Summary: | <dev-lang/python-{2.6.8,2.7.3-r1,3.1.5,3.2.3}: DoS by processing malformed XMLRPC / HTTP POST request (CVE-2012-0845) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.python.org/issue14001 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-02-13 17:26:41 UTC
Issue fixed by the stabilization in bug 396329. http://www.python.org/download/releases/2.6.8/ http://www.python.org/download/releases/2.7.3/ http://www.python.org/download/releases/3.1.5/ http://www.python.org/download/releases/3.2.3/ Adding to existing GLSA. CVE-2012-0845 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0845): SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. This issue was resolved and addressed in GLSA 201401-04 at http://security.gentoo.org/glsa/glsa-201401-04.xml by GLSA coordinator Sergey Popov (pinkbyte). |