FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3142

This CVE name corresponds to:

Entered	Topic
2008-09-10	python -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3142 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-3142
Phase	Assigned(20080710)

Description

Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.

References

Source	Reference
BUGTRAQ	20080813 rPSA-2008-0243-1 idle python
BUGTRAQ	20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
CONFIRM	http://bugs.gentoo.org/show_bug.cgi?id=232137
CONFIRM	http://bugs.python.org/file10825/issue2620-gps02-patch.txt
CONFIRM	http://bugs.python.org/issue2620
CONFIRM	http://wiki.rpath.com/Advisories:rPSA-2008-0243
CONFIRM	http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
CONFIRM	http://support.apple.com/kb/HT3438
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
APPLE	APPLE-SA-2009-02-12
DEBIAN	DSA-1667
GENTOO	GLSA-200807-16
MANDRIVA	MDVSA-2008:163
MANDRIVA	MDVSA-2008:164
SLACKWARE	SSA:2008-217-01
SUSE	SUSE-SR:2008:017
UBUNTU	USN-632-1
BID	30491
OVAL	oval:org.mitre.oval:def:11466
OVAL	oval:org.mitre.oval:def:8422
SECUNIA	32793
SECUNIA	37471
VUPEN	ADV-2008-2288
SECUNIA	31358
SECUNIA	31305
SECUNIA	31332
SECUNIA	31365
SECUNIA	31518
SECUNIA	31687
SECUNIA	31473
SECUNIA	33937
VUPEN	ADV-2009-3316
XF	python-multiple-bo(44173)
XF	python-unicode-bo(44170)