Security update for python3
This update for python3 provides the following fixes:
These security issues were fixed:
- CVE-2018-1061: Prevent catastrophic backtracking in the difflib.IS_LINE_JUNK
method. An attacker could have used this flaw to cause denial of service
(bsc#1088004).
- CVE-2018-1060: Prevent catastrophic backtracking in pop3lib's apop() method.
An attacker could have used this flaw to cause denial of service (bsc#1088009).
These non-security issues were fixed:
- Sort files and directories when creating tarfile archives so that they are created in a
more predictable way. (bsc#1086001)
- Add -fwrapv to OPTS (bsc#1107030)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Matej Cepl (mcepl)
Fixed bugs
bnc#1088004
VUL-1: CVE-2018-1061: python,python3: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
bnc#1088009
VUL-1: CVE-2018-1060: python,python3: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
bnc#1107030
python3 builds without -fwrapv option
bnc#1086001
python tarfile uses random order
