Python 2.2: Buffer overflow in getaddrinfo()

2004-09-02T00:00:00
ID GLSA-200409-03
Type gentoo
Reporter Gentoo Foundation
Modified 2004-09-02T00:00:00

Description

Background

Python is an interpreted, interactive, object-oriented, cross-platform programming language.

Description

If IPV6 is disabled in Python 2.2, getaddrinfo() is not able to handle IPV6 DNS requests properly and a buffer overflow occurs.

Impact

An attacker can execute arbitrary code as the user running python.

Workaround

Users with IPV6 enabled are not affected by this vulnerability.

Resolution

All Python 2.2 users should upgrade to the latest version:

 # emerge sync

 # emerge -pv ">=dev-lang/python-2.2.2"
 # emerge ">=dev-lang/python-2.2.2"