Technical Description

Debian has released updated packages to correct a vulnerability identified in Python 2.3. This flaw is due to an integer overflow error in "pcre_compile.c" when handling specially crafted regular expressions, which could be exploited by remote attackers (able to send regular expressions) to execute arbitrary commands with the privileges of the application using the vulnerable library. For additional information, see : VUPEN/ADV-2005-1511

Affected Products

Debian GNU/Linux stable (sarge)
Debian GNU/Linux unstable (sid)

Solution

Debian GNU/Linux stable (sarge) - Upgrade to version 2.3.5-3sarge1
Debian GNU/Linux unstable (sid) - Upgrade to version 2.3.5-8

References

http://www.vupen.com/english/advisories/2005/1872
http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00212.html

ChangeLog

2005-09-28 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.