ELA-48-1 python2.6 security update

fixes for command injection, REDOS vulnerabilities and uninitialized Expat's hash

2018-09-30
Packagepython2.6
Version2.6.8-1.1+deb7u2
Related CVEs CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647


CVE-2018-1000802 fix command injection in shutil module

CVE-2018-1060 and CVE-2018-1061 fix REDOS vulnerabilities in poplib and difflib modules

CVE-2018-14647 fix uninitialized Expat’s hash



For Debian 7 Wheezy, these problems have been fixed in version 2.6.8-1.1+deb7u2.

We recommend that you upgrade your python2.6 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.