Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1721 to the following vulnerability: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. References: http://www.securityfocus.com/archive/1/archive/1/490690/100/0/threaded http://bugs.python.org/issue2586 http://www.securityfocus.com/bid/28715
Since this issue requires a rather silly use of the python zlib module, we have classified it as having a low security impact. A future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Fix as applied in zlib module: http://svn.python.org/view?rev=62235&view=rev
Created attachment 303501 [details] Copy of the reproducer from the upstream bug python-2.5.2-zlib-unflush-misallocation.py
Created attachment 303502 [details] Copy of the reproducer from the upstream bug python-2.5.2-zlib-unflush-signedness.py
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1176 https://rhn.redhat.com/errata/RHSA-2009-1176.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1177 https://rhn.redhat.com/errata/RHSA-2009-1177.html