Lucene search

K
suseSuseOPENSUSE-SU-2018:2712-1
HistorySep 14, 2018 - 6:08 p.m.

Security update for python3 (moderate)

2018-09-1418:08:02
lists.opensuse.org
76
cve-2018-1061
difflib.is_line_junk method
denial of service
cve-2018-1060
pop3lib's apop method
tarfile archives sorting
suse:sle-12:update.

EPSS

0.006

Percentile

79.2%

This update for python3 provides the following fixes:

These security issues were fixed:

  • CVE-2018-1061: Prevent catastrophic backtracking in the
    difflib.IS_LINE_JUNK method. An attacker could have used this flaw to
    cause denial of service (bsc#1088004).
  • CVE-2018-1060: Prevent catastrophic backtracking in pop3lib’s apop()
    method. An attacker could have used this flaw to cause denial of service
    (bsc#1088009).

These non-security issues were fixed:

  • Sort files and directories when creating tarfile archives so that they
    are created in a more predictable way. (bsc#1086001)
  • Add -fwrapv to OPTS (bsc#1107030)

This update was imported from the SUSE:SLE-12:Update update project.