JSON module: reading arbitrary process memory
Bug #1333396 reported by
Gert van Dijk
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Python |
Fix Released
|
Unknown
|
|||
| python2.6 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Lucid |
Won't Fix
|
Undecided
|
Unassigned | ||
| python2.7 (Debian) |
Fix Released
|
Unknown
|
|||
| python2.7 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Precise |
Won't Fix
|
Undecided
|
Unassigned | ||
| Saucy |
Won't Fix
|
Undecided
|
Unassigned | ||
| Trusty |
Triaged
|
Undecided
|
Unassigned | ||
| Utopic |
Fix Released
|
Undecided
|
Unassigned | ||
| python3.2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Precise |
Won't Fix
|
Undecided
|
Unassigned | ||
| python3.3 (Ubuntu) |
Triaged
|
Undecided
|
Unassigned | ||
| Saucy |
Won't Fix
|
Undecided
|
Unassigned | ||
| python3.4 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Trusty |
Triaged
|
Undecided
|
Unassigned | ||
| Utopic |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
As reported upstream, the JSON module of Python is vulnerable for reading arbitrary process memory. Please apply the patch as included in the upstream bug report: http://
CVE-2014-4616 is assigned:
https:/
Patch is applied upstream in 2.7.7, so this only applies to current Ubuntu releases.
CVE References
| information type: | Private Security → Public Security |
| Changed in python2.7 (Debian): | |
| status: | Unknown → New |
| Changed in python: | |
| status: | Unknown → Fix Released |
| description: | updated |
| no longer affects: | python3.4 (Ubuntu Saucy) |
| no longer affects: | python3.4 (Ubuntu Precise) |
| no longer affects: | python3.4 (Ubuntu Lucid) |
| no longer affects: | python3.3 (Ubuntu Utopic) |
| no longer affects: | python3.3 (Ubuntu Trusty) |
| no longer affects: | python3.3 (Ubuntu Precise) |
| no longer affects: | python3.3 (Ubuntu Lucid) |
| no longer affects: | python3.2 (Ubuntu Utopic) |
| no longer affects: | python3.2 (Ubuntu Trusty) |
| no longer affects: | python3.2 (Ubuntu Saucy) |
| no longer affects: | python3.2 (Ubuntu Lucid) |
| no longer affects: | python2.7 (Ubuntu Lucid) |
| no longer affects: | python2.6 (Ubuntu Precise) |
| no longer affects: | python2.6 (Ubuntu Saucy) |
| no longer affects: | python2.6 (Ubuntu Trusty) |
| no longer affects: | python2.6 (Ubuntu Utopic) |
| Changed in python2.6 (Ubuntu Lucid): | |
| status: | New → Triaged |
| Changed in python2.7 (Ubuntu Precise): | |
| status: | New → Triaged |
| Changed in python2.7 (Ubuntu Saucy): | |
| status: | New → Triaged |
| Changed in python2.7 (Ubuntu Trusty): | |
| status: | New → Triaged |
| Changed in python3.2 (Ubuntu Precise): | |
| status: | New → Triaged |
| Changed in python3.3 (Ubuntu Saucy): | |
| status: | New → Triaged |
| Changed in python3.4 (Ubuntu Trusty): | |
| status: | New → Triaged |
| Changed in python2.7 (Ubuntu Utopic): | |
| status: | New → Fix Released |
| Changed in python3.4 (Ubuntu Utopic): | |
| status: | New → Fix Released |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in python2.6 (Ubuntu): | |
| status: | New → Invalid |
| Changed in python3.2 (Ubuntu): | |
| status: | New → Invalid |
| Changed in python3.3 (Ubuntu): | |
| status: | New → Triaged |
Revision history for this message
| Rolf Leggewie (r0lf) wrote | #2 |
| Changed in python2.7 (Ubuntu Saucy): | |
| status: | Triaged → Won't Fix |
| Changed in python3.3 (Ubuntu Saucy): | |
| status: | Triaged → Won't Fix |
Revision history for this message
| Rolf Leggewie (r0lf) wrote | #4 |
| Changed in python2.6 (Ubuntu Lucid): | |
| status: | Triaged → Won't Fix |
| Changed in python2.7 (Debian): | |
| status: | New → Fix Released |
Revision history for this message
| Steve Langasek (vorlon) wrote | #5 |
| Changed in python2.7 (Ubuntu Precise): | |
| status: | Triaged → Won't Fix |
| Changed in python3.2 (Ubuntu Precise): | |
| status: | Triaged → Won't Fix |
To post a comment you must log in.
Thank you for reporting this issue. It has been entered into our CVE tracker and we will supply an update as part of our normal update process.