CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
79.2%
Issue Overview:
DOS via regular expression catastrophic backtracking in apop() method in pop3lib
A flaw was found in the way catastrophic backtracking was implemented in python’s pop3lib’s apop() method. An attacker could use this flaw to cause denial of service. (CVE-2018-1060)
DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
A flaw was found in the way catastrophic backtracking was implemented in python’s difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. (CVE-2018-1061)
Affected Packages:
python34, python35, python36, python27
Issue Correction:
Run yum update python34 to update your system.
Run yum update python35 to update your system.
Run yum update python36 to update your system.
New Packages:
i686:
python34-test-3.4.8-1.39.amzn1.i686
python34-devel-3.4.8-1.39.amzn1.i686
python34-libs-3.4.8-1.39.amzn1.i686
python34-debuginfo-3.4.8-1.39.amzn1.i686
python34-tools-3.4.8-1.39.amzn1.i686
python34-3.4.8-1.39.amzn1.i686
python35-tools-3.5.5-1.12.amzn1.i686
python35-test-3.5.5-1.12.amzn1.i686
python35-devel-3.5.5-1.12.amzn1.i686
python35-3.5.5-1.12.amzn1.i686
python35-debuginfo-3.5.5-1.12.amzn1.i686
python35-libs-3.5.5-1.12.amzn1.i686
python36-devel-3.6.5-1.9.amzn1.i686
python36-debug-3.6.5-1.9.amzn1.i686
python36-test-3.6.5-1.9.amzn1.i686
python36-debuginfo-3.6.5-1.9.amzn1.i686
python36-libs-3.6.5-1.9.amzn1.i686
python36-3.6.5-1.9.amzn1.i686
python36-tools-3.6.5-1.9.amzn1.i686
python27-libs-2.7.14-1.123.amzn1.i686
python27-2.7.14-1.123.amzn1.i686
python27-debuginfo-2.7.14-1.123.amzn1.i686
python27-test-2.7.14-1.123.amzn1.i686
python27-devel-2.7.14-1.123.amzn1.i686
python27-tools-2.7.14-1.123.amzn1.i686
src:
python34-3.4.8-1.39.amzn1.src
python35-3.5.5-1.12.amzn1.src
python36-3.6.5-1.9.amzn1.src
python27-2.7.14-1.123.amzn1.src
x86_64:
python34-tools-3.4.8-1.39.amzn1.x86_64
python34-libs-3.4.8-1.39.amzn1.x86_64
python34-debuginfo-3.4.8-1.39.amzn1.x86_64
python34-test-3.4.8-1.39.amzn1.x86_64
python34-3.4.8-1.39.amzn1.x86_64
python34-devel-3.4.8-1.39.amzn1.x86_64
python35-devel-3.5.5-1.12.amzn1.x86_64
python35-3.5.5-1.12.amzn1.x86_64
python35-debuginfo-3.5.5-1.12.amzn1.x86_64
python35-test-3.5.5-1.12.amzn1.x86_64
python35-libs-3.5.5-1.12.amzn1.x86_64
python35-tools-3.5.5-1.12.amzn1.x86_64
python36-tools-3.6.5-1.9.amzn1.x86_64
python36-test-3.6.5-1.9.amzn1.x86_64
python36-devel-3.6.5-1.9.amzn1.x86_64
python36-3.6.5-1.9.amzn1.x86_64
python36-debug-3.6.5-1.9.amzn1.x86_64
python36-debuginfo-3.6.5-1.9.amzn1.x86_64
python36-libs-3.6.5-1.9.amzn1.x86_64
python27-debuginfo-2.7.14-1.123.amzn1.x86_64
python27-libs-2.7.14-1.123.amzn1.x86_64
python27-test-2.7.14-1.123.amzn1.x86_64
python27-tools-2.7.14-1.123.amzn1.x86_64
python27-devel-2.7.14-1.123.amzn1.x86_64
python27-2.7.14-1.123.amzn1.x86_64
Red Hat: CVE-2018-1060, CVE-2018-1061
Mitre: CVE-2018-1060, CVE-2018-1061
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | python34-test | < 3.4.8-1.39.amzn1 | python34-test-3.4.8-1.39.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | python34-devel | < 3.4.8-1.39.amzn1 | python34-devel-3.4.8-1.39.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | python34-libs | < 3.4.8-1.39.amzn1 | python34-libs-3.4.8-1.39.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | python34-debuginfo | < 3.4.8-1.39.amzn1 | python34-debuginfo-3.4.8-1.39.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | python34-tools | < 3.4.8-1.39.amzn1 | python34-tools-3.4.8-1.39.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | python34 | < 3.4.8-1.39.amzn1 | python34-3.4.8-1.39.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | python35-tools | < 3.5.5-1.12.amzn1 | python35-tools-3.5.5-1.12.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | python35-test | < 3.5.5-1.12.amzn1 | python35-test-3.5.5-1.12.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | python35-devel | < 3.5.5-1.12.amzn1 | python35-devel-3.5.5-1.12.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | python35 | < 3.5.5-1.12.amzn1 | python35-3.5.5-1.12.amzn1.i686.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
79.2%