Updated python packages fix security vulnerabilities
Publication date: 29 May 2018Modification date: 29 May 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-1060 , CVE-2018-1061
Description
Updated python packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service (CVE-2018-1060). A flaw was found in the way catastrophic backtracking was implemented in Python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service (CVE-2018-1061).
References
- https://bugs.mageia.org/show_bug.cgi?id=22845
- https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6WVU6LVRWETHDLXB6T3636AYNKVHPASB/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061
SRPMS
6/core
- python-2.7.15-1.mga6
5/core
- python-2.7.15-1.mga5