The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Python: buffer overflow via zipimporter

Synthesis of the vulnerability 

An attacker can generate a buffer overflow via zipimporter of Python, in order to trigger a denial of service, and possibly to run code.
Vulnerable software: Mac OS X, Debian, VNX Operating Environment, VNX Series, Fedora, openSUSE, openSUSE Leap, Solaris, Python, RHEL, Splunk Enterprise, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this announce: 2/4.
Creation date: 13/06/2016.
Références of this computer vulnerability: bulletinjul2016, CVE-2016-5636, DLA-1663-1, DLA-522-1, DSA-2019-131, DSA-2019-197, FEDORA-2016-308f78b2f4, FEDORA-2016-32e5a8c3a8, FEDORA-2016-9932f852c7, FEDORA-2016-d3a529aad6, FEDORA-2016-e63a732c9d, FEDORA-2016-eff21665e7, HT207615, openSUSE-SU-2016:1885-1, openSUSE-SU-2016:2120-1, openSUSE-SU-2020:0086-1, RHSA-2016:2586-02, SP-CAAAPSR, SPL-128812, SUSE-SU-2018:2408-1, SUSE-SU-2019:0223-1, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, USN-3134-1, VIGILANCE-VUL-19873.

Description of the vulnerability 

The Python product includes a module to manage Zip archive.

A Zip entry includes a flag "compressed ?" and size of the file entry, before and after compression. However, when an entry states "compressed" and one of the data size is -1, an integer overflow occurs, which leads to a heap based buffer overflow when the content of the archive entry is read.

An attacker can therefore generate a buffer overflow via zipimporter of Python, in order to trigger a denial of service, and possibly to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat impacts software or systems such as Mac OS X, Debian, VNX Operating Environment, VNX Series, Fedora, openSUSE, openSUSE Leap, Solaris, Python, RHEL, Splunk Enterprise, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this computer threat is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this cybersecurity bulletin.

Solutions for this threat 

Python: version 3.4.5.
The version 3.4.5 is fixed:
  https://www.python.org/ftp/python/3.4.5/Python-3.4.5.tgz

Python: version 3.5.2.
The version 3.5.2 is fixed:
  https://www.python.org/ftp/python/3.5.2/Python-3.5.2.tgz

Python: version 2.7.12.
The version 2.7.12 is fixed:
  https://www.python.org/downloads/release/python-2712/

Python: patch for zipimporter.
A patch is available:
  branch 2.7: http://hg.python.org/lookup/985fc64c60d6
  branch 3.4: http://hg.python.org/lookup/01ddd608b85c
  branch 3.4: http://hg.python.org/lookup/10dad6da1b28

Apple Mac OS X: version 10.12.4.
The version 10.12.4 is fixed.

Debian 8: new python3.4 packages.
New packages are available:
  Debian 8: python3.4 3.4.2-1+deb8u2

Debian: new python2.7 packages.
New packages are available:
  Debian 7: python2.7 2.7.3-6+deb7u3

Dell EMC VNXe3200: version 3.1.10.9946299.
The version 3.1.10.9946299 is fixed:
  https://www.dell.com/

Dell EMC VNXe: version MR4 Service Pack 5.
The version MR4 Service Pack 5 is fixed:
  https://www.dell.com/support/

Fedora: new python3 packages.
New packages are available:
  Fedora 23: python3 3.4.3-11.fc23
  Fedora 24: python3 3.5.1-12.fc24

Fedora: new python packages.
New packages are available:
  Fedora 23: python 2.7.11-7.fc23
  Fedora 24: python 2.7.11-8.fc24

openSUSE Leap 15.1: new python3 packages (22/01/2020).
New packages are available:
  openSUSE Leap 15.1: python3 3.6.10-lp151.6.7.1

openSUSE: new python3 packages.
New packages are available:
  openSUSE 13.2: python3 3.4.5-4.4.1
  openSUSE Leap 42.1: python3 3.4.5-8.1

openSUSE: new python packages.
New packages are available:
  openSUSE 13.2: python 2.7.12-3.1
  openSUSE Leap 42.1: python 2.7.12-23.1

RHEL 7: new python packages.
New packages are available:
  RHEL 7: python 2.7.5-48.el7

Solaris: patch for third party software of July 2016 v1.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Splunk Enterprise: versions 6.5.0, 6.4.5, 6.3.8, 6.2.12, 6.1.12, 6.0.13 and 5.0.17.
Versions 6.5.0, 6.4.5, 6.3.8, 6.2.12, 6.1.12, 6.0.13 and 5.0.17 are fixed:
  http://www.splunk.com/en_us/homepage.html

SUSE LE 11: new python packages.
New packages are available:
  SUSE LE 11 SP3: python 2.6.9-40.15.1
  SUSE LE 11 SP4: python 2.6.9-40.15.1

SUSE LE 12 RTM: new python packages.
New packages are available:
  SUSE LE 12 RTM: python 2.7.9-16.7.1

SUSE LE 15: new python3 packages (16/01/2020).
New packages are available:
  SUSE LE 15 RTM: python3 3.6.10-3.42.2
  SUSE LE 15 SP1: python3 3.6.10-3.42.2

SUSE LE 15: new python packages (27/01/2020).
New packages are available:
  SUSE LE 15 RTM: python 2.7.17-7.32.2
  SUSE LE 15 SP1: python 2.7.17-7.32.2

Ubuntu: new python packages.
New packages are available:
  Ubuntu 16.04 LTS: python2.7 2.7.12-1ubuntu0~16.04.1, python3.5 3.5.2-2ubuntu0~16.04.1
  Ubuntu 14.04 LTS: python2.7 2.7.6-8ubuntu0.3, python3.4 3.4.3-1ubuntu1~14.04.5
  Ubuntu 12.04 LTS: python2.7 2.7.3-0ubuntu3.9, python3.2 3.2.3-0ubuntu3.8
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer vulnerability announces. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.