[3.6] python2: Multiple vulnerabilities (CVE-2018-1060, CVE-2018-1061)
CVE-2018-1060: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
pop3lib’s apop() method although limited by 2048 chars, can lead to
denial of service.
Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
References:
https://bugs.python.org/issue32981
https://nvd.nist.gov/vuln/detail/CVE-2018-1060
CVE-2018-1061: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
difflib.IS_LINE_JUNK method in servers that use difflib can lead to
denial of service.
Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
Reference:
https://bugs.python.org/issue32981
(from redmine: issue id 9270, created on 2018-08-17, closed on 2018-08-23)
- Relations:
- copied_to #9268 (closed)
- parent #9268 (closed)
- Changesets:
- Revision c04db119 on 2018-08-22T13:27:39Z:
main/python2: security upgrade to 2.7.15 (CVE-2018-1060, CVE-2018-1061)
Fixes #9270
- Revision db71a585 on 2018-08-22T14:27:40Z:
main/python3: security upgrade to 3.6.5 (CVE-2018-1060, CVE-2018-1061)
Fixes #9270