1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200409-03 / Python |
| Release Date | September 02, 2004 |
| Latest Revision | September 02, 2004: 01 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| dev-lang/python | < 2.2.2 | >= 2.2.2, < 2.2 | All supported architectures |
Related bugreports: #62440
Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a malformed IPV6 address is encountered by getaddrinfo().
Python is an interpreted, interactive, object-oriented, cross-platform programming language.
If IPV6 is disabled in Python 2.2, getaddrinfo() is not able to handle IPV6 DNS requests properly and a buffer overflow occurs.
An attacker can execute arbitrary code as the user running python.
Users with IPV6 enabled are not affected by this vulnerability.
All Python 2.2 users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge sync # emerge -pv ">=dev-lang/python-2.2.2" # emerge ">=dev-lang/python-2.2.2" |