[3.7] python3: Multiple vulnerabilities (CVE-2018-14647, CVE-2018-20406, CVE-2019-9636)| ID: oval:org.secpod.oval:def:1801399 | Date: (C)2019-06-25 (M)2024-04-17 |
| Class: PATCH | Family: unix |
CVE-2018-14647: Missing salt initialization in _elementtree.c module¶ A flaw was found in python"s _elementtree.c module, a wrapper for libexpat XML parser. xml.etree C accelerator don"t call XML_SetHashSalt, failing to properly initiate the random hash seed from a good CSPRNG source and making hash collision attacks with carefully crafted XML data easier. Fixed In Version:¶ python 3.7.1, python 3.6.7, python 2.7.16
| Platform: |
| Alpine Linux 3.7 |
