A bug in Python permits execution of arbitrary code
The scripting language Python has a security problem relating to string handling. According to a security notice from Ubuntu, if UTF-32/UCS-4 coded strings are passed to the repr() function, it is possible to infiltrate code and to execute this code with the privileges of the Python application. An attacker could, in certain circumstances, gain control of a web server which uses Python scripts. In most cases, however, the Python application would merely crash.
Versions 2.3 and 2.4 are affected. No official patch is yet available, but upgrading to Python 2.5 will remedy the problem. Packages with bug free versions of 2.3 and 2.4 have already been released by Ubuntu. Other Linux distributions should soon follow suit.
- Buffer overrun in repr() for Unicode strings, bug report on Sourceforge
- Python2.3, python2.4 vulnerabilities, security notice from Ubuntu