MGASA-2018-0270
Advisory lineage Upstream: 3 Downstream: 0
Published: 04 Jun 2018, 15:11
Last modified:16 Apr 2026, 06:22
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
04 Jun 2018, 15:11
Published
Vulnerability first disclosed
16 Apr 2026, 06:22
Last Modified
Vulnerability information updated
Description
Updated python3 packages fix security vulnerabilities Updated python3 packages fix security vulnerabilities: A flaw was found in the way catastrophic backtracking was implemented in Python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service (CVE-2018-1060). A flaw was found in the way catastrophic backtracking was implemented in Python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service (CVE-2018-1061). Possible denial of service vulnerability due to a missing check in Lib/wave.py to verify that at least one channel is provided (CVE-2017-18207).
Affected Systems
- mageia•python3
< 3.4.3-1.7.mga5
- mageia•python3
< 3.5.3-1.4.mga6
References (5)
- https://advisories.mageia.org/MGASA-2018-0270.html
- https://bugs.mageia.org/show_bug.cgi?id=22983
- https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6WVU6LVRWETHDLXB6T3636AYNKVHPASB/
- https://lists.opensuse.org/opensuse-updates/2018-04/msg00041.html