[v2.7] python: boundary error within the sock_recvfrom_into() (CVE-2014-1912)
A vulnerability was reported in Python’s socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912
http://bugs.python.org/issue20246
https://bugzilla.redhat.com/show\_bug.cgi?id=1062370
(from redmine: issue id 2713, created on 2014-02-21, closed on 2014-03-03)
- Relations:
- parent #2709 (closed)
- Changesets:
- Revision ab1c8dcb by Natanael Copa on 2014-02-24T16:32:12Z:
main/python: security fix for CVE-2014-1912
fixes #2713