CVE-2008-2315 python: Multiple integer overflows in python core
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
source=vendor-sec,reported=20080702,p...
: Security
Depends On: 486106 486114 486329 486330 486351 486352 537915
Blocks:
  Show dependency treegraph
 
Reported: 2008-07-11 09:06 EDT by Jan Lieskovsky
Modified: 2016-03-04 07:40 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 531768 (view as bug list)
Environment:
Last Closed: 2015-08-22 11:27:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch from David against the release25-maint branch of python (17.81 KB, patch)
2008-07-11 09:10 EDT, Jan Lieskovsky
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2008-07-11 09:06:23 EDT
Description of problem:

David Remahl from Apple reported a number of integer overflow security issues in
the core python library (dealing with some of the basic types).

CVE-2008-2315: Multiple integer overflows in python core  
(stringobject, unicodeobject, bufferobject, longobject, tupleobject,  
stropmodule, gcmodule, mmapmodule)

Acknowledgements:

Red Hat would like to thank David Remahl of the Apple Product Security team
for responsibly reporting these issues.
Comment 1 Jan Lieskovsky 2008-07-11 09:10:34 EDT
Created attachment 311570 [details]
Proposed patch from David against the release25-maint branch of python
Comment 10 Jan Lieskovsky 2008-10-30 10:43:06 EDT
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.  More information regarding
issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Comment 21 errata-xmlrpc 2009-07-27 05:23:07 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1176 https://rhn.redhat.com/errata/RHSA-2009-1176.html
Comment 22 errata-xmlrpc 2009-07-27 05:35:34 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:1177 https://rhn.redhat.com/errata/RHSA-2009-1177.html
Comment 23 errata-xmlrpc 2009-07-27 05:37:27 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:1178 https://rhn.redhat.com/errata/RHSA-2009-1178.html

Note You need to log in before you can comment on or make changes to this bug.