漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that Python incorrectly handled large amounts of data.
It was discovered that Python incorrectly handled running external commands in the shutil module.
It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking.
It was discovered that Python failed to initialize Expat's hash salt.
漏洞危害
A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030)
A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000802)
A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060, CVE-2018-1061)
A remote attacker could possibly use this issue to cause hash collisions, leading to a denial of service. (CVE-2018-14647)
解决方案
Refer to Ubuntu advisory USN-3817-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3817-1: 14.04 (Kylin) on src (python3.4-minimal)
USN-3817-1: 16.04 (Xenial) on src (python2.7)
USN-3817-1: 16.04 (Xenial) on src (python3.5)
USN-3817-1: 16.04 (Xenial) on src (python3.5-minimal)
USN-3817-1: 18.04 (bionic) on src (python2.7-minimal)
USN-3817-1: 18.04 (bionic) on src (python2.7)
USN-3817-1: 14.04 (Kylin) on src (python2.7)
USN-3817-1: 14.04 (Kylin) on src (python3.4)
0daybank
文章评论