Gentoo Archives: gentoo-commits

From: "Robert Buchholz (rbu)" <rbu@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200802-10.xml
Date: Sat, 23 Feb 2008 19:04:15
Message-Id: E1JSzfQ-00009M-Va@stork.gentoo.org
1 rbu 08/02/23 19:04:12
2
3 Added: glsa-200802-10.xml
4 Log:
5 GLSA 200802-10
6
7 Revision Changes Path
8 1.1 xml/htdocs/security/en/glsa/glsa-200802-10.xml
9
10 file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200802-10.xml?rev=1.1&view=markup
11 plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200802-10.xml?rev=1.1&content-type=text/plain
12
13 Index: glsa-200802-10.xml
14 ===================================================================
15 <?xml version="1.0" encoding="utf-8"?>
16 <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17 <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20 <glsa id="200802-10">
21 <title>Python: PCRE Integer overflow</title>
22 <synopsis>
23 A vulnerability within Python's copy of PCRE might lead to the execution of
24 arbitrary code.
25 </synopsis>
26 <product type="ebuild">python</product>
27 <announced>February 23, 2008</announced>
28 <revised>February 23, 2008: 01</revised>
29 <bug>198373</bug>
30 <access>remote</access>
31 <affected>
32 <package name="dev-lang/python" auto="yes" arch="*">
33 <unaffected range="ge">2.3.6-r4</unaffected>
34 <vulnerable range="lt">2.3.6-r4</vulnerable>
35 </package>
36 </affected>
37 <background>
38 <p>
39 Python is an interpreted, interactive, object-oriented programming
40 language.
41 </p>
42 </background>
43 <description>
44 <p>
45 Python 2.3 includes a copy of PCRE which is vulnerable to an integer
46 overflow vulnerability, leading to a buffer overflow.
47 </p>
48 </description>
49 <impact type="normal">
50 <p>
51 An attacker could exploit the vulnerability by tricking a vulnerable
52 Python application to compile a regular expressions, which could
53 possibly lead to the execution of arbitrary code, a Denial of Service
54 or the disclosure of sensitive information.
55 </p>
56 </impact>
57 <workaround>
58 <p>
59 There is no known workaround at this time.
60 </p>
61 </workaround>
62 <resolution>
63 <p>
64 All Python 2.3 users should upgrade to the latest version:
65 </p>
66 <code>
67 # emerge --sync
68 # emerge --ask --oneshot --verbose &quot;&gt;=dev-lang/python-2.3.6-r4&quot;</code>
69 </resolution>
70 <references>
71 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228">CVE-2006-7228</uri>
72 <uri link="http://www.gentoo.org/security/en/glsa/glsa-200711-30.xml">GLSA 200711-30</uri>
73 </references>
74 <metadata tag="requester" timestamp="Mon, 07 Jan 2008 19:00:53 +0000">
75 rbu
76 </metadata>
77 <metadata tag="bugReady" timestamp="Mon, 28 Jan 2008 18:01:42 +0000">
78 jaervosz
79 </metadata>
80 <metadata tag="submitter" timestamp="Mon, 18 Feb 2008 22:37:11 +0000">
81 rbu
82 </metadata>
83 </glsa>
84
85
86
87 --
88 gentoo-commits@l.g.o mailing list