CVE-2018-1061 in Ubuntu

CVE-2018-1061

Priority

Description

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is
vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.
An attacker could use this flaw to cause denial of service.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061
https://usn.ubuntu.com/usn/usn-3817-1
https://usn.ubuntu.com/usn/usn-3817-2

Bugs

https://bugs.python.org/issue32981

Notes

mdeslaur> same commits as CVE-2018-1060

Assigned-to

mdeslaur

Package

Source: python2.7 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	released (2.7.3-0ubuntu3.11)
Ubuntu 14.04 LTS (Trusty Tahr):	released (2.7.6-8ubuntu0.5)
Ubuntu 16.04 LTS (Xenial Xerus):	released (2.7.12-1ubuntu0~16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (2.7.15~rc1-1)
Ubuntu 18.10 (Cosmic Cuttlefish):	not-affected (2.7.15-4ubuntu1)
Ubuntu 19.04 (Disco Dingo):	not-affected (2.7.15-4ubuntu1)

Patches:

Upstream:

https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2

Package

Source: python3.4 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (3.4.3-1ubuntu1~14.04.7)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Patches:

Upstream:

https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0

Package

Source: python3.5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	needed
Ubuntu 16.04 LTS (Xenial Xerus):	released (3.5.2-2ubuntu0~16.04.5)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Patches:

Upstream:

https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b

Package

Source: python3.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (3.6.6-1~18.04)
Ubuntu 18.10 (Cosmic Cuttlefish):	not-affected (3.6.6-4)
Ubuntu 19.04 (Disco Dingo):	DNE

Patches:

Upstream:

https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523

Package

Source: python3.7 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (3.7.0~b3-1)
Ubuntu 18.10 (Cosmic Cuttlefish):	not-affected (3.7.0-1)
Ubuntu 19.04 (Disco Dingo):	not-affected (3.7.0-1)

Patches:

Upstream:

https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143

More Information

Updated: 2019-03-19 11:27:13 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)