[Bug 755383] New: VUL-0: python: hash collision DoS
https://bugzilla.novell.com/show_bug.cgi?id=755383 https://bugzilla.novell.com/show_bug.cgi?id=755383#c0 Summary: VUL-0: python: hash collision DoS Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: Other OS/Version: Other Status: ASSIGNED Severity: Normal Priority: P5 - None Component: Other AssignedTo: jmatejek@suse.com ReportedBy: mvyskocil@suse.com QAContact: security-team@suse.de CC: lnussel@suse.com, security-team@suse.de Depends on: 751718 Found By: Other Blocker: --- +++ This bug was initially created as a clone of Bug #751718 +++ Your friendly security team received the following report via oss-security. Please respond ASAP. The issue is public. CVE-2012-1150 python dictionaries are prone to hash table collision attacks. Web services for example might store parameters of a GET or POST request in a dictionary. An attacker may use this to cause high CPU load http://bugs.python.org/issue13703 http://seclists.org/fulldisclosure/2011/Dec/477 http://www.ocert.org/advisories/ocert-2011-003.html https://bugzilla.redhat.com/show_bug.cgi?id=750555 --------------------------- This one is for python3 for openSUSE 12.1 only. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=755383 https://bugzilla.novell.com/show_bug.cgi?id=755383#c Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High Status Whiteboard| |obs:running:370:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=755383 https://bugzilla.novell.com/show_bug.cgi?id=755383#c1 Jan Matejek <jmatejek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEW AssignedTo|jmatejek@suse.com |security-team@suse.de --- Comment #1 from Jan Matejek <jmatejek@suse.com> 2012-04-06 17:28:50 UTC --- python3 is fixed in SR #112896 reassigning to security -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=755383 https://bugzilla.novell.com/show_bug.cgi?id=755383#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|obs:running:370:moderate | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=755383 https://bugzilla.novell.com/show_bug.cgi?id=755383#c Bug 755383 depends on bug 751718, which changed state. Bug 751718 Summary: VUL-0: python: hash collision DoS http://bugzilla.novell.com/show_bug.cgi?id=751718 What |Old Value |New Value ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=755383 https://bugzilla.novell.com/show_bug.cgi?id=755383#c2 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #2 from Ludwig Nussel <lnussel@suse.com> 2012-06-06 10:12:07 CEST --- already released -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=755383 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| | maint:planned:update -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=755383 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| maint:planned:update | -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com