Lucene search

K
debianDebianDEBIAN:DLA-1189-1:6BC2A
HistoryNov 24, 2017 - 3:43 p.m.

[SECURITY] [DLA 1189-1] python2.7 security update

2017-11-2415:43:12
lists.debian.org
27
python 2.7
security update
cve-2017-1000158
integer overflow
heap corruption
debian 7
wheezy
python packages
debian lts

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.014

Percentile

86.6%

Package : python2.7
Version : 2.7.3-6+deb7u4
CVE ID : CVE-2017-1000158

A minor security vulnerability has been discovered in Python 2.7, an
interactive high-level object-oriented language.

CVE-2017-1000158

CPython (the reference implementation of Python also commonly known
as simply Python) versions 2.6 and 2.7 are vulnerable to an integer
overflow and heap corruption, leading to possible arbitrary code
execution.  The nature of the error has to do with improper handling
of large strings with escaped characters.

For Debian 7 "Wheezy", these problems have been fixed in version
2.7.3-6+deb7u4.

We recommend that you upgrade your python2.7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.014

Percentile

86.6%