python-2.7.5-76.0.1.el7.AXS7

エラータID: AXSA:2019-3684:02

Release date: 
Saturday, February 16, 2019 - 09:06
Subject: 
python-2.7.5-76.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061)

* python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank the Python security response team for reporting these issues.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2018-1060
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is
vulnerable to catastrophic backtracking in pop3lib's apop() method.
An attacker could use this flaw to cause denial of service.
CVE-2018-1061
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is
vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK
method. An attacker could use this flaw to cause denial of service.

Solution: 

Update packages.

CVEs: 
CVE-2018-1060
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2018-1061
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-2.7.5-76.0.1.el7.AXS7.src.rpm
    MD5: d736b7365703fafe6659be53ac041cf6
    SHA-256: d0d86706dbad90aa1abcf32bc56f55719d8ca3ffd0277407e7ac70448fd3192d
    Size: 10.19 MB

Asianux Server 7 for x86_64
  1. python-2.7.5-76.0.1.el7.AXS7.x86_64.rpm
    MD5: 656882fbc7395a796f892fd00b554b9d
    SHA-256: 387cac8243277eb38ab841b37a15164e7ab6cdd09f4ab27093cdab6be802ae2a
    Size: 93.47 kB
  2. python-devel-2.7.5-76.0.1.el7.AXS7.x86_64.rpm
    MD5: da07f1b04166786ac0c4683d8b494952
    SHA-256: eed54c2bdc24e4cf368b6e8124f33f1c425395b28e725de9d1b8f0e4a40865c4
    Size: 397.12 kB
  3. python-libs-2.7.5-76.0.1.el7.AXS7.x86_64.rpm
    MD5: f3193f8587568fbb1b56422e6bfd89cc
    SHA-256: d568979a2766434abec246b7c13e35b042c184dbce856c72298e68b713b77a1c
    Size: 5.64 MB
  4. python-libs-2.7.5-76.0.1.el7.AXS7.i686.rpm
    MD5: 974d034b99dca153c964c3707e8d9558
    SHA-256: 359ddf69b84b09e492d53315a22ee89f39d1307121b411d5d1404543d694a751
    Size: 5.59 MB