[3.5] python2: Multiple vulnerabilities (CVE-2018-1060, CVE-2018-1061)
CVE-2018-1060: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
pop3lib’s apop() method although limited by 2048 chars, can lead to
denial of service.
Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
References:
https://bugs.python.org/issue32981
https://nvd.nist.gov/vuln/detail/CVE-2018-1060
CVE-2018-1061: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
difflib.IS_LINE_JUNK method in servers that use difflib can lead to
denial of service.
Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
Reference:
https://bugs.python.org/issue32981
(from redmine: issue id 9271, created on 2018-08-17, closed on 2018-08-23)
- Relations:
- copied_to #9268 (closed)
- parent #9268 (closed)
- Changesets:
- Revision 8f44fd6c on 2018-08-22T13:29:15Z:
main/python2: security upgrade to 2.7.15 (CVE-2018-1060, CVE-2018-1061)
Fixes #9271
- Revision e8b9e4a7 on 2018-08-22T13:35:56Z:
main/python3: security fixes (CVE-2018-1060, CVE-2018-1061)
Fixes #9271