Oracle Linux: CVE-2021-3177: ELSA-2021-9128: python27:2.7 security update (IMPORTANT) (Multiple Advisories)
Description
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack and crash the application. The highest threat from this vulnerability is to system availability.
Solution(s)
- oracle-linux-upgrade-python38
- oracle-linux-upgrade-python38-asn1crypto
- oracle-linux-upgrade-python38-babel
- oracle-linux-upgrade-python38-cffi
- oracle-linux-upgrade-python38-chardet
- oracle-linux-upgrade-python38-cryptography
- oracle-linux-upgrade-python38-cython
- oracle-linux-upgrade-python38-debug
- oracle-linux-upgrade-python38-devel
- oracle-linux-upgrade-python38-idle
- oracle-linux-upgrade-python38-idna
- oracle-linux-upgrade-python38-jinja2
- oracle-linux-upgrade-python38-libs
- oracle-linux-upgrade-python38-lxml
- oracle-linux-upgrade-python38-markupsafe
- oracle-linux-upgrade-python38-mod-wsgi
- oracle-linux-upgrade-python38-numpy
- oracle-linux-upgrade-python38-numpy-doc
- oracle-linux-upgrade-python38-numpy-f2py
- oracle-linux-upgrade-python38-pip
- oracle-linux-upgrade-python38-pip-wheel
- oracle-linux-upgrade-python38-ply
- oracle-linux-upgrade-python38-psutil
- oracle-linux-upgrade-python38-psycopg2
- oracle-linux-upgrade-python38-psycopg2-doc
- oracle-linux-upgrade-python38-psycopg2-tests
- oracle-linux-upgrade-python38-pycparser
- oracle-linux-upgrade-python38-pymysql
- oracle-linux-upgrade-python38-pysocks
- oracle-linux-upgrade-python38-pytz
- oracle-linux-upgrade-python38-pyyaml
- oracle-linux-upgrade-python38-requests
- oracle-linux-upgrade-python38-rpm-macros
- oracle-linux-upgrade-python38-scipy
- oracle-linux-upgrade-python38-setuptools
- oracle-linux-upgrade-python38-setuptools-wheel
- oracle-linux-upgrade-python38-six
- oracle-linux-upgrade-python38-test
- oracle-linux-upgrade-python38-tkinter
- oracle-linux-upgrade-python38-urllib3
- oracle-linux-upgrade-python38-wheel
- oracle-linux-upgrade-python38-wheel-wheel
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center