Package name
python
Date
2014-07-10
Advisory ID
MDVSA-2014:135
Affected versions
MBS1 x86_64

Problem description

Updated python and python-simplejson package fixes security
vulnerability

Python are susceptible to arbitrary process memory reading by a user
or adversary due to a bug in the _json module caused by insufficient
bounds checking. The bug is caused by allowing the user to supply a
negative value that is used an an array index, causing the scanstring
function to access process memory outside of the string it is intended
to access (CVE-2014-4616).

This issue also affected the python-simplejson package, which has
been patched to fix the bug.

Updated packages

MBS1 x86_64

 d9dc3e344912fe13ca0abaac75f1a2bc  mbs1/x86_64/lib64python2.7-2.7.3-4.7.mbs1.x86_64.rpm
 d95379dfaf5a4c1c4b866b1ed4508cc6  mbs1/x86_64/lib64python-devel-2.7.3-4.7.mbs1.x86_64.rpm
 9afec1ffb70517b2d0ee7e7000f71db4  mbs1/x86_64/python-2.7.3-4.7.mbs1.x86_64.rpm
 6f4db8fc759094286f4c2f091e3c836a  mbs1/x86_64/python-docs-2.7.3-4.7.mbs1.noarch.rpm
 47ac5e01908c8e338c5c57ea8b289f0a  mbs1/x86_64/python-simplejson-2.3.3-2.1.mbs1.x86_64.rpm
 6220ae202c1e8a36ee0247dbd6c562b0  mbs1/x86_64/tkinter-2.7.3-4.7.mbs1.x86_64.rpm
 190dd1f702c49cec2f19dc318194f5c8  mbs1/x86_64/tkinter-apps-2.7.3-4.7.mbs1.x86_64.rpm 
 170ddde5f118f76a595ff5c7956cd9b0  mbs1/SRPMS/python-2.7.3-4.7.mbs1.src.rpm
 572c8374b57cfc16727897b8a959222d  mbs1/SRPMS/python-simplejson-2.3.3-2.1.mbs1.src.rpm

References