Описание
Recommended update for python-botocore
This update for python-boto3, python-botocore and python-futures fixes the following issues:
python-botocore was updated to 1.13.33:
- Fix for python3-botocore versioning issues between SLES12 SP3 Teradata and Public Cloud Module. (bsc#1129696)
- Remove the broken attempt to avoid using the bundled requests module provided by the source. (boo#1088310)
- Update to the latest SDK components. (bsc#1146853, bsc#1146854)
- Add support for urllib 1.25 for CVE-2019-9947. (boo#1136184)
- Fix implementing MD5 header injection into new operations if they are necessary and create default session configuration. (bsc#1118021, bsc#1118024, bsc#1118027)
- Add attribute 'ssl_context' to 'AWSHTTPSConnection'. (bsc#1095041)
python-boto3 was updated to 1.10.33.
python-futures also provides python2-futures in the python2 build.
Список пакетов
HPE Helion OpenStack 8
Image SLES12-SP4-Azure-BYOS
Image SLES12-SP4-EC2-HVM-BYOS
Image SLES12-SP4-GCE-BYOS
Image SLES12-SP4-SAP-Azure-BYOS
Image SLES12-SP4-SAP-EC2-HVM
Image SLES12-SP4-SAP-EC2-HVM-BYOS
Image SLES12-SP4-SAP-GCE-BYOS
Image SLES12-SP5-Azure-BYOS
Image SLES12-SP5-Azure-HPC-BYOS
Image SLES12-SP5-Azure-SAP-BYOS
Image SLES12-SP5-EC2-BYOS
Image SLES12-SP5-EC2-ECS-On-Demand
Image SLES12-SP5-EC2-On-Demand
Image SLES12-SP5-EC2-SAP-BYOS
Image SLES12-SP5-EC2-SAP-On-Demand
Image SLES12-SP5-GCE-BYOS
Image SLES12-SP5-GCE-SAP-BYOS
SUSE Enterprise Storage 5
SUSE Linux Enterprise Module for Advanced Systems Management 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Point of Sale 12 SP2
SUSE Manager Client Tools 12
SUSE Manager Proxy 3.2
SUSE Manager Server 3.2
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-RU-2020:0775-1
- E-Mail link for SUSE-RU-2020:0775-1
- SUSE Security Ratings
- SUSE Bug 1069697
- SUSE Bug 1075263
- SUSE Bug 1088310
- SUSE Bug 1095041
- SUSE Bug 1118021
- SUSE Bug 1118024
- SUSE Bug 1118027
- SUSE Bug 1129696
- SUSE Bug 1136184
- SUSE Bug 1146853
- SUSE Bug 1146854
- SUSE CVE CVE-2019-9947 page
Описание
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Затронутые продукты
Ссылки
- CVE-2019-9947
- SUSE Bug 1130840
- SUSE Bug 1136184
- SUSE Bug 1155094
- SUSE Bug 1201559