Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. #### Bugs * <http://bugs.python.org/issue13703> * <https://bugzilla.redhat.com/show_bug.cgi?id=750555> #### Notes Author| Note ---|--- [jdstrand](<https://launchpad.net/~jdstrand>) | patch does not change the default, so the risk of backporting to python2.5 and python2.4 outweighs the benefit of adding the patch. Ubuntu 8.04 LTS who require this patch should upgrade to Ubuntu 10.04 LTS or another supported release. the patch for 3.2 on oneiric is somewhere between the upstream 3.1 and 3.2 patches. Specifically, need the Modules/_datetimemodule.c changes

Affected Package

OS OS Version Package Name Package Version
ubuntu upstream python2.4 any
ubuntu upstream python2.5 any
ubuntu 10.04 python2.6 2.6.5-1ubuntu6.1
ubuntu 11.04 python2.6 2.6.6-6ubuntu7.1
ubuntu 11.10 python2.6 2.6.7-4ubuntu1.1
ubuntu upstream python2.6 2.6.8
ubuntu 11.04 python2.7 2.7.1-5ubuntu2.2
ubuntu 11.10 python2.7 2.7.2-5ubuntu1.1
ubuntu upstream python2.7 2.7.3~rc1-1
ubuntu 10.04 python3.1 3.1.2-0ubuntu3.2
ubuntu 11.04 python3.1 3.1.3-1ubuntu1.2
ubuntu upstream python3.1 any
ubuntu 11.04 python3.2 3.2-1ubuntu1.2
ubuntu 11.10 python3.2 3.2.2-0ubuntu1.1
ubuntu upstream python3.2 3.2.3~rc1-1