Updated python3 packages fix security vulnerabilities
Publication date: 04 Jun 2018Modification date: 04 Jun 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-1060 , CVE-2018-1061 , CVE-2017-18207
Description
Updated python3 packages fix security vulnerabilities:
A flaw was found in the way catastrophic backtracking was implemented in
Python's pop3lib's apop() method. An attacker could use this flaw to cause
denial of service (CVE-2018-1060).
A flaw was found in the way catastrophic backtracking was implemented in
Python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause
denial of service (CVE-2018-1061).
Possible denial of service vulnerability due to a missing check in Lib/wave.py
to verify that at least one channel is provided (CVE-2017-18207).
References
- https://bugs.mageia.org/show_bug.cgi?id=22983
- https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6WVU6LVRWETHDLXB6T3636AYNKVHPASB/
- https://lists.opensuse.org/opensuse-updates/2018-04/msg00041.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18207
SRPMS
6/core
- python3-3.5.3-1.4.mga6
5/core
- python3-3.4.3-1.7.mga5