CESA-2007:1076: RHSA-2007:1076
Description
Moderate: python security updatePython is an interpreted, interactive, object-oriented programminglanguage.An integer overflow flaw was discovered in the way Python's pcre modulehandled certain regular expressions. If a Python application used the pcremodule to compile and execute untrusted regular expressions, it may bepossible to cause the application to crash, or allow arbitrary codeexecution with the privileges of the Python interpreter. (CVE-2006-7228)A flaw was discovered in the strxfrm() function of Python's locale module.Strings generated by this function were not properly NULL-terminated. Thismay possibly cause disclosure of data stored in the memory of a Pythonapplication using this function. (CVE-2007-2052)Multiple integer overflow flaws were discovered in Python's imageop module.If an application written in Python used the imageop module to processuntrusted images, it could cause the application to crash, enter aninfinite loop, or possibly execute arbitrary code with the privileges ofthe Python interpreter. (CVE-2007-4965)Users of Python are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues.
Solution(s)
- centos-upgrade-python
- centos-upgrade-python-devel
- centos-upgrade-python-docs
- centos-upgrade-python-tools
- centos-upgrade-tkinter
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center