Описание
Security update for python3
This update for python3 provides the following fixes:
These security issues were fixed:
- CVE-2018-1061: Prevent catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could have used this flaw to cause denial of service (bsc#1088004).
- CVE-2018-1060: Prevent catastrophic backtracking in pop3lib's apop() method. An attacker could have used this flaw to cause denial of service (bsc#1088009).
These non-security issues were fixed:
- Sort files and directories when creating tarfile archives so that they are created in a more predictable way. (bsc#1086001)
- Add -fwrapv to OPTS (bsc#1107030)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libpython3_4m1_0-3.4.6-25.16.1
python3-3.4.6-25.16.1
python3-base-3.4.6-25.16.1
python3-curses-3.4.6-25.16.1
SUSE Linux Enterprise Module for Web and Scripting 12
libpython3_4m1_0-3.4.6-25.16.1
python3-3.4.6-25.16.1
python3-base-3.4.6-25.16.1
SUSE Linux Enterprise Server 12 SP3
libpython3_4m1_0-3.4.6-25.16.1
python3-3.4.6-25.16.1
python3-base-3.4.6-25.16.1
python3-curses-3.4.6-25.16.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libpython3_4m1_0-3.4.6-25.16.1
python3-3.4.6-25.16.1
python3-base-3.4.6-25.16.1
python3-curses-3.4.6-25.16.1
SUSE Linux Enterprise Software Development Kit 12 SP3
python3-devel-3.4.6-25.16.1
Ссылки
- Link for SUSE-SU-2018:2696-1
- E-Mail link for SUSE-SU-2018:2696-1
- SUSE Security Ratings
- SUSE Bug 1086001
- SUSE Bug 1088004
- SUSE Bug 1088009
- SUSE Bug 1107030
- SUSE CVE CVE-2018-1060 page
- SUSE CVE CVE-2018-1061 page
Описание
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libpython3_4m1_0-3.4.6-25.16.1
SUSE Linux Enterprise Desktop 12 SP3:python3-3.4.6-25.16.1
SUSE Linux Enterprise Desktop 12 SP3:python3-base-3.4.6-25.16.1
SUSE Linux Enterprise Desktop 12 SP3:python3-curses-3.4.6-25.16.1
Ссылки
- CVE-2018-1060
- SUSE Bug 1088009
Описание
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libpython3_4m1_0-3.4.6-25.16.1
SUSE Linux Enterprise Desktop 12 SP3:python3-3.4.6-25.16.1
SUSE Linux Enterprise Desktop 12 SP3:python3-base-3.4.6-25.16.1
SUSE Linux Enterprise Desktop 12 SP3:python3-curses-3.4.6-25.16.1
Ссылки
- CVE-2018-1061
- SUSE Bug 1088004