ELA-47-1 python2.7 security update

fixes for command injection, REDOS vulnerabilities and uninitialized Expat's hash

2018-09-30
Packagepython2.7
Version2.7.3-6+deb7u5
Related CVEs CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647


CVE-2018-1000802 fix command injection in shutil module

CVE-2018-1060 and CVE-2018-1061 fix REDOS vulnerabilities in poplib and difflib modules

CVE-2018-14647 fix uninitialized Expat’s hash



For Debian 7 Wheezy, these problems have been fixed in version 2.7.3-6+deb7u5.

We recommend that you upgrade your python2.7 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.