oss-sec mailing list archives

CVE request -- Python imageop#3

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 27 Oct 2008 17:22:44 +0100

Hello Steve,

  could you please allocate a new CVE id for the
following Python integer / buffer overflow in imageop module -
from commit log:

"fix security issue 2: imageop's poor validation of arguments could
result in segfaults"

Proposed patch:
against trunk: http://svn.python.org/view?rev=66689&view=rev
against release-25maint: http://svn.python.org/view?rev=66690&view=rev

Affected Python versions: 1.5.2 through 2.5.1

This issue yet different one, than two previous Python imageop
related security issues (CVE-2007-4965 and CVE-2008-1679):

CVE-2007-4965 imageop module heap overflow / corruption / infinite loop)
its patch against trunk: http://svn.python.org/view?rev=65880&view=rev
its patch against release-25maint: http://svn.python.org/view?rev=65878&view=rev

CVE-2008-1679 (imageop integer overflow -incomplete fix of CVE-2007-4965)
advisory: https://issues.rpath.com/browse/RPL-2424
patch:  http://bugs.python.org/file9975/python-2.5-int-overflow-2.patch
The patch for this issue has been in upstream included into CVE-2008-4965.patch.


Thanks, Jan.
-- 
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE request -- Python imageop#3 Jan Lieskovsky (Oct 27)