(RHSA-2007:1076) Moderate: python security update

2007-12-1000:00:00

access.redhat.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.041 Low

EPSS

Percentile

91.1%

JSON

Python is an interpreted, interactive, object-oriented programming
language.

An integer overflow flaw was discovered in the way Python’s pcre module
handled certain regular expressions. If a Python application used the pcre
module to compile and execute untrusted regular expressions, it may be
possible to cause the application to crash, or allow arbitrary code
execution with the privileges of the Python interpreter. (CVE-2006-7228)

A flaw was discovered in the strxfrm() function of Python’s locale module.
Strings generated by this function were not properly NULL-terminated. This
may possibly cause disclosure of data stored in the memory of a Python
application using this function. (CVE-2007-2052)

Multiple integer overflow flaws were discovered in Python’s imageop module.
If an application written in Python used the imageop module to process
untrusted images, it could cause the application to crash, enter an
infinite loop, or possibly execute arbitrary code with the privileges of
the Python interpreter. (CVE-2007-4965)

Users of Python are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyppcpython-devel< 2.2.3-6.8python-devel-2.2.3-6.8.ppc.rpm
RedHatanys390xpython-tools< 2.2.3-6.8python-tools-2.2.3-6.8.s390x.rpm
RedHat4s390python-docs< 2.3.4-14.4.el4_6.1python-docs-2.3.4-14.4.el4_6.1.s390.rpm
RedHat4s390xpython-devel< 2.3.4-14.4.el4_6.1python-devel-2.3.4-14.4.el4_6.1.s390x.rpm
RedHat4ppcpython-docs< 2.3.4-14.4.el4_6.1python-docs-2.3.4-14.4.el4_6.1.ppc.rpm
RedHatanys390python-devel< 2.2.3-6.8python-devel-2.2.3-6.8.s390.rpm
RedHat4srcpython< 2.3.4-14.4.el4_6.1python-2.3.4-14.4.el4_6.1.src.rpm
RedHatanys390python-tools< 2.2.3-6.8python-tools-2.2.3-6.8.s390.rpm
RedHatanys390python< 2.2.3-6.8python-2.2.3-6.8.s390.rpm
RedHat4i386python-devel< 2.3.4-14.4.el4_6.1python-devel-2.3.4-14.4.el4_6.1.i386.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ppc	python-devel	< 2.2.3-6.8	python-devel-2.2.3-6.8.ppc.rpm
RedHat	any	s390x	python-tools	< 2.2.3-6.8	python-tools-2.2.3-6.8.s390x.rpm
RedHat	4	s390	python-docs	< 2.3.4-14.4.el4_6.1	python-docs-2.3.4-14.4.el4_6.1.s390.rpm
RedHat	4	s390x	python-devel	< 2.3.4-14.4.el4_6.1	python-devel-2.3.4-14.4.el4_6.1.s390x.rpm
RedHat	4	ppc	python-docs	< 2.3.4-14.4.el4_6.1	python-docs-2.3.4-14.4.el4_6.1.ppc.rpm
RedHat	any	s390	python-devel	< 2.2.3-6.8	python-devel-2.2.3-6.8.s390.rpm
RedHat	4	src	python	< 2.3.4-14.4.el4_6.1	python-2.3.4-14.4.el4_6.1.src.rpm
RedHat	any	s390	python-tools	< 2.2.3-6.8	python-tools-2.2.3-6.8.s390.rpm
RedHat	any	s390	python	< 2.2.3-6.8	python-2.2.3-6.8.s390.rpm
RedHat	4	i386	python-devel	< 2.3.4-14.4.el4_6.1	python-devel-2.3.4-14.4.el4_6.1.i386.rpm