Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a malformed IPV6 address is encountered by getaddrinfo().
|Package||dev-lang/python on all architectures|
|Affected versions||< 2.2.2|
|Unaffected versions||>= 2.2.2, < 2.2|
Python is an interpreted, interactive, object-oriented, cross-platform programming language.
If IPV6 is disabled in Python 2.2, getaddrinfo() is not able to handle IPV6 DNS requests properly and a buffer overflow occurs.
An attacker can execute arbitrary code as the user running python.
Users with IPV6 enabled are not affected by this vulnerability.
All Python 2.2 users should upgrade to the latest version:
# emerge sync # emerge -pv ">=dev-lang/python-2.2.2" # emerge ">=dev-lang/python-2.2.2"
September 02, 2004
September 02, 2004: 01