Jump to content

Advisories MDVSA-2010:216: python


paul
 Share

Recommended Posts

Multiple vulnerabilities was discovered and corrected in python:

 

The asyncore module in Python before 3.2 does not properly handle

unsuccessful calls to the accept function, and does not have

accompanying documentation describing how daemon applications should

handle unsuccessful calls to the accept function, which makes it

easier for remote attackers to conduct denial of service attacks that

terminate these applications via network connections (CVE-2010-3492).

 

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,

2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of

service (daemon outage) by establishing and then immediately closing

a TCP connection, leading to the accept function having an unexpected

return value of None, an unexpected value of None for the address,

or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername

function having an ENOTCONN error, a related issue to CVE-2010-3492

(CVE-2010-3493).

 

The updated packages have been patched to correct these issues.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...