Python: buffer overflows, DoS, Race Condition vulnerabilities

Users of python please be advised of a buffer overflows, DoS, Race Condition vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

MDVSA-2010:215: [MDVSA-2010:215] python buffer overflows, DoS, Race Condition

Problem Description: Multiple vulnerabilities was discovered and corrected in python: Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference (CVE-2009-4134).

Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12 (CVE-2010-1449). Read more at www.criticalwatch.com

 

See this Amp at http://amplify.com/u/ej2u