CVE 2018-14647
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.
Related bugs and status
CVE-2018-14647 (Candidate) is related to these bugs:
Bug #1799202: SRU: update Python 3.7 to the 3.7.1 release
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1799202 | SRU: update Python 3.7 to the 3.7.1 release | python3-stdlib-extensions (Ubuntu) | Undecided | Fix Released | ||
1799202 | SRU: update Python 3.7 to the 3.7.1 release | python3.7 (Ubuntu) | Undecided | Fix Released | ||
1799202 | SRU: update Python 3.7 to the 3.7.1 release | python3-stdlib-extensions (Ubuntu Cosmic) | Undecided | Fix Released | ||
1799202 | SRU: update Python 3.7 to the 3.7.1 release | python3.7 (Ubuntu Cosmic) | Undecided | Fix Released | ||
1799202 | SRU: update Python 3.7 to the 3.7.1 release | python3-stdlib-extensions (Ubuntu Bionic) | Undecided | Fix Released | ||
1799202 | SRU: update Python 3.7 to the 3.7.1 release | python3.7 (Ubuntu Bionic) | Undecided | Fix Released | ||
1799202 | SRU: update Python 3.7 to the 3.7.1 release | python3-defaults (Ubuntu) | Undecided | Fix Released | ||
1799202 | SRU: update Python 3.7 to the 3.7.1 release | python3-defaults (Ubuntu Bionic) | Undecided | Fix Released | ||
1799202 | SRU: update Python 3.7 to the 3.7.1 release | python3-defaults (Ubuntu Cosmic) | Undecided | Fix Released |
Bug #1799206: SRU: update python3.6 to the new minor release 3.6.7
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1799206 | SRU: update python3.6 to the new minor release 3.6.7 | python3.6 (Ubuntu) | Undecided | Fix Released | ||
1799206 | SRU: update python3.6 to the new minor release 3.6.7 | python3.6 (Ubuntu Cosmic) | Undecided | Fix Released | ||
1799206 | SRU: update python3.6 to the new minor release 3.6.7 | python3.6 (Ubuntu Bionic) | Undecided | Fix Released | ||
1799206 | SRU: update python3.6 to the new minor release 3.6.7 | python3-defaults (Ubuntu) | Undecided | Fix Released | ||
1799206 | SRU: update python3.6 to the new minor release 3.6.7 | python3-defaults (Ubuntu Bionic) | Undecided | Fix Released | ||
1799206 | SRU: update python3.6 to the new minor release 3.6.7 | python3-defaults (Ubuntu Cosmic) | Undecided | Fix Released |
Bug #1808476: Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu) | Undecided | Fix Released | ||
1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu Disco) | Undecided | Fix Released | ||
1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu Cosmic) | Undecided | Fix Released | ||
1808476 | Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants | python2.7 (Ubuntu Bionic) | Undecided | Fix Released |
Bug #1822993: SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8
Bug #1855133: SRU: update python2.7 to the 2.7.17 release
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1855133 | SRU: update python2.7 to the 2.7.17 release | python2.7 (Ubuntu) | Undecided | Fix Released | ||
1855133 | SRU: update python2.7 to the 2.7.17 release | python2.7 (Ubuntu Bionic) | Undecided | Fix Released | ||
1855133 | SRU: update python2.7 to the 2.7.17 release | python-stdlib-extensions (Ubuntu) | Undecided | Fix Released | ||
1855133 | SRU: update python2.7 to the 2.7.17 release | python-stdlib-extensions (Ubuntu Bionic) | Undecided | Fix Released | ||
1855133 | SRU: update python2.7 to the 2.7.17 release | python-stdlib-extensions (Ubuntu Eoan) | Undecided | Fix Released | ||
1855133 | SRU: update python2.7 to the 2.7.17 release | python2.7 (Ubuntu Eoan) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.