All errata/sisyphus/ALT-PU-2019-1149-1
ALT-PU-2019-1149-1

Package update python3 in branch sisyphus

Version3.6.8-alt1
Task#220164
Published2019-01-30
Max severityHIGH
Severity:

Closed issues (4)

BDU:2018-01554
LOW3.5

Уязвимость пакета программ Python, связанная с ошибками при освобождении ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2018-12-20Modified: 2024-09-30
CVSS 3.xLOW 3.5
CVSS:3.x/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS 2.0LOW 2.3
CVSS:2.0/AV:A/AC:M/Au:S/C:N/I:N/A:P
References
BDU:2019-02457
HIGH7.5

Уязвимость процедуры синтаксического анализа сертификата интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-07-11Modified: 2023-11-21
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
CVE-2018-14647
HIGH7.5

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Published: 2018-09-25Modified: 2024-11-21
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
CVE-2019-5010
HIGH7.5

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Published: 2019-10-31Modified: 2024-11-21
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References

Closed bugs (1)