CVE-2018-1000030 : on s390x python2.7-2.7.15~rc1-1ubuntu0.1

Asked by Anita Nayak on 2019-07-08

When checked python2.7-2.7.15~rc1-1ubuntu0.1 on `ubuntu:latest` image on s390x platform, python version is still showing as `2.7.15-4ubuntu4~18.04` for few libraries. Looks like it does not contain the Security fix ` CVE-2018-1000030` on the whole.
For e.g.

docker run --rm --entrypoint /bin/sh s390x/ubuntu:latest -c "apt-get update; apt-get dist-upgrade; dpkg-reconfigure unattended-upgrades ;apt install python python-pip -y; dpkg -l | grep -i python"

....
Running hooks in /etc/ca-certificates/update.d...
done.
ii libpython-all-dev:s390x 2.7.15~rc1-1 s390x package depending on all supported Python development packages
ii libpython-dev:s390x 2.7.15~rc1-1 s390x header files and a static library for Python (default)
ii libpython-stdlib:s390x 2.7.15~rc1-1 s390x interactive high-level object-oriented language (default python version)
ii libpython2.7:s390x 2.7.15-4ubuntu4~18.04 s390x Shared Python runtime library (version 2.7)
ii libpython2.7-dev:s390x 2.7.15-4ubuntu4~18.04 s390x Header files and a static library for Python (v2.7)
ii libpython2.7-minimal:s390x 2.7.15-4ubuntu4~18.04 s390x Minimal subset of the Python language (version 2.7)
ii libpython2.7-stdlib:s390x 2.7.15-4ubuntu4~18.04 s390x Interactive high-level object-oriented language (standard library, version 2.7)
ii python 2.7.15~rc1-1 s390x interactive high-level object-oriented language (default version)
ii python-all 2.7.15~rc1-1 s390x package depending on all supported Python runtime versions
ii python-all-dev 2.7.15~rc1-1 s390x package depending on all supported Python development packages
ii python-asn1crypto 0.24.0-1 all Fast ASN.1 parser and serializer (Python 2)
ii python-cffi-backend 1.11.5-1 s390x Foreign Function Interface for Python calling C code - backend
ii python-crypto 2.6.1-8ubuntu2 s390x cryptographic algorithms and protocols for Python
ii python-cryptography 2.1.4-1ubuntu1.3 s390x Python library exposing cryptographic recipes and primitives (Python 2)
ii python-dbus 1.2.6-1 s390x simple interprocess messaging system (Python interface)
ii python-dev 2.7.15~rc1-1 s390x header files and a static library for Python (default)
ii python-enum34 1.1.6-2 all backport of Python 3.4's enum package
ii python-gi 3.26.1-2ubuntu1 s390x Python 2.x bindings for gobject-introspection libraries
ii python-idna 2.6-1 all Python IDNA2008 (RFC 5891) handling (Python 2)
ii python-ipaddress 1.0.17-1 all Backport of Python 3 ipaddress module (Python 2)
ii python-keyring 10.6.0-1 all store and access your passwords safely
ii python-keyrings.alt 3.0-1 all alternate backend implementations for python-keyring
ii python-minimal 2.7.15~rc1-1 s390x minimal subset of the Python language (default version)
ii python-pip 9.0.1-2.3~ubuntu1.18.04.1 all Python package installer
ii python-pip-whl 9.0.1-2.3~ubuntu1.18.04.1 all Python package installer
ii python-pkg-resources 39.0.1-2 all Package Discovery and Resource Access using pkg_resources
ii python-secretstorage 2.3.1-2 all Python module for storing secrets - Python 2.x version
ii python-setuptools 39.0.1-2 all Python Distutils Enhancements
ii python-six 1.11.0-2 all Python 2 and 3 compatibility library (Python 2 interface)
ii python-wheel 0.30.0-0.2 all built-package format for Python
ii python-xdg 0.25-4ubuntu1 all Python 2 library to access freedesktop.org standards
ii python2.7 2.7.15-4ubuntu4~18.04 s390x Interactive high-level object-oriented language (version 2.7)
ii python2.7-dev 2.7.15-4ubuntu4~18.04 s390x Header files and a static library for Python (v2.7)
ii python2.7-minimal 2.7.15-4ubuntu4~18.04 s390x Minimal subset of the Python language (version 2.7)

Could anyone please let us know if we are missing steps? Do we need to add few more repos and all?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu python2.7 Edit question
Assignee:
No assignee Edit question
Last query:
2019-07-08
Last reply:
2019-07-08
Anita Nayak (anitanayak) said : #1

As per link `https://launchpad.net/ubuntu/bionic/+source/python2.7`, on ubuntu:18.04, we should get python version `python2.7-2.7.15~rc1-1ubuntu0.1` ...

Manfred Hampl (m-hampl) said : #2

According to https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000030.html only python version 2.7.14 was vulnerable, and the packages have already been upgraded to 2.7.15-*

And please do not confuse
https://launchpad.net/ubuntu/+source/python2.7
and
https://launchpad.net/ubuntu/+source/python-defaults

And finally, for your comment
As per link `https://launchpad.net/ubuntu/bionic/+source/python2.7`, on ubuntu:18.04, we should get python version `python2.7-2.7.15~rc1-1ubuntu0.1` ...

The original version was python2.7 2.7.15~rc1-1
Then there was an update for security reasons to python2.7 2.7.15~rc1-1ubuntu0.1
And meanwhile there was another update to python2.7 2.7.15-4ubuntu4~18.04

The highest number of these three is 2.7.15-4ubuntu4~18.04 and that's what you have on your system.

Can you help with this problem?

Provide an answer of your own, or ask Anita Nayak for more information if necessary.

To post a message you must log in.