Описание
Security update for python
This update for python fixes the following issue:
- CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (bsc#1109847)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libpython2_6-1_0-2.6.9-40.21.1
libpython2_6-1_0-32bit-2.6.9-40.21.1
libpython2_6-1_0-x86-2.6.9-40.21.1
python-2.6.9-40.21.2
python-32bit-2.6.9-40.21.2
python-base-2.6.9-40.21.1
python-base-32bit-2.6.9-40.21.1
python-base-x86-2.6.9-40.21.1
python-curses-2.6.9-40.21.2
python-demo-2.6.9-40.21.2
python-doc-2.6-8.40.21.1
python-doc-pdf-2.6-8.40.21.1
python-gdbm-2.6.9-40.21.2
python-idle-2.6.9-40.21.2
python-tk-2.6.9-40.21.2
python-x86-2.6.9-40.21.2
python-xml-2.6.9-40.21.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libpython2_6-1_0-2.6.9-40.21.1
libpython2_6-1_0-32bit-2.6.9-40.21.1
libpython2_6-1_0-x86-2.6.9-40.21.1
python-2.6.9-40.21.2
python-32bit-2.6.9-40.21.2
python-base-2.6.9-40.21.1
python-base-32bit-2.6.9-40.21.1
python-base-x86-2.6.9-40.21.1
python-curses-2.6.9-40.21.2
python-demo-2.6.9-40.21.2
python-doc-2.6-8.40.21.1
python-doc-pdf-2.6-8.40.21.1
python-gdbm-2.6.9-40.21.2
python-idle-2.6.9-40.21.2
python-tk-2.6.9-40.21.2
python-x86-2.6.9-40.21.2
python-xml-2.6.9-40.21.1
SUSE Linux Enterprise Software Development Kit 11 SP4
python-32bit-2.6.9-40.21.2
python-demo-2.6.9-40.21.2
python-devel-2.6.9-40.21.1
python-doc-2.6-8.40.21.1
python-doc-pdf-2.6-8.40.21.1
python-gdbm-2.6.9-40.21.2
python-idle-2.6.9-40.21.2
python-tk-2.6.9-40.21.2
Ссылки
- Link for SUSE-SU-2018:3156-1
- E-Mail link for SUSE-SU-2018:3156-1
- SUSE Security Ratings
- SUSE Bug 1109847
- SUSE CVE CVE-2018-14647 page
Описание
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-2.6.9-40.21.1
SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-32bit-2.6.9-40.21.1
SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-x86-2.6.9-40.21.1
SUSE Linux Enterprise Server 11 SP4:python-2.6.9-40.21.2
Ссылки
- CVE-2018-14647
- SUSE Bug 1109847
- SUSE Bug 1126909