https://bugzilla.novell.com/show_bug.cgi?id=755383 https://bugzilla.novell.com/show_bug.cgi?id=755383#c0 Summary: VUL-0: python: hash collision DoS Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: Other OS/Version: Other Status: ASSIGNED Severity: Normal Priority: P5 - None Component: Other AssignedTo: jmatejek@suse.com ReportedBy: mvyskocil@suse.com QAContact: security-team@suse.de CC: lnussel@suse.com, security-team@suse.de Depends on: 751718 Found By: Other Blocker: --- +++ This bug was initially created as a clone of Bug #751718 +++ Your friendly security team received the following report via oss-security. Please respond ASAP. The issue is public. CVE-2012-1150 python dictionaries are prone to hash table collision attacks. Web services for example might store parameters of a GET or POST request in a dictionary. An attacker may use this to cause high CPU load http://bugs.python.org/issue13703 http://seclists.org/fulldisclosure/2011/Dec/477 http://www.ocert.org/advisories/ocert-2011-003.html https://bugzilla.redhat.com/show_bug.cgi?id=750555 --------------------------- This one is for python3 for openSUSE 12.1 only. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.