CVE-2008-1887

Publication date 18 April 2008

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.

Status

Package Ubuntu Release Status
python2.4 8.04 LTS hardy
Not affected
7.10 gutsy
Fixed 2.4.4-6ubuntu4.2
7.04 feisty
Fixed 2.4.4-2ubuntu7.2
6.06 LTS dapper
Fixed 2.4.3-0ubuntu6.2
python2.5 8.04 LTS hardy
Not affected
7.10 gutsy
Fixed 2.5.1-5ubuntu5.2
7.04 feisty
Fixed 2.5.1-0ubuntu1.2
6.06 LTS dapper Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
python2.4

References

Related Ubuntu Security Notices (USN)

    • USN-632-1
    • Python vulnerabilities
    • 1 August 2008

Other references