Launchpad.net

CVE 2018-1000802

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.

Related bugs and status

CVE-2018-1000802 (Candidate) is related to these bugs:

Bug #1808476: Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants

		In	Importance	Status
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu)	Undecided	Fix Released
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu Disco)	Undecided	Fix Released
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu Cosmic)	Undecided	Fix Released
1808476	Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak constants	python2.7 (Ubuntu Bionic)	Undecided	Fix Released

Bug #1822993: SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8

		In	Importance	Status
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3-stdlib-extensions (Ubuntu)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3.7 (Ubuntu)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python-stdlib-extensions (Ubuntu)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python2.7 (Ubuntu)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python2.7 (Ubuntu Cosmic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python-stdlib-extensions (Ubuntu Cosmic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3.7 (Ubuntu Cosmic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3.6 (Ubuntu Cosmic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3-stdlib-extensions (Ubuntu Cosmic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python3-stdlib-extensions (Ubuntu Bionic)	Undecided	Fix Released
1822993	SRU: update Python 2.7 to 2.7.16, Python 3.7 to 3.7.3 and 3.6 to 3.6.8	python-stdlib-extensions (Ubuntu Bionic)	Undecided	Fix Released

Bug #1855133: SRU: update python2.7 to the 2.7.17 release

		In	Importance	Status
1855133	SRU: update python2.7 to the 2.7.17 release	python2.7 (Ubuntu)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python2.7 (Ubuntu Bionic)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python-stdlib-extensions (Ubuntu)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python-stdlib-extensions (Ubuntu Bionic)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python-stdlib-extensions (Ubuntu Eoan)	Undecided	Fix Released
1855133	SRU: update python2.7 to the 2.7.17 release	python2.7 (Ubuntu Eoan)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-1000802

Related bugs and status

Related bugs

References