PublicDateAtUSN: 2018-12-23 Candidate: CVE-2018-20406 PublicDate: 2018-12-23 23:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20406 https://python-security.readthedocs.io/vuln/pickle-load-dos.html https://ubuntu.com/security/notices/USN-4127-1 https://ubuntu.com/security/notices/USN-4127-2 Description: Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. Ubuntu-Description: Notes: mdeslaur> bug says 2.7 is not affected Bugs: https://bugs.python.org/issue34656 Priority: low Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_python2.7: upstream_python2.7: needs-triage precise/esm_python2.7: not-affected trusty_python2.7: not-affected (2.7.6-8ubuntu0.5) trusty/esm_python2.7: not-affected (2.7.6-8ubuntu0.5) xenial_python2.7: not-affected (2.7.12-1ubuntu0~16.04.4) esm-infra/xenial_python2.7: not-affected (2.7.12-1ubuntu0~16.04.4) bionic_python2.7: not-affected (2.7.15~rc1-1ubuntu0.1) cosmic_python2.7: not-affected (2.7.15-4ubuntu4) disco_python2.7: not-affected (2.7.16-2) eoan_python2.7: not-affected (2.7.16-2) focal_python2.7: not-affected (2.7.16-2) groovy_python2.7: not-affected (2.7.16-2) hirsute_python2.7: not-affected (2.7.16-2) impish_python2.7: not-affected (2.7.16-2) jammy_python2.7: not-affected (2.7.16-2) devel_python2.7: not-affected (2.7.16-2) Patches_python3.4: upstream: https://github.com/python/cpython/commit/4b42d575bf0fb01192b3ec54b7e224b238691527 upstream_python3.4: released (3.4.2-1+deb8u2) precise/esm_python3.4: DNE trusty_python3.4: ignored (reached end-of-life) trusty/esm_python3.4: released (3.4.3-1ubuntu1~14.04.7+esm2) xenial_python3.4: DNE bionic_python3.4: DNE cosmic_python3.4: DNE disco_python3.4: DNE eoan_python3.4: DNE focal_python3.4: DNE groovy_python3.4: DNE hirsute_python3.4: DNE impish_python3.4: DNE jammy_python3.4: DNE devel_python3.4: DNE Patches_python3.5: upstream: https://github.com/python/cpython/commit/ef33dd6036aafbd3f06c1d56e2b1a81dae3da63c upstream_python3.5: needs-triage precise/esm_python3.5: DNE trusty_python3.5: ignored (out of standard support) trusty/esm_python3.5: needed xenial_python3.5: released (3.5.2-2ubuntu0~16.04.8) esm-infra/xenial_python3.5: released (3.5.2-2ubuntu0~16.04.8) bionic_python3.5: DNE cosmic_python3.5: DNE disco_python3.5: DNE eoan_python3.5: DNE focal_python3.5: DNE groovy_python3.5: DNE hirsute_python3.5: DNE impish_python3.5: DNE jammy_python3.5: DNE devel_python3.5: DNE Patches_python3.6: upstream: https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc upstream_python3.6: released (3.6.7) precise/esm_python3.6: DNE trusty_python3.6: DNE trusty/esm_python3.6: DNE xenial_python3.6: DNE bionic_python3.6: released (3.6.7-1~18.04) cosmic_python3.6: released (3.6.7-1~18.10) disco_python3.6: DNE eoan_python3.6: DNE focal_python3.6: DNE groovy_python3.6: DNE hirsute_python3.6: DNE impish_python3.6: DNE jammy_python3.6: DNE devel_python3.6: DNE Patches_python3.7: upstream: https://github.com/python/cpython/commit/ef4306b24c9034d6b37bb034e2ebe82e745d4b77 upstream_python3.7: released (3.7.1) precise/esm_python3.7: DNE trusty_python3.7: DNE trusty/esm_python3.7: DNE xenial_python3.7: DNE bionic_python3.7: not-affected (3.7.3~rc1-1) cosmic_python3.7: not-affected (3.7.3~rc1-1) disco_python3.7: not-affected (3.7.3-2) eoan_python3.7: not-affected (3.7.3-2) focal_python3.7: DNE groovy_python3.7: DNE hirsute_python3.7: DNE impish_python3.7: DNE jammy_python3.7: DNE devel_python3.7: DNE