python2: Multiple vulnerabilities (CVE-2018-1060, CVE-2018-1061)
CVE-2018-1060: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
pop3lib’s apop() method although limited by 2048 chars, can lead to
denial of service.
Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
References:
https://bugs.python.org/issue32981
https://nvd.nist.gov/vuln/detail/CVE-2018-1060
CVE-2018-1061: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
difflib.IS_LINE_JUNK method in servers that use difflib can lead to
denial of service.
Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
Reference:
https://bugs.python.org/issue32981
(from redmine: issue id 9268, created on 2018-08-17, closed on 2018-08-23)
- Relations:
- copied_to #9269 (closed)
- copied_to #9270 (closed)
- copied_to #9271 (closed)
- child #9269 (closed)
- child #9270 (closed)
- child #9271 (closed)