Описание
Security update for python
This update for python-base fixes the following issues:
Security issues fixed:
- CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004).
- CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009).
- CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177)
Bug fixes:
- bsc#1086001: python tarfile uses random order.
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
libpython2_6-1_0-2.6.9-40.15.1
python-2.6.9-40.15.1
python-base-2.6.9-40.15.1
python-curses-2.6.9-40.15.1
python-demo-2.6.9-40.15.1
python-doc-2.6-8.40.15.1
python-doc-pdf-2.6-8.40.15.1
python-gdbm-2.6.9-40.15.1
python-idle-2.6.9-40.15.1
python-tk-2.6.9-40.15.1
python-xml-2.6.9-40.15.1
SUSE Linux Enterprise Server 11 SP3-LTSS
libpython2_6-1_0-2.6.9-40.15.1
libpython2_6-1_0-32bit-2.6.9-40.15.1
python-2.6.9-40.15.1
python-32bit-2.6.9-40.15.1
python-base-2.6.9-40.15.1
python-base-32bit-2.6.9-40.15.1
python-curses-2.6.9-40.15.1
python-demo-2.6.9-40.15.1
python-doc-2.6-8.40.15.1
python-doc-pdf-2.6-8.40.15.1
python-gdbm-2.6.9-40.15.1
python-idle-2.6.9-40.15.1
python-tk-2.6.9-40.15.1
python-xml-2.6.9-40.15.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
libpython2_6-1_0-2.6.9-40.15.1
libpython2_6-1_0-32bit-2.6.9-40.15.1
python-2.6.9-40.15.1
python-32bit-2.6.9-40.15.1
python-base-2.6.9-40.15.1
python-base-32bit-2.6.9-40.15.1
python-curses-2.6.9-40.15.1
python-demo-2.6.9-40.15.1
python-doc-2.6-8.40.15.1
python-doc-pdf-2.6-8.40.15.1
python-gdbm-2.6.9-40.15.1
python-idle-2.6.9-40.15.1
python-tk-2.6.9-40.15.1
python-xml-2.6.9-40.15.1
SUSE Linux Enterprise Server 11 SP4
libpython2_6-1_0-2.6.9-40.15.1
libpython2_6-1_0-32bit-2.6.9-40.15.1
libpython2_6-1_0-x86-2.6.9-40.15.1
python-2.6.9-40.15.1
python-32bit-2.6.9-40.15.1
python-base-2.6.9-40.15.1
python-base-32bit-2.6.9-40.15.1
python-base-x86-2.6.9-40.15.1
python-curses-2.6.9-40.15.1
python-demo-2.6.9-40.15.1
python-doc-2.6-8.40.15.1
python-doc-pdf-2.6-8.40.15.1
python-gdbm-2.6.9-40.15.1
python-idle-2.6.9-40.15.1
python-tk-2.6.9-40.15.1
python-x86-2.6.9-40.15.1
python-xml-2.6.9-40.15.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libpython2_6-1_0-2.6.9-40.15.1
libpython2_6-1_0-32bit-2.6.9-40.15.1
libpython2_6-1_0-x86-2.6.9-40.15.1
python-2.6.9-40.15.1
python-32bit-2.6.9-40.15.1
python-base-2.6.9-40.15.1
python-base-32bit-2.6.9-40.15.1
python-base-x86-2.6.9-40.15.1
python-curses-2.6.9-40.15.1
python-demo-2.6.9-40.15.1
python-doc-2.6-8.40.15.1
python-doc-pdf-2.6-8.40.15.1
python-gdbm-2.6.9-40.15.1
python-idle-2.6.9-40.15.1
python-tk-2.6.9-40.15.1
python-x86-2.6.9-40.15.1
python-xml-2.6.9-40.15.1
SUSE Linux Enterprise Software Development Kit 11 SP4
python-32bit-2.6.9-40.15.1
python-demo-2.6.9-40.15.1
python-devel-2.6.9-40.15.1
python-doc-2.6-8.40.15.1
python-doc-pdf-2.6-8.40.15.1
python-gdbm-2.6.9-40.15.1
python-idle-2.6.9-40.15.1
python-tk-2.6.9-40.15.1
Ссылки
- Link for SUSE-SU-2018:2408-1
- E-Mail link for SUSE-SU-2018:2408-1
- SUSE Security Ratings
- SUSE Bug 1086001
- SUSE Bug 1088004
- SUSE Bug 1088009
- SUSE Bug 985177
- SUSE CVE CVE-2016-5636 page
- SUSE CVE CVE-2018-1060 page
- SUSE CVE CVE-2018-1061 page
Описание
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libpython2_6-1_0-2.6.9-40.15.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-2.6.9-40.15.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-base-2.6.9-40.15.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-curses-2.6.9-40.15.1
Ссылки
- CVE-2016-5636
- SUSE Bug 1065451
- SUSE Bug 1106262
- SUSE Bug 985177
Описание
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libpython2_6-1_0-2.6.9-40.15.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-2.6.9-40.15.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-base-2.6.9-40.15.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-curses-2.6.9-40.15.1
Ссылки
- CVE-2018-1060
- SUSE Bug 1088009
Описание
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libpython2_6-1_0-2.6.9-40.15.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-2.6.9-40.15.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-base-2.6.9-40.15.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-curses-2.6.9-40.15.1
Ссылки
- CVE-2018-1061
- SUSE Bug 1088004