[security-announce] Python: Security update

Sona Sarmadi sona.sarmadi at enea.com
Tue Apr 21 15:07:33 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

	Enea Linux Security Advisory

=========================================================
Product/package: Python: 2.7.3
Severity: Low
CVE Name: CVE-2014-7185 buffer() integer overflow
leading to out of bounds read
=========================================================

This security patch fixes a buffer() integer overflow
leading to out of bounds read.

README file: 0063-python-CVE-2014-7185.README
Patch file: 0063-python-CVE-2014-7185.patch
Signed patch: 0063-python-CVE-2014-7185.patch.asc
sha1sum: 0063-python-CVE-2014-7185.patch.sha1

Description
===========
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.

References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing patches in the right order

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
wget https://linux.enea.com/4.0/patches/0063-python-CVE-2014-7185.patch
patch -p1 < ./0063-python-CVE-2014-7185.patch

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVNkuVAAoJEHc+9u9ocWoUghMQAJgHXCekTXOME1k+4MMVnpQd
sUsU1tEk97dO8k0WK+D1lc3Yl/MVRJXt/xrwg4M7lknyok8T040EQdmct/SMwLbj
NygzzoUHQ31cLK18LmRnsC/SdC0eUNq9Q2Gn+A0FNCdA/2iikX3OPqEp8qhEzDNv
zVLVncJ/tD+VTN48zfYYmkpC3WFwRGbEunYVnmkXg9ga7mzqMaQueu4EhF3wIH+9
M8pZl7ehe/xrv8c8c9m2NhzkgNz/WH2WcVDyw9X95sOz9fbPL6m5igH2Q+yJhKLP
xzupxoAquvO0x8thN/tgDafkpnXTJtmFVDtFJ+6KYwICG4EZRbBf25DlO8juKfGf
hh8T6t6JhqOEkE4KzgBtadpE7XqHywVJBb0swu8F53DLzSSAYpM69kLTOX1ukYaV
wh1MksAsboVa6JzVr4muT5bgKxY0ghGTguvIQAvFM2OvR2vHg6UHYjs1DifOSNj7
S+HiML2fHshk4PtXztoRNHKfKU7ar9szMyp6JSgdtQ3y4YJ5NUqlBdE4mcuaijB0
lj6OuqiCpLSKYv9PGabvVyZCtjaaxH/rN7CyjK+WJvQI2ys1VDfRsqJgWt4PpxjJ
AL1csu9I7H2G/VcqjheNUmrdWd9KGpC6wdJpM0fZQhOCy7rJV5Q3XNjxkQIQocm7
zu3sXGNUcoeuJVWqq6aY
=TUoe
-----END PGP SIGNATURE-----


More information about the security-announce mailing list