FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

python -- multiple vulnerabilities

Affected packages
python24 < 2.4.5_2
python25 < 2.5.2_3
0 < python23

Details

VuXML ID 0dccaa28-7f3c-11dd-8de5-0030843d3802
Discovery 2008-08-04
Entry 2008-09-10

Secunia reports:

Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.

An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.

Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems.

An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a "vsnprintf()" function.

An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.

References

CVE Name CVE-2008-2315
CVE Name CVE-2008-2316
CVE Name CVE-2008-3142
CVE Name CVE-2008-3144
Message http://mail.python.org/pipermail/python-checkins/2008-July/072174.html
Message http://mail.python.org/pipermail/python-checkins/2008-July/072276.html
Message http://mail.python.org/pipermail/python-checkins/2008-June/070481.html
URL http://bugs.python.org/issue2588
URL http://bugs.python.org/issue2589
URL http://bugs.python.org/issue2620
URL http://secunia.com/advisories/31305