Category Archives: Patch ESX350-200802408-SG: Security Updates to the Python Package (1003451)

VMware ESX Server 3.5, Patch ESX350-200802408-SG: Security Updates to the Python Package (1003451)

New VMware KB : VMware ESX Server 3.5, Patch ESX350-200802408-SG: Security Updates to the Python Package (1003451)

Summaries and Symptoms

This patch provides service console updates for the Python package. The patch fixes the following security issues:

  • An integer overflow issue with the way Python’s Perl Compatible Regular Expression (PCRE) module handles certain regular expressions. If a Python application uses the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-7228 to this issue.

  • A flaw in Python’s locale module where strings generated by the strxfrm() function are not properly NULL-terminated. This might result in disclosure of data stored in the memory of a Python application using the strxfrm() function.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2052 to this issue.

  • Multiple integer overflow flaws in Python’s imageop module that can allow an attacker to cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4965 to this issue.

Full KB http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003451