Python 3.4.4 Released

Early this week the Python Foundation followed up it’s previous release earlier this month with version 3.4.4.


The noteworthy changes in this update are as follows which resolve the issues listed below:

8x buffer overreads
1x buffer overrun (essentially an overflow, defined)
1x reading from a buffer issue
1x integer overflow (defined)
Multiple integer overflows (no exact number given) resolved within the pickle module
1x integer out of bounds issue
1x overflow in _Unpickler_Read
Overflows fixed in timedelta * float, unicodedata module and Windows subprocess creation code
3x use after free issues (defined)
1x arbitrary code execution vulnerability in the dbm.dumb module
OpenSSL upgraded from 1.0.1j to 1.0.2d (for Windows), version 1.0.2e for Mac OS X which resolves 24 CVEs (defined)(see here and here for the CVE references provided by OpenSSL)

The full changelog is available from this link.

As was the case with the previous updates the buffer overreads, integer overflows and use-after-free issues etc. have not been assigned CVE numbers and are not explicitly reported as security vulnerabilities in this changelog, it is still best practice to patch these bugs if you are using an affected version of Python.

If you have an older release of Python installed e.g. 3.4.3 or older, please consider upgrading to the most recent 3.4.4 update to benefit from the above mentioned fixes.

Advice on porting (adapting) older Python code to newer releases is available here and here.

As a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.