Security update for python
This update for python fixes the following issues:
Security issues fixed:
- CVE-2017-1000158: Fixed integer overflows in PyString_DecodeEscape that could have resulted in
heap-based buffer overflow attacks and possible arbitrary code execution (bsc#1068664).
- CVE-2018-1000030: Fixed crash inside the Python interpreter when multiple threads used the same
I/O stream concurrently (bsc#1079300).
This update was imported from the SUSE:SLE-12-SP1:Update update project.
-
Submitted by
Peter Simons (psimons)
Fixed bugs
bnc#1068664
VUL-0: CVE-2017-1000158: python,python27: CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (and possible arbitrary code e
bnc#1079300
VUL-0: CVE-2018-1000030: python: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c
