Advisories ยป MGASA-2018-0270

Updated python3 packages fix security vulnerabilities

Publication date: 04 Jun 2018
Modification date: 04 Jun 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-1060 , CVE-2018-1061 , CVE-2017-18207

Description

Updated python3 packages fix security vulnerabilities:

A flaw was found in the way catastrophic backtracking was implemented in
Python's pop3lib's apop() method. An attacker could use this flaw to cause
denial of service (CVE-2018-1060).

A flaw was found in the way catastrophic backtracking was implemented in
Python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause
denial of service (CVE-2018-1061).

Possible denial of service vulnerability due to a missing check in Lib/wave.py
to verify that at least one channel is provided (CVE-2017-18207).
                

References

SRPMS

5/core

6/core