Thousands of applications, including many large and mission critical systems at enterprises like Industrial Light & Magic, Google and NASA, are vulnerable to a bug that could allow a remote attacker to execute arbitrary code or gain system access.
Applications and systems using Python -- including Debian GNU/Linux and Mandrake Linux -- may need to be updated or rebuilt.
Python developer Sebastian Schmidt has discovered vulnerability in the getaddrinfo function, which resolves a host and port into the addrinfo struct.
A remote attacker could supply a specially crafted IPv6 address via DNS that could cause a buffer overflow, permitting execution of arbitrary code and unauthorized system access. This only occurs if Python is configured without IPv6 support.
Only a week ago, another Python vulnerability was discovered involving Debian and Apache that allowed a remote denial of service.