Lucene search

K
suseSuseOPENSUSE-SU-2018:3703-1
HistoryNov 10, 2018 - 12:20 a.m.

Security update for python, python-base (moderate)

2018-11-1000:20:28
lists.opensuse.org
504
python
python-base
command injection
dos
tarfile
security update

EPSS

0.01

Percentile

83.4%

This update for python, python-base fixes the following issues:

Security issues fixed:

  • CVE-2018-1000802: Prevent command injection in shutil module
    (make_archive function) via passage of unfiltered user input
    (bsc#1109663).
  • CVE-2018-1061: Fixed DoS via regular expression backtracking in
    difflib.IS_LINE_JUNK method in difflib (bsc#1088004).
  • CVE-2018-1060: Fixed DoS via regular expression catastrophic
    backtracking in apop() method in pop3lib (bsc#1088009).

Bug fixes:

  • bsc#1086001: python tarfile uses random order.

This update was imported from the SUSE:SLE-12-SP1:Update update project.