Lucene search

K
mageiaGentoo FoundationMGASA-2018-0495
HistoryJan 01, 2019 - 1:42 a.m.

Updated python packages fix security vulnerabilities

2019-01-0101:42:09
Gentoo Foundation
advisories.mageia.org
35
python
security vulnerabilities
denial of service

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.6%

Possible denial of service vulnerability due to a missing check in Lib/wave.py to verify that at least one channel is provided (CVE-2017-18207). Python’s elementtree C accelerator failed to initialise Expat’s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat’s internal data structures, consuming large amounts CPU and RAM (CVE-2018-14647). It was discovered that the shutil module of python does not properly sanitize input when creating a zip file on Windows. An attacker could use this flaw to cause a denial of service or add unintended files to the generated archive (CVE-2018-1000802).

OSVersionArchitecturePackageVersionFilename
Mageia6noarchpython< 2.7.15-1.1python-2.7.15-1.1.mga6

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.6%