Security update for python, python-base
This update for python, python-base fixes the following issues:
Security issues fixed:
- CVE-2018-1000802: Prevent command injection in shutil module (make_archive
function) via passage of unfiltered user input (bsc#1109663).
- CVE-2018-1061: Fixed DoS via regular expression backtracking in
difflib.IS_LINE_JUNK method in difflib (bsc#1088004).
- CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in
apop() method in pop3lib (bsc#1088009).
Bug fixes:
- bsc#1086001: python tarfile uses random order.
This update was imported from the SUSE:SLE-12-SP1:Update update project.
-
Submitted by
Matej Cepl (mcepl)
Fixed bugs
bnc#1109663
VUL-0: CVE-2018-1000802: python,python3,python27: Command injection in the shutil module
bnc#1086001
python tarfile uses random order
bnc#1088004
VUL-1: CVE-2018-1061: python,python3: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
bnc#1088009
VUL-1: CVE-2018-1060: python,python3: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
