[Stackless] Stackless to address multiple buffer overflow vulnerability?
gwhulbert at eol.ca
Fri Aug 15 18:36:07 CEST 2008
This is an old problem.
The flaw only manifests itself in Python builds configured to support
UCS-4 Unicode strings (using the --enable-unicode=ucs4 configure flag).
This is still not the default, which is why the vulnerability should not
be present in most Python builds out there, especially not the builds for
the Windows or Mac OS X platform provided by www.python.org.
You can find out whether you are running a UCS-4 enabled build by looking
at the sys.maxunicode attribute: it is 65535 in a UCS-2 build and 1114111
in a UCS-4 build.
On Fri, 2008-15-08 at 09:51 -0500, David E. Sallis wrote:
> Recently a multiple buffer overflow vulnerability advisory was posted for all versions of Python except 2.5.2-r6 and 2.4.4-r14 (see
> Is Stackless being patched to address these vulnerabilities? I'm currently using Stackless 2.4.3 but could probably upgrade to
> 2.5.2. Which give rise to another question: is Stackless 2.5.2 vulnerable?
> Many thanks.
More information about the Stackless