CVE-2021-3177 (https://bugs.python.org/issue42938): Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. Looks like none of the patches linked in the upstream issue have been released, so please patch.
In case anyone's wondering, 2.7 is affected too. I'm going to see how hard would it be to adapt the patch. In the meantime, I'll fix all 3.x versions.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afa94fe2afbd6863228b94d9184ffe6190d7a14a commit afa94fe2afbd6863228b94d9184ffe6190d7a14a Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-01-19 21:59:32 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-01-19 22:06:06 +0000 dev-lang/python: Backport CVE-2021-3177 fix to 3.6.12 Bug: https://bugs.gentoo.org/766189 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 1 + dev-lang/python/python-3.6.12-r2.ebuild | 331 ++++++++++++++++++++++++++++++++ 2 files changed, 332 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96cd00de5e0021e3e1a3812982a7fc590ab361a6 commit 96cd00de5e0021e3e1a3812982a7fc590ab361a6 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-01-19 21:57:56 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-01-19 22:06:05 +0000 dev-lang/python: Backport CVE-2021-3177 fix to 3.7.9 Bug: https://bugs.gentoo.org/766189 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 1 + dev-lang/python/python-3.7.9-r2.ebuild | 317 +++++++++++++++++++++++++++++++++ 2 files changed, 318 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=feb36e92467d2547976489d894944602466989c9 commit feb36e92467d2547976489d894944602466989c9 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-01-19 21:56:12 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-01-19 22:06:04 +0000 dev-lang/python: Backport CVE-2021-3177 fix to 3.8.7 Bug: https://bugs.gentoo.org/766189 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 2 +- dev-lang/python/{python-3.8.7.ebuild => python-3.8.7-r1.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=67b08d18957ef352601eda27cb72ecc63f25111d commit 67b08d18957ef352601eda27cb72ecc63f25111d Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-01-19 21:54:37 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-01-19 22:06:03 +0000 dev-lang/python: Backport CVE-2021-3177 fix to 3.9.1 Bug: https://bugs.gentoo.org/766189 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 2 +- dev-lang/python/{python-3.9.1.ebuild => python-3.9.1-r1.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e13e61125aba6cb270446b922b810c6eb7c1af9b commit e13e61125aba6cb270446b922b810c6eb7c1af9b Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-01-19 21:52:07 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-01-19 22:06:02 +0000 dev-lang/python: Backport CVE-2021-3177 fix to 3.10.0a3 Bug: https://bugs.gentoo.org/766189 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 2 +- .../{python-3.10.0_alpha3.ebuild => python-3.10.0_alpha3-r1.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcd672dfa8a4bf786afb13aa4ebeb42870b20524 commit fcd672dfa8a4bf786afb13aa4ebeb42870b20524 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-01-19 23:00:32 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-01-20 00:12:08 +0000 dev-lang/python: Backport CVE-2021-3177 fix to 2.7.18 Bug: https://bugs.gentoo.org/766189 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 1 + dev-lang/python/python-2.7.18-r6.ebuild | 347 ++++++++++++++++++++++++++++++++ 2 files changed, 348 insertions(+)
Sanity check failed: > dev-lang/python-3.6.12-r2 > bdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (41 total) > app-crypt/openpgp-keys-python > bdepend amd64 stable profile default/linux/amd64/17.1 (54 total) > app-crypt/openpgp-keys-python > dev-lang/python-2.7.18-r6 > bdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (41 total) > app-crypt/openpgp-keys-python > bdepend amd64 stable profile default/linux/amd64/17.1 (54 total) > app-crypt/openpgp-keys-python > dev-lang/python-3.6.12-r2 > bdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (41 total) > app-crypt/openpgp-keys-python > bdepend amd64 stable profile default/linux/amd64/17.1 (54 total) > app-crypt/openpgp-keys-python > dev-lang/python-3.7.9-r2 > bdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (41 total) > app-crypt/openpgp-keys-python > bdepend amd64 stable profile default/linux/amd64/17.1 (54 total) > app-crypt/openpgp-keys-python > dev-lang/python-3.8.7-r1 > bdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (41 total) > app-crypt/openpgp-keys-python > bdepend amd64 stable profile default/linux/amd64/17.1 (54 total) > app-crypt/openpgp-keys-python > dev-lang/python-3.9.1-r1 > bdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (41 total) > app-crypt/openpgp-keys-python > bdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (41 total) > app-crypt/openpgp-keys-python > bdepend amd64 stable profile default/linux/amd64/17.1 (54 total) > app-crypt/openpgp-keys-python > bdepend amd64 stable profile default/linux/amd64/17.1 (54 total) > app-crypt/openpgp-keys-python > dev-lang/python-2.7.18-r6 > bdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (41 total) > app-crypt/openpgp-keys-python > bdepend amd64 stable profile default/linux/amd64/17.1 (54 total) > app-crypt/openpgp-keys-python
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=c2262f56e55776bf22a3d3e24bb470acc6292264 commit c2262f56e55776bf22a3d3e24bb470acc6292264 Author: Fabian Groffen <grobian@gentoo.org> AuthorDate: 2021-01-21 11:15:41 +0000 Commit: Fabian Groffen <grobian@gentoo.org> CommitDate: 2021-01-21 11:15:41 +0000 dev-lang/python: cleanup/fix vulnerable non-masked versions - bump 3.8.7-r1, 3.9.1-r1 - remove 3.7.8-r2, 3.8.6-r1 Bug: https://bugs.gentoo.org/766189 Package-Manager: Portage-3.0.12.0.2-prefix, Repoman-3.0.2 Signed-off-by: Fabian Groffen <grobian@gentoo.org> dev-lang/python/Manifest | 11 +- dev-lang/python/python-3.7.8-r2.ebuild | 447 --------------------- dev-lang/python/python-3.8.6-r1.ebuild | 431 -------------------- ...{python-3.8.7.ebuild => python-3.8.7-r1.ebuild} | 36 +- ...{python-3.9.1.ebuild => python-3.9.1-r1.ebuild} | 2 +- 5 files changed, 4 insertions(+), 923 deletions(-)
All sanity-check issues have been resolved
sparc already done
arm64 done
arm done
amd64 done
ppc64 done
This issue was resolved and addressed in GLSA 202101-18 at https://security.gentoo.org/glsa/202101-18 by GLSA coordinator Aaron Bauman (b-man).
re-opened for final arches and cleanup
ppc done
hppa stable
s390 done
x86 stable
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ffd46762b623fb179b5630dd033cd7d177bc4035 commit ffd46762b623fb179b5630dd033cd7d177bc4035 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-02-19 08:17:37 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-02-19 08:22:01 +0000 dev-lang/python: Remove old Bug: https://bugs.gentoo.org/766189 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 11 - dev-lang/python/python-2.7.18-r5.ebuild | 348 ------------------------ dev-lang/python/python-3.10.0_alpha3-r1.ebuild | 334 ----------------------- dev-lang/python/python-3.10.0_alpha4.ebuild | 353 ------------------------- dev-lang/python/python-3.6.12-r1.ebuild | 332 ----------------------- dev-lang/python/python-3.7.9-r1.ebuild | 318 ---------------------- dev-lang/python/python-3.8.6-r1.ebuild | 322 ---------------------- dev-lang/python/python-3.9.0-r1.ebuild | 331 ----------------------- 8 files changed, 2349 deletions(-)
Thanks you! Tree is clean.