Security update for python, python-base (moderate)

ID OPENSUSE-SU-2018:3703-1
Type suse
Reporter Suse
Modified 2018-11-10T00:20:28


This update for python, python-base fixes the following issues:

Security issues fixed:

  • CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663).
  • CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004).
  • CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009).

Bug fixes:

  • bsc#1086001: python tarfile uses random order.

This update was imported from the SUSE:SLE-12-SP1:Update update project.