Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2018:3156-1

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 16 ΠΎΠΊΡ‚. 2018
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: suse-cvrf

ОписаниС

Security update for python

This update for python fixes the following issue:

  • CVE-2018-14647: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (bsc#1109847)

Бписок ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ²

SUSE Linux Enterprise Server 11 SP4
libpython2_6-1_0-2.6.9-40.21.1
libpython2_6-1_0-32bit-2.6.9-40.21.1
libpython2_6-1_0-x86-2.6.9-40.21.1
python-2.6.9-40.21.2
python-32bit-2.6.9-40.21.2
python-base-2.6.9-40.21.1
python-base-32bit-2.6.9-40.21.1
python-base-x86-2.6.9-40.21.1
python-curses-2.6.9-40.21.2
python-demo-2.6.9-40.21.2
python-doc-2.6-8.40.21.1
python-doc-pdf-2.6-8.40.21.1
python-gdbm-2.6.9-40.21.2
python-idle-2.6.9-40.21.2
python-tk-2.6.9-40.21.2
python-x86-2.6.9-40.21.2
python-xml-2.6.9-40.21.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libpython2_6-1_0-2.6.9-40.21.1
libpython2_6-1_0-32bit-2.6.9-40.21.1
libpython2_6-1_0-x86-2.6.9-40.21.1
python-2.6.9-40.21.2
python-32bit-2.6.9-40.21.2
python-base-2.6.9-40.21.1
python-base-32bit-2.6.9-40.21.1
python-base-x86-2.6.9-40.21.1
python-curses-2.6.9-40.21.2
python-demo-2.6.9-40.21.2
python-doc-2.6-8.40.21.1
python-doc-pdf-2.6-8.40.21.1
python-gdbm-2.6.9-40.21.2
python-idle-2.6.9-40.21.2
python-tk-2.6.9-40.21.2
python-x86-2.6.9-40.21.2
python-xml-2.6.9-40.21.1
SUSE Linux Enterprise Software Development Kit 11 SP4
python-32bit-2.6.9-40.21.2
python-demo-2.6.9-40.21.2
python-devel-2.6.9-40.21.1
python-doc-2.6-8.40.21.1
python-doc-pdf-2.6-8.40.21.1
python-gdbm-2.6.9-40.21.2
python-idle-2.6.9-40.21.2
python-tk-2.6.9-40.21.2

Бсылки

ОписаниС

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚Ρ‹
SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-2.6.9-40.21.1
SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-32bit-2.6.9-40.21.1
SUSE Linux Enterprise Server 11 SP4:libpython2_6-1_0-x86-2.6.9-40.21.1
SUSE Linux Enterprise Server 11 SP4:python-2.6.9-40.21.2
Бсылки
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ SUSE-SU-2018:3156-1