Mandrake Linux Security Advisory : python (MDKSA-2004:019)
High Nessus Plugin ID 14119
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA buffer overflow in python 2.2's getaddrinfo() function was discovered by Sebastian Schmidt. If python 2.2 is built without IPv6 support, an attacker could configure their name server to let a hostname resolve to a special IPv6 address, which could contain a memory address where shellcode is placed. This problem does not affect python versions prior to 2.2 or versions 2.2.2+, and it also doesn't exist if IPv6 support is enabled.
The updated packages have been patched to correct the problem. Thanks to Sebastian for both the discovery and patch.
SolutionUpdate the affected packages.