CVE-2012-1150

Priority
Medium
Description
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before
3.2.3 computes hash values without restricting the ability to trigger hash
collisions predictably, which allows context-dependent attackers to cause a
denial of service (CPU consumption) via crafted input to an application
that maintains a hash table.
References
Bugs
Notes
 jdstrand> patch does not change the default, so the risk of backporting to
  python2.5 and python2.4 outweighs the benefit of adding the patch. Ubuntu
  8.04 LTS who require this patch should upgrade to Ubuntu 10.04 LTS or
  another supported release.
 jdstrand> the patch for 3.2 on oneiric is somewhere between the upstream 3.1
  and 3.2 patches. Specifically, need the Modules/_datetimemodule.c changes
Assigned-to
jdstrand
Package
Upstream:released (2.7.3~rc1-1)
Patches:
Upstream:http://hg.python.org/cpython/rev/a0f43f4481e0
Package
Upstream:released (2.6.8)
Patches:
Upstream:http://hg.python.org/cpython/rev/6b7704fe1be1
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (3.2.3~rc1-1)
Patches:
Upstream:http://hg.python.org/cpython/rev/ed76dc34b39d
Package
Upstream:needs-triage
Patches:
Upstream:http://hg.python.org/cpython/rev/f4b7ecf8a5f8 (pt1)
Upstream:http://hg.python.org/cpython/rev/ab1886e7fc19 (pt2)
More Information

Updated: 2017-08-11 23:48:57 UTC (commit 13081)