Python 2.2: Buffer overflow in getaddrinfo()
Gentoo Linux Security Advisory
||GLSA 200409-03 / Python
||September 02, 2004
||September 02, 2004: 01
All supported architectures
Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a
malformed IPV6 address is encountered by getaddrinfo().
Python is an interpreted, interactive, object-oriented, cross-platform
If IPV6 is disabled in Python 2.2, getaddrinfo() is not able to handle IPV6
DNS requests properly and a buffer overflow occurs.
An attacker can execute arbitrary code as the user running python.
Users with IPV6 enabled are not affected by this vulnerability.
All Python 2.2 users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge sync
# emerge -pv ">=dev-lang/python-2.2.2"
# emerge ">=dev-lang/python-2.2.2"