Description of problem: Fix potential integer underflow and overflow conditions in the PyOS_vsnprintf C API function. Proposed upstream patch: http://svn.python.org/view?rev=63883&view=rev
Does this do anything if python knows you have a working snprintf()? -- Ahh it does "str[size-1] = '\0';" even when size == 0? ... can that happen? Do we really wan tto include all the other parts of the patch, given that we won't be testing any of it -- and won't use it?
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1176 https://rhn.redhat.com/errata/RHSA-2009-1176.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1177 https://rhn.redhat.com/errata/RHSA-2009-1177.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2009:1178 https://rhn.redhat.com/errata/RHSA-2009-1178.html
Description: Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption).