SUSE-SU-2019:0215-1

Опубликовано: 31 янв. 2019

Источник: suse-cvrf

Описание

Security update for python3

This update for python3 fixes the following issues:

Security issue fixed:

CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191)
CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644)

Список пакетов

Container caasp/v4/389-ds:1.4.2

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Container caasp/v4/hyperkube:v1.17.17

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Container caasp/v4/k8s-sidecar:0.1.75

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Container ses/6/cephcsi/cephcsi:latest

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Container ses/6/rook/ceph:latest

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Container ses/7/ceph/ceph:latest

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Container ses/7/cephcsi/cephcsi:latest

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Container ses/7/prometheus-webhook-snmp:latest

libpython3_6m1_0-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Container ses/7/rook/ceph:latest

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Container suse/sle-micro/5.0/toolbox:latest

libpython3_6m1_0-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Container suse/sles/15.2/virt-handler:0.38.1

libpython3_6m1_0-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Container suse/sles/15.2/virt-launcher:0.38.1

libpython3_6m1_0-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-Azure-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-EC2-CHOST-HVM-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-EC2-HVM-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-GCE-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-OCI-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SAP-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SAP-Azure-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SAP-EC2-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SAP-EC2-HVM-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SAP-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SAP-GCE-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SAP-OCI-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-Azure-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-Azure-HPC-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-SP1-CAP-Deployment-BYOS-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-SP1-CHOST-BYOS-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-SP1-CHOST-BYOS-EC2

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-SP1-CHOST-BYOS-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-SP1-EC2-HPC-HVM-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-EC2-HVM-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-GCE-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-OCI-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAP-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAP-Azure-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAP-EC2-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAP-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAP-GCE-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAP-OCI-BYOS

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAPCAL-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAPCAL-EC2-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP1-SAPCAL-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-Azure-Basic

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-Azure-Standard

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-BYOS-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-BYOS-EC2-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-BYOS-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-CAP-Deployment-BYOS-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-SP2-CHOST-BYOS-Aliyun

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-SP2-CHOST-BYOS-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-SP2-CHOST-BYOS-EC2

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-SP2-CHOST-BYOS-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-SP2-EC2-ECS-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

Image SLES15-SP2-EC2-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-HPC-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-HPC-BYOS-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-SAP-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-SAP-BYOS-Azure

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-SAP-BYOS-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-SAP-EC2-HVM

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

Image SLES15-SP2-SAP-GCE

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

SUSE Linux Enterprise Module for Basesystem 15

libpython3_6m1_0-3.6.5-3.8.1

python3-3.6.5-3.8.1

python3-base-3.6.5-3.8.1

python3-curses-3.6.5-3.8.1

python3-dbm-3.6.5-3.8.1

python3-devel-3.6.5-3.8.1

python3-idle-3.6.5-3.8.1

python3-tk-3.6.5-3.8.1

SUSE Linux Enterprise Module for Development Tools 15

python3-tools-3.6.5-3.8.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20190215-1/
Link for SUSE-SU-2019:0215-1
https://lists.suse.com/pipermail/sle-security-updates/2019-January/005071.html
E-Mail link for SUSE-SU-2019:0215-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1120644
SUSE Bug 1120644
https://bugzilla.suse.com/1122191
SUSE Bug 1122191
https://www.suse.com/security/cve/CVE-2018-20406/
SUSE CVE CVE-2018-20406 page
https://www.suse.com/security/cve/CVE-2019-5010/
SUSE CVE CVE-2019-5010 page

Описание

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Затронутые продукты

Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.5-3.8.1

Container caasp/v4/389-ds:1.4.2:python3-3.6.5-3.8.1

Container caasp/v4/389-ds:1.4.2:python3-base-3.6.5-3.8.1

Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.5-3.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-20406.html
CVE-2018-20406
https://bugzilla.suse.com/1120644
SUSE Bug 1120644

Описание

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Затронутые продукты

Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.5-3.8.1

Container caasp/v4/389-ds:1.4.2:python3-3.6.5-3.8.1

Container caasp/v4/389-ds:1.4.2:python3-base-3.6.5-3.8.1

Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.5-3.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-5010.html
CVE-2019-5010
https://bugzilla.suse.com/1122191
SUSE Bug 1122191
https://bugzilla.suse.com/1126909
SUSE Bug 1126909