Debian Security Advisory

DSA-1198-1 python2.3 -- buffer overflow

Date Reported:
23 Oct 2006
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 391589.
In Mitre's CVE dictionary: CVE-2006-4980.
More information:

Benjamin C. Wiley Sittler discovered that the repr() of the Python interpreter allocates insufficient memory when parsing UCS-4 Unicode strings, which might lead to execution of arbitrary code through a buffer overflow.

For the stable distribution (sarge) this problem has been fixed in version 2.3.5-3sarge2. Due to build problems this update lacks fixed packages for the Alpha and Sparc architectures. Once they are sorted out, fixed binaries will be released.

For the unstable distribution (sid) this problem has been fixed in version 2.3.5-16.

We recommend that you upgrade your Python 2.3 packages.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:

MD5 checksums of the listed files are available in the original advisory.