Access your Security Operations Centre (SOC) Česky   English

Gentoo update for Python

Published: 2018-11-09 09:46:30 | Updated: 2018-11-09 09:46:44
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-1000030
CVSSv3 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-119
Exploitation vector Network
Public exploit Not available
Vulnerable software Gentoo Linux
Vulnerable software versions Gentoo Linux -
Vendor URL Gentoo

Security Advisory

1) Memory corruption

Description

The vulnerability allows a remote unauthenticated attacker to gain elevated privileges on the target system.

The weakness exists due to race condition. A remote attacker can trigger memory corruption and cause the service to crash or possibly execute arbitrary code with elevated privileges on the target system.

Remediation

Update the affected packages.
dev-lang/python to version: 2.7.15

External links

https://security.gentoo.org/glsa/201811-02

SaaS Vulnerability Scanner
  • Secure your network perimeter
  • Receive alerts on latest vulnerabilities
  • 7-days free trial
Back to List