ID CVE-2018-1061
Summary python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
References
Vulnerable Configurations
  • Python
    cpe:2.3:a:python:python
  • Python 0.9.0
    cpe:2.3:a:python:python:0.9.0
  • Python 0.9.1
    cpe:2.3:a:python:python:0.9.1
  • Python 1.2
    cpe:2.3:a:python:python:1.2
  • Python 1.3
    cpe:2.3:a:python:python:1.3
  • Python 1.5.2
    cpe:2.3:a:python:python:1.5.2
  • Python 1.6
    cpe:2.3:a:python:python:1.6
  • Python 1.6.1
    cpe:2.3:a:python:python:1.6.1
  • Python 2.0
    cpe:2.3:a:python:python:2.0
  • Python 2.0.1
    cpe:2.3:a:python:python:2.0.1
  • Python 2.1
    cpe:2.3:a:python:python:2.1
  • Python 2.1.1
    cpe:2.3:a:python:python:2.1.1
  • Python 2.1.2
    cpe:2.3:a:python:python:2.1.2
  • Python 2.1.3
    cpe:2.3:a:python:python:2.1.3
  • Python 2.2
    cpe:2.3:a:python:python:2.2
  • Python 2.2.0
    cpe:2.3:a:python:python:2.2.0
  • Python 2.2.1
    cpe:2.3:a:python:python:2.2.1
  • Python 2.2.2
    cpe:2.3:a:python:python:2.2.2
  • Python 2.2.3
    cpe:2.3:a:python:python:2.2.3
  • Python 2.3
    cpe:2.3:a:python:python:2.3
  • Python 2.3.0
    cpe:2.3:a:python:python:2.3.0
  • Python 2.3.1
    cpe:2.3:a:python:python:2.3.1
  • Python 2.3.2
    cpe:2.3:a:python:python:2.3.2
  • Python 2.3.3
    cpe:2.3:a:python:python:2.3.3
  • Python 2.3.4
    cpe:2.3:a:python:python:2.3.4
  • Python 2.3.5
    cpe:2.3:a:python:python:2.3.5
  • Python 2.3.6
    cpe:2.3:a:python:python:2.3.6
  • Python 2.3.7
    cpe:2.3:a:python:python:2.3.7
  • Python 2.4
    cpe:2.3:a:python:python:2.4
  • Python 2.4.0
    cpe:2.3:a:python:python:2.4.0
  • Python 2.4.1
    cpe:2.3:a:python:python:2.4.1
  • Python 2.4.2
    cpe:2.3:a:python:python:2.4.2
  • Python Python 2.4.3
    cpe:2.3:a:python:python:2.4.3
  • Python 2.4.4
    cpe:2.3:a:python:python:2.4.4
  • Python 2.4.5
    cpe:2.3:a:python:python:2.4.5
  • Python 2.4.6
    cpe:2.3:a:python:python:2.4.6
  • Python 2.5
    cpe:2.3:a:python:python:2.5
  • Python 2.5.0
    cpe:2.3:a:python:python:2.5.0
  • Python 2.5.1
    cpe:2.3:a:python:python:2.5.1
  • Python 2.5.2
    cpe:2.3:a:python:python:2.5.2
  • Python 2.5.3
    cpe:2.3:a:python:python:2.5.3
  • Python 2.5.4
    cpe:2.3:a:python:python:2.5.4
  • Python 2.5.5
    cpe:2.3:a:python:python:2.5.5
  • Python 2.5.6
    cpe:2.3:a:python:python:2.5.6
  • Python 2.5.150
    cpe:2.3:a:python:python:2.5.150
  • Python 2.6
    cpe:2.3:a:python:python:2.6
  • Python 2.6.0
    cpe:2.3:a:python:python:2.6.0
  • Python 2.6.1
    cpe:2.3:a:python:python:2.6.1
  • Python 2.6.2
    cpe:2.3:a:python:python:2.6.2
  • Python 2.6.3
    cpe:2.3:a:python:python:2.6.3
  • Python 2.6.4
    cpe:2.3:a:python:python:2.6.4
  • Python 2.6.5
    cpe:2.3:a:python:python:2.6.5
  • Python 2.6.6
    cpe:2.3:a:python:python:2.6.6
  • Python 2.6.7
    cpe:2.3:a:python:python:2.6.7
  • Python 2.6.8
    cpe:2.3:a:python:python:2.6.8
  • Python 2.6.9
    cpe:2.3:a:python:python:2.6.9
  • Python 2.6.2150
    cpe:2.3:a:python:python:2.6.2150
  • Python 2.6.6150
    cpe:2.3:a:python:python:2.6.6150
  • Python 2.7
    cpe:2.3:a:python:python:2.7
  • Python 2.7.0
    cpe:2.3:a:python:python:2.7.0
  • Python 2.7.1
    cpe:2.3:a:python:python:2.7.1
  • Python 2.7.1 Release Candiate 1
    cpe:2.3:a:python:python:2.7.1:rc1
  • Python 2.7.2
    cpe:2.3:a:python:python:2.7.2
  • Python 2.7.2 Release Candidate 1
    cpe:2.3:a:python:python:2.7.2:rc1
  • Python 2.7.3
    cpe:2.3:a:python:python:2.7.3
  • Python 2.7.4
    cpe:2.3:a:python:python:2.7.4
  • Python 2.7.5
    cpe:2.3:a:python:python:2.7.5
  • Python 2.7.6
    cpe:2.3:a:python:python:2.7.6
  • Python 2.7.7
    cpe:2.3:a:python:python:2.7.7
  • Python 2.7.8
    cpe:2.3:a:python:python:2.7.8
  • Python 2.7.9
    cpe:2.3:a:python:python:2.7.9
  • Python 2.7.10
    cpe:2.3:a:python:python:2.7.10
  • Python 2.7.11
    cpe:2.3:a:python:python:2.7.11
  • Python 2.7.12
    cpe:2.3:a:python:python:2.7.12
  • Python 2.7.13
    cpe:2.3:a:python:python:2.7.13
  • Python 2.7.14
    cpe:2.3:a:python:python:2.7.14
  • Python 3.0
    cpe:2.3:a:python:python:3.0
  • Python 3.0.0
    cpe:2.3:a:python:python:3.0.0
  • Python 3.0.1
    cpe:2.3:a:python:python:3.0.1
  • Python 3.1
    cpe:2.3:a:python:python:3.1
  • Python 3.1.0
    cpe:2.3:a:python:python:3.1.0
  • Python 3.1.1
    cpe:2.3:a:python:python:3.1.1
  • Python 3.1.2
    cpe:2.3:a:python:python:3.1.2
  • Python 3.1.3
    cpe:2.3:a:python:python:3.1.3
  • Python 3.1.4
    cpe:2.3:a:python:python:3.1.4
  • Python 3.1.5
    cpe:2.3:a:python:python:3.1.5
  • Python 3.1.2150 (x64) 64-bit
    cpe:2.3:a:python:python:3.1.2150:-:-:-:-:-:x64
  • Python 3.2
    cpe:2.3:a:python:python:3.2
  • Python 3.2-alpha
    cpe:2.3:a:python:python:3.2:alpha
  • Python 3.2.0
    cpe:2.3:a:python:python:3.2.0
  • Python 3.2.1
    cpe:2.3:a:python:python:3.2.1
  • Python 3.2.2
    cpe:2.3:a:python:python:3.2.2
  • Python 3.2.3
    cpe:2.3:a:python:python:3.2.3
  • Python 3.2.4
    cpe:2.3:a:python:python:3.2.4
  • Python 3.2.5
    cpe:2.3:a:python:python:3.2.5
  • Python 3.2.6
    cpe:2.3:a:python:python:3.2.6
  • Python 3.2.2150
    cpe:2.3:a:python:python:3.2.2150
  • Python 3.3
    cpe:2.3:a:python:python:3.3
  • Python 3.3 beta 2
    cpe:2.3:a:python:python:3.3:beta2
  • Python 3.3.0
    cpe:2.3:a:python:python:3.3.0
  • Python 3.3.1
    cpe:2.3:a:python:python:3.3.1
  • Python 3.3.1 release candidate 1
    cpe:2.3:a:python:python:3.3.1:rc1
  • Python 3.3.2
    cpe:2.3:a:python:python:3.3.2
  • Python 3.3.3
    cpe:2.3:a:python:python:3.3.3
  • Python 3.3. release candidate 1
    cpe:2.3:a:python:python:3.3.3:rc1
  • Python 3.3.3 release candidate 2
    cpe:2.3:a:python:python:3.3.3:rc2
  • Python 3.3.4
    cpe:2.3:a:python:python:3.3.4
  • Python 3.3.4 release candidate 1
    cpe:2.3:a:python:python:3.3.4:rc1
  • Python 3.3.5
    cpe:2.3:a:python:python:3.3.5
  • Python 3.3.5
    cpe:2.3:a:python:python:3.3.5
  • Python 3.3.5 release candidate 1
    cpe:2.3:a:python:python:3.3.5:rc1
  • Python 3.3.5 release candidate 2
    cpe:2.3:a:python:python:3.3.5:rc2
  • Python 3.3.6
    cpe:2.3:a:python:python:3.3.6
  • Python 3.3.6 release candidate 1
    cpe:2.3:a:python:python:3.3.6:rc1
  • Python 3.3.7
    cpe:2.3:a:python:python:3.3.7
  • Python 3.4 alpha 1
    cpe:2.3:a:python:python:3.4:alpha1
  • Python 3.4.0
    cpe:2.3:a:python:python:3.4.0
  • Python 3.4.1
    cpe:2.3:a:python:python:3.4.1
  • Python 3.4.2
    cpe:2.3:a:python:python:3.4.2
  • Python 3.4.3
    cpe:2.3:a:python:python:3.4.3
  • Python 3.4.4
    cpe:2.3:a:python:python:3.4.4
  • Python 3.4.5
    cpe:2.3:a:python:python:3.4.5
  • Python 3.4.6
    cpe:2.3:a:python:python:3.4.6
  • Python 3.4.7
    cpe:2.3:a:python:python:3.4.7
  • Python 3.5.0
    cpe:2.3:a:python:python:3.5.0
  • Python 3.5.1
    cpe:2.3:a:python:python:3.5.1
  • Python 3.5.2
    cpe:2.3:a:python:python:3.5.2
  • Python 3.5.3
    cpe:2.3:a:python:python:3.5.3
  • Python 3.5.4
    cpe:2.3:a:python:python:3.5.4
  • Python 3.5.5
    cpe:2.3:a:python:python:3.5.5
  • Python 3.6
    cpe:2.3:a:python:python:3.6
  • Python 3.6.0
    cpe:2.3:a:python:python:3.6.0
  • Python 3.6.1
    cpe:2.3:a:python:python:3.6.1
  • Python 3.6.2
    cpe:2.3:a:python:python:3.6.2
  • Python 3.6.3
    cpe:2.3:a:python:python:3.6.3
  • Python 3.6.4
    cpe:2.3:a:python:python:3.6.4
  • cpe:2.3:a:python:python:3.7.0:alpha1
    cpe:2.3:a:python:python:3.7.0:alpha1
  • cpe:2.3:a:python:python:3.7.0:alpha2
    cpe:2.3:a:python:python:3.7.0:alpha2
  • cpe:2.3:a:python:python:3.7.0:alpha3
    cpe:2.3:a:python:python:3.7.0:alpha3
  • cpe:2.3:a:python:python:3.7.0:alpha4
    cpe:2.3:a:python:python:3.7.0:alpha4
  • cpe:2.3:a:python:python:3.7.0:beta1
    cpe:2.3:a:python:python:3.7.0:beta1
  • cpe:2.3:a:python:python:3.7.0:beta2
    cpe:2.3:a:python:python:3.7.0:beta2
  • cpe:2.3:a:python:python:3.7.0:beta3
    cpe:2.3:a:python:python:3.7.0:beta3
  • cpe:2.3:a:python:python:3.7.0:beta4
    cpe:2.3:a:python:python:3.7.0:beta4
  • cpe:2.3:a:python:python:3.7.0:beta5
    cpe:2.3:a:python:python:3.7.0:beta5
  • cpe:2.3:a:python:python:3.7.0:rc1
    cpe:2.3:a:python:python:3.7.0:rc1
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Red Hat Ansible Tower 3.3
    cpe:2.3:a:redhat:ansible_tower:3.3
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Fedora 28
    cpe:2.3:o:fedoraproject:fedora:28
  • Fedora 29
    cpe:2.3:o:fedoraproject:fedora:29
  • cpe:2.3:o:fedoraproject:fedora:30
    cpe:2.3:o:fedoraproject:fedora:30
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-399
CAPEC
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3554-1.NASL
    description This update for python, python-base fixes the following issues : Security issues fixed : CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: bsc#1086001: python tarfile uses random order. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 118501
    published 2018-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118501
    title SUSE SLED12 / SLES12 Security Update : python, python-base (SUSE-SU-2018:3554-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1519.NASL
    description Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CVE-2018-1060 python is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. CVE-2018-1061 python is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. CVE-2018-1000802 Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. For Debian 8 'Jessie', these problems have been fixed in version 2.7.9-2+deb8u2. We recommend that you upgrade your python2.7 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-27
    plugin id 117712
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117712
    title Debian DLA-1519-1 : python2.7 security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1363.NASL
    description This update for python, python-base fixes the following issues : Security issues fixed : - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes : - bsc#1086001: python tarfile uses random order. This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 118869
    published 2018-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118869
    title openSUSE Security Update : python / python-base (openSUSE-2018-1363)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4307.NASL
    description Multiple security issues were discovered in Python: ElementTree failed to initialise Expat's hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117838
    published 2018-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117838
    title Debian DSA-4307-1 : python3.5 - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3554-2.NASL
    description This update for python, python-base fixes the following issues : Security issues fixed : CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: bsc#1086001: python tarfile uses random order. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 119571
    published 2018-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119571
    title SUSE SLED12 / SLES12 Security Update : python, python-base (SUSE-SU-2018:3554-2)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1520.NASL
    description Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CVE-2018-1060 python is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. CVE-2018-1061 python is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. CVE-2018-1000802 Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. For Debian 8 'Jessie', these problems have been fixed in version 3.4.2-1+deb8u1. We recommend that you upgrade your python3.4 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-27
    plugin id 117713
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117713
    title Debian DLA-1520-1 : python3.4 security update
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0086.NASL
    description An update of 'docker', 'python2', 'strongswan' packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 112224
    published 2018-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112224
    title Photon OS 2.0: Docker / Python2 / Strongswan PHSA-2018-2.0-0086 (deprecated)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3817-1.NASL
    description It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030) It was discovered that Python incorrectly handled running external commands in the shutil module. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000802) It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060, CVE-2018-1061) It was discovered that Python failed to initialize Expat's hash salt. A remote attacker could possibly use this issue to cause hash collisions, leading to a denial of service. (CVE-2018-14647). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 118954
    published 2018-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118954
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : python2.7, python3.4, python3.5 vulnerabilities (USN-3817-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4306.NASL
    description Multiple security issues were discovered in Python: ElementTree failed to initialise Expat's hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 117812
    published 2018-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117812
    title Debian DSA-4306-1 : python2.7 - security update
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0178.NASL
    description An update of 'python2', 'strongswan', 'python3', 'postgresql' packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 112221
    published 2018-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112221
    title Photon OS 1.0: Postgresql / Python2 / Python3 / Strongswan PHSA-2018-1.0-0178 (deprecated)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2019-1055.NASL
    description According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) - python: Missing salt initialization in _elementtree.c module(CVE-2018-14647) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-23
    modified 2019-02-22
    plugin id 122382
    published 2019-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122382
    title EulerOS 2.0 SP2 : python (EulerOS-SA-2019-1055)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8719B9358BAE41AD92BA3C826F651219.NASL
    description python release notes : Multiple vulnerabilities has been fixed in this release. Please refer to the CVE list for details.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109594
    published 2018-05-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109594
    title FreeBSD : python 2.7 -- multiple vulnerabilities (8719b935-8bae-41ad-92ba-3c826f651219)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-124-01.NASL
    description New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2018-09-02
    modified 2018-05-07
    plugin id 109583
    published 2018-05-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109583
    title Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2018-124-01)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1108.NASL
    description A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service.(CVE-2018-1060) A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.(CVE-2018-1061)
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119467
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119467
    title Amazon Linux AMI : python27 (ALAS-2018-1108)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-3041.NASL
    description From Red Hat Security Advisory 2018:3041 : An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Python security response team for reporting these issues. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-07
    plugin id 118763
    published 2018-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118763
    title Oracle Linux 7 : python (ELSA-2018-3041)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2696-1.NASL
    description This update for python3 provides the following fixes : These security issues were fixed : CVE-2018-1061: Prevent catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could have used this flaw to cause denial of service (bsc#1088004). CVE-2018-1060: Prevent catastrophic backtracking in pop3lib's apop() method. An attacker could have used this flaw to cause denial of service (bsc#1088009). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 117478
    published 2018-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117478
    title SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2018:2696-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0178_PYTHON2.NASL
    description An update of the python2 package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121880
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121880
    title Photon OS 1.0: Python2 PHSA-2018-1.0-0178
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3041.NASL
    description An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Python security response team for reporting these issues. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118515
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118515
    title RHEL 7 : python (RHSA-2018:3041)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2408-1.NASL
    description This update for python-base fixes the following issues: Security issues fixed : - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes : - bsc#1086001: python tarfile uses random order. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112012
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112012
    title SUSE SLES11 Security Update : python (SUSE-SU-2018:2408-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0178_PYTHON3.NASL
    description An update of the python3 package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121881
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121881
    title Photon OS 1.0: Python3 PHSA-2018-1.0-0178
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181030_PYTHON_ON_SL7_X.NASL
    description Security Fix(es) : - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119196
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119196
    title Scientific Linux Security Update : python on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1001.NASL
    description This update for python3 provides the following fixes : These security issues were fixed : - CVE-2018-1061: Prevent catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could have used this flaw to cause denial of service (bsc#1088004). - CVE-2018-1060: Prevent catastrophic backtracking in pop3lib's apop() method. An attacker could have used this flaw to cause denial of service (bsc#1088009). These non-security issues were fixed : - Sort files and directories when creating tarfile archives so that they are created in a more predictable way. (bsc#1086001) - Add -fwrapv to OPTS (bsc#1107030) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 117516
    published 2018-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117516
    title openSUSE Security Update : python3 (openSUSE-2018-1001)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3041.NASL
    description An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Python security response team for reporting these issues. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 118984
    published 2018-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118984
    title CentOS 7 : python (CESA-2018:3041)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0086_PYTHON2.NASL
    description An update of the python2 package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121985
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121985
    title Photon OS 2.0: Python2 PHSA-2018-2.0-0086
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1003.NASL
    description DOS via regular expression catastrophic backtracking in apop() method in pop3lib A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service. (CVE-2018-1060) DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. (CVE-2018-1061)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 109368
    published 2018-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109368
    title Amazon Linux AMI : python34 / python35,python36,python27 (ALAS-2018-1003)
redhat via4
advisories
  • bugzilla
    id 1579432
    title process mapping.
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment python is earlier than 0:2.7.5-76.el7
          oval oval:com.redhat.rhsa:tst:20183041017
        • comment python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554008
      • AND
        • comment python-debug is earlier than 0:2.7.5-76.el7
          oval oval:com.redhat.rhsa:tst:20183041007
        • comment python-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152101016
      • AND
        • comment python-devel is earlier than 0:2.7.5-76.el7
          oval oval:com.redhat.rhsa:tst:20183041011
        • comment python-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554010
      • AND
        • comment python-libs is earlier than 0:2.7.5-76.el7
          oval oval:com.redhat.rhsa:tst:20183041009
        • comment python-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554014
      • AND
        • comment python-test is earlier than 0:2.7.5-76.el7
          oval oval:com.redhat.rhsa:tst:20183041015
        • comment python-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554016
      • AND
        • comment python-tools is earlier than 0:2.7.5-76.el7
          oval oval:com.redhat.rhsa:tst:20183041005
        • comment python-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554012
      • AND
        • comment tkinter is earlier than 0:2.7.5-76.el7
          oval oval:com.redhat.rhsa:tst:20183041013
        • comment tkinter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554018
    rhsa
    id RHSA-2018:3041
    released 2018-10-30
    severity Moderate
    title RHSA-2018:3041: python security and bug fix update (Moderate)
  • rhsa
    id RHSA-2018:3505
rpms
  • python-0:2.7.5-76.el7
  • python-debug-0:2.7.5-76.el7
  • python-devel-0:2.7.5-76.el7
  • python-libs-0:2.7.5-76.el7
  • python-test-0:2.7.5-76.el7
  • python-tools-0:2.7.5-76.el7
  • tkinter-0:2.7.5-76.el7
refmap via4
confirm
debian
  • DSA-4306
  • DSA-4307
fedora
  • FEDORA-2019-51f1e08207
  • FEDORA-2019-6e1938a3c5
  • FEDORA-2019-cf725dd20b
mlist
  • [debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update
  • [debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update
sectrack 1042001
ubuntu
  • USN-3817-1
  • USN-3817-2
Last major update 19-06-2018 - 08:29
Published 19-06-2018 - 08:29
Last modified 03-04-2019 - 07:43
Back to Top