Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a buffer function.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Python | Python | * | 2.7.7 (including) |
| Python | Python | 2.7.1 (including) | 2.7.1 (including) |
| Python | Python | 2.7.1-rc1 (including) | 2.7.1-rc1 (including) |
| Python | Python | 2.7.2-rc1 (including) | 2.7.2-rc1 (including) |
| Python | Python | 2.7.3 (including) | 2.7.3 (including) |
| Python | Python | 2.7.4 (including) | 2.7.4 (including) |
| Python | Python | 2.7.5 (including) | 2.7.5 (including) |
| Python | Python | 2.7.6 (including) | 2.7.6 (including) |
| Python | Python | 2.7.1150 (including) | 2.7.1150 (including) |
| Python | Python | 2.7.2150 (including) | 2.7.2150 (including) |
| Red Hat Enterprise Linux 6 | RedHat | python-0:2.6.6-64.el6 | * |
| Red Hat Enterprise Linux 7 | RedHat | python-0:2.7.5-34.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | python27-0:1.1-17.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | python27-python-0:2.7.8-3.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | python27-python-pip-0:1.5.6-5.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | python27-python-setuptools-0:0.9.8-3.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | python27-python-simplejson-0:3.2.0-2.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | python27-python-wheel-0:0.24.0-2.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS | RedHat | python27-0:1.1-17.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS | RedHat | python27-python-0:2.7.8-3.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS | RedHat | python27-python-pip-0:1.5.6-5.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS | RedHat | python27-python-setuptools-0:0.9.8-3.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS | RedHat | python27-python-simplejson-0:3.2.0-2.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS | RedHat | python27-python-wheel-0:0.24.0-2.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS | RedHat | python27-0:1.1-17.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS | RedHat | python27-python-0:2.7.8-3.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS | RedHat | python27-python-pip-0:1.5.6-5.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS | RedHat | python27-python-setuptools-0:0.9.8-3.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS | RedHat | python27-python-simplejson-0:3.2.0-2.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS | RedHat | python27-python-wheel-0:0.24.0-2.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-0:1.1-20.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-python-0:2.7.8-3.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-python-pip-0:1.5.6-5.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-python-setuptools-0:0.9.8-5.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-python-simplejson-0:3.2.0-3.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-python-wheel-0:0.24.0-2.el7 | * |
| Python2.7 | Ubuntu | esm-infra-legacy/trusty | * |
| Python2.7 | Ubuntu | precise | * |
| Python2.7 | Ubuntu | trusty | * |
| Python2.7 | Ubuntu | trusty/esm | * |
| Python2.7 | Ubuntu | upstream | * |
References
- http://bugs.python.org/issue21831
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html
- http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html
- http://rhn.redhat.com/errata/RHSA-2015-1064.html
- http://rhn.redhat.com/errata/RHSA-2015-1330.html
- http://www.openwall.com/lists/oss-security/2014/09/23/5
- http://www.openwall.com/lists/oss-security/2014/09/25/47
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/70089
- https://bugzilla.redhat.com/show_bug.cgi?id=1146026
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96193
- https://security.gentoo.org/glsa/201503-10
- https://support.apple.com/kb/HT205031
- http://bugs.python.org/issue21831
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html
- http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html
- http://rhn.redhat.com/errata/RHSA-2015-1064.html
- http://rhn.redhat.com/errata/RHSA-2015-1330.html
- http://www.openwall.com/lists/oss-security/2014/09/23/5
- http://www.openwall.com/lists/oss-security/2014/09/25/47
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/70089
- https://bugzilla.redhat.com/show_bug.cgi?id=1146026
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96193
- https://security.gentoo.org/glsa/201503-10
- https://support.apple.com/kb/HT205031