[3.6] python3: Multiple vulnerabilities (CVE-2018-14647, CVE-2018-20406, CVE-2019-9636)ID: oval:org.secpod.oval:def:1801401 | Date: (C)2019-06-07 (M)2024-04-17 |
Class: PATCH | Family: unix |
CVE-2018-14647: Missing salt initialization in _elementtree.c module¶ A flaw was found in python"s _elementtree.c module, a wrapper for libexpat XML parser. xml.etree C accelerator don"t call XML_SetHashSalt, failing to properly initiate the random hash seed from a good CSPRNG source and making hash collision attacks with carefully crafted XML data easier. Fixed In Version:¶ python 3.7.1, python 3.6.7, python 2.7.16
Platform: |
Alpine Linux 3.6 |