Wind River Support Network

HomeDefectsLIN6-15052
Fixed

LIN6-15052 : Security Advisory - python - CVE-2018-1000802

Created: Oct 15, 2018    Updated: Dec 19, 2018
Resolved Date: Nov 18, 2018
Found In Version: 6.0.0.38
Fix Version: 6.0.0.38
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.

https://nvd.nist.gov/vuln/detail/CVE-2018-1000802

Other Downloads


Live chat
Online