Summary: | <dev-lang/python-{2.7.12,3.4.5}: Heap overflow in zipimporter module (CVE-2016-5636) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1345856 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 585946 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2016-06-14 10:26:03 UTC
We should probably backport these onto the currently stable ebuilds with a revbump. Fix is in v2.7.12: $ hg log -r "985fc64c60d6:: and tag()" changeset: 101898:13912cd1e7e8 branch: 2.7 tag: v2.7.12rc1 user: Benjamin Peterson <benjamin@python.org> date: Sat Jun 11 14:46:26 2016 -0700 summary: 2.7.12 release candidate 1 changeset: 102173:d33e0cf91556 branch: 2.7 tag: v2.7.12 parent: 102122:45d4cea97b04 user: Benjamin Peterson <benjamin@python.org> date: Sat Jun 25 14:03:21 2016 -0700 summary: 2.7.12 final Fix for 3.4 branch was: https://hg.python.org/cpython/rev/5ae8756a1ae0 which is not yet released, see $ hg log -r "5ae8756a1ae0:: and tag()" changeset: 104442:b9fadc7d1c3f branch: 3.6 tag: v3.6.0b2 user: Ned Deily <nad@python.org> date: Mon Oct 10 16:09:08 2016 -0400 summary: Version bump for 3.6.0b2 changeset: 104860:8345e066c0ed branch: 3.6 tag: v3.6.0b3 user: Ned Deily <nad@python.org> date: Mon Oct 31 20:43:30 2016 -0400 summary: Version bump for 3.6.0b3 changeset: 105327:18496abdb3d5 branch: 3.6 tag: v3.6.0b4 user: Ned Deily <nad@python.org> date: Mon Nov 21 23:30:55 2016 -0500 summary: Version bump for 3.6.0b4 Wait, 3.4er changeset fixing the problem was 01ddd608b85c which was changeset: 102200:619b61e505d0 branch: 3.4 tag: v3.4.5 user: Larry Hastings <larry@hastings.org> date: Sat Jun 25 14:44:30 2016 -0700 summary: Version bump for 3.4.5 final. CVE-2016-5636 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5636): Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. This issue was resolved and addressed in GLSA 201701-18 at https://security.gentoo.org/glsa/201701-18 by GLSA coordinator Thomas Deutschmann (whissi). |