SB2018081631 - Improper input validation in python2-tkinter (Alpine package)
Published: August 16, 2018
Security Bulletin ID
SB2018081631
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2018-1061)
The vulnerability allows a remote attacker to cause DoS condition on he target system.The weakness exists due to the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method difflib. A remote attacker can cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=9fb8921f2d9049198f8af9d8966f925eeb0f1271
- https://git.alpinelinux.org/aports/commit/?id=a98ecebd5f6f68faeae98d58be056e329e9944ea
- https://git.alpinelinux.org/aports/commit/?id=128a6d599942015eb26684a51d6391641e02f8b7
- https://git.alpinelinux.org/aports/commit/?id=5ad0ec7da1064361cc74d56edf7524960f49ef9b
- https://git.alpinelinux.org/aports/commit/?id=a22bed04e6d6950b727d73d46a56ac32beaa305b
- https://git.alpinelinux.org/aports/commit/?id=d96309a215754135a99d10a0a43b14ca0bd4d434
- https://git.alpinelinux.org/aports/commit/?id=1ac1aea693aac924c8712058fef08e6acf7cfb9a
- https://git.alpinelinux.org/aports/commit/?id=b5d9f9890316dfd0222e03e98b5de43f8e2313bb
- https://git.alpinelinux.org/aports/commit/?id=799afe35e0e4d930bf9066acda1c547698e81666
- https://git.alpinelinux.org/aports/commit/?id=3f688ccb2062d9f778857f9a23cb8f2ab6a2f0fd
- https://git.alpinelinux.org/aports/commit/?id=ba3af2d7650b19f585f0dce03bd2d280d3ae3839
- https://git.alpinelinux.org/aports/commit/?id=6a58b3c6ab3c909575de44889e9228f2ea2cc845
- https://git.alpinelinux.org/aports/commit/?id=bb7e90cba82a54c1b78cfd28a8706fbc21c93431
- https://git.alpinelinux.org/aports/commit/?id=db71a585824c36d9d4b001a722ac9681b0f7809a
- https://git.alpinelinux.org/aports/commit/?id=e8b9e4a7268d454dc9e9d0f7640a66cd4d4fb2fa
- https://git.alpinelinux.org/aports/commit/?id=c04db119f841cc84a86f7b8db44948c3b27513f9
- https://git.alpinelinux.org/aports/commit/?id=8f44fd6cf982dbe7fdbb4dcc859510cb4b455027
- https://git.alpinelinux.org/aports/commit/?id=25ab1f448efbe2bedbf0ebce9eca8d5c154fad56
- https://git.alpinelinux.org/aports/commit/?id=9a20dba0d96f2545b31073029756b74f96a63d44