Rapid7 Vulnerability & Exploit Database

CESA-2007:1076: RHSA-2007:1076

Back to Search

CESA-2007:1076: RHSA-2007:1076

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
11/14/2007
Created
07/25/2018
Added
03/12/2010
Modified
08/29/2017

Description

Moderate: python security updatePython is an interpreted, interactive, object-oriented programminglanguage.An integer overflow flaw was discovered in the way Python's pcre modulehandled certain regular expressions. If a Python application used the pcremodule to compile and execute untrusted regular expressions, it may bepossible to cause the application to crash, or allow arbitrary codeexecution with the privileges of the Python interpreter. (CVE-2006-7228)A flaw was discovered in the strxfrm() function of Python's locale module.Strings generated by this function were not properly NULL-terminated. Thismay possibly cause disclosure of data stored in the memory of a Pythonapplication using this function. (CVE-2007-2052)Multiple integer overflow flaws were discovered in Python's imageop module.If an application written in Python used the imageop module to processuntrusted images, it could cause the application to crash, enter aninfinite loop, or possibly execute arbitrary code with the privileges ofthe Python interpreter. (CVE-2007-4965)Users of Python are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues.

Solution(s)

  • centos-upgrade-python
  • centos-upgrade-python-devel
  • centos-upgrade-python-docs
  • centos-upgrade-python-tools
  • centos-upgrade-tkinter

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;