[SECURITY] [DLA 1189-1] python2.7 security update

2017-11-2415:43:12

lists.debian.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.4%

JSON

Package : python2.7
Version : 2.7.3-6+deb7u4
CVE ID : CVE-2017-1000158

A minor security vulnerability has been discovered in Python 2.7, an
interactive high-level object-oriented language.

CVE-2017-1000158

CPython (the reference implementation of Python also commonly known
as simply Python) versions 2.6 and 2.7 are vulnerable to an integer
overflow and heap corruption, leading to possible arbitrary code
execution.  The nature of the error has to do with improper handling
of large strings with escaped characters.

For Debian 7 "Wheezy", these problems have been fixed in version
2.7.3-6+deb7u4.

We recommend that you upgrade your python2.7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9armelpython3.5-dev< 3.5.3-1+deb9u1python3.5-dev_3.5.3-1+deb9u1_armel.deb
Debian9armhflibpython3.5-stdlib< 3.5.3-1+deb9u1libpython3.5-stdlib_3.5.3-1+deb9u1_armhf.deb
Debian9mipspython3.5-dev< 3.5.3-1+deb9u1python3.5-dev_3.5.3-1+deb9u1_mips.deb
Debian9i386python3.5-venv< 3.5.3-1+deb9u1python3.5-venv_3.5.3-1+deb9u1_i386.deb
Debian8allpython2.7-doc< 2.7.9-2+deb8u2python2.7-doc_2.7.9-2+deb8u2_all.deb
Debian8armhfpython2.7-minimal< 2.7.9-2+deb8u2python2.7-minimal_2.7.9-2+deb8u2_armhf.deb
Debian9mipslibpython2.7< 2.7.13-2+deb9u2libpython2.7_2.7.13-2+deb9u2_mips.deb
Debian9amd64python3.5-minimal< 3.5.3-1+deb9u1python3.5-minimal_3.5.3-1+deb9u1_amd64.deb
Debian8armhfpython3.4-dev< 3.4.2-1+deb8u1python3.4-dev_3.4.2-1+deb8u1_armhf.deb
Debian9ppc64elpython3.5< 3.5.3-1+deb9u1python3.5_3.5.3-1+deb9u1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	python3.5-dev	< 3.5.3-1+deb9u1	python3.5-dev_3.5.3-1+deb9u1_armel.deb
Debian	9	armhf	libpython3.5-stdlib	< 3.5.3-1+deb9u1	libpython3.5-stdlib_3.5.3-1+deb9u1_armhf.deb
Debian	9	mips	python3.5-dev	< 3.5.3-1+deb9u1	python3.5-dev_3.5.3-1+deb9u1_mips.deb
Debian	9	i386	python3.5-venv	< 3.5.3-1+deb9u1	python3.5-venv_3.5.3-1+deb9u1_i386.deb
Debian	8	all	python2.7-doc	< 2.7.9-2+deb8u2	python2.7-doc_2.7.9-2+deb8u2_all.deb
Debian	8	armhf	python2.7-minimal	< 2.7.9-2+deb8u2	python2.7-minimal_2.7.9-2+deb8u2_armhf.deb
Debian	9	mips	libpython2.7	< 2.7.13-2+deb9u2	libpython2.7_2.7.13-2+deb9u2_mips.deb
Debian	9	amd64	python3.5-minimal	< 3.5.3-1+deb9u1	python3.5-minimal_3.5.3-1+deb9u1_amd64.deb
Debian	8	armhf	python3.4-dev	< 3.4.2-1+deb8u1	python3.4-dev_3.4.2-1+deb8u1_armhf.deb
Debian	9	ppc64el	python3.5	< 3.5.3-1+deb9u1	python3.5_3.5.3-1+deb9u1_ppc64el.deb