Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0215-1

Опубликовано: 31 янв. 2019
Источник: suse-cvrf

Описание

Security update for python3

This update for python3 fixes the following issues:

Security issue fixed:

  • CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191)
  • CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644)

Список пакетов

Container caasp/v4/389-ds:1.4.2
libpython3_6m1_0-3.6.5-3.8.1
python3-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
Container caasp/v4/hyperkube:v1.17.17
libpython3_6m1_0-3.6.5-3.8.1
python3-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
Container caasp/v4/k8s-sidecar:0.1.75
libpython3_6m1_0-3.6.5-3.8.1
python3-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
Container ses/6/cephcsi/cephcsi:latest
libpython3_6m1_0-3.6.5-3.8.1
python3-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
Container ses/6/rook/ceph:latest
libpython3_6m1_0-3.6.5-3.8.1
python3-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
Container ses/7/ceph/ceph:latest
libpython3_6m1_0-3.6.5-3.8.1
python3-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
python3-curses-3.6.5-3.8.1
Container ses/7/cephcsi/cephcsi:latest
libpython3_6m1_0-3.6.5-3.8.1
python3-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
python3-curses-3.6.5-3.8.1
Container ses/7/prometheus-webhook-snmp:latest
libpython3_6m1_0-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
Container ses/7/rook/ceph:latest
libpython3_6m1_0-3.6.5-3.8.1
python3-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
python3-curses-3.6.5-3.8.1
Container suse/sle-micro/5.0/toolbox:latest
libpython3_6m1_0-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
Container suse/sles/15.2/virt-handler:0.38.1
libpython3_6m1_0-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
Container suse/sles/15.2/virt-launcher:0.38.1
libpython3_6m1_0-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
SUSE Linux Enterprise Module for Basesystem 15
libpython3_6m1_0-3.6.5-3.8.1
python3-3.6.5-3.8.1
python3-base-3.6.5-3.8.1
python3-curses-3.6.5-3.8.1
python3-dbm-3.6.5-3.8.1
python3-devel-3.6.5-3.8.1
python3-idle-3.6.5-3.8.1
python3-tk-3.6.5-3.8.1
SUSE Linux Enterprise Module for Development Tools 15
python3-tools-3.6.5-3.8.1

Ссылки

Описание

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Затронутые продукты
Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.5-3.8.1
Container caasp/v4/389-ds:1.4.2:python3-3.6.5-3.8.1
Container caasp/v4/389-ds:1.4.2:python3-base-3.6.5-3.8.1
Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.5-3.8.1
Ссылки

Описание

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Затронутые продукты
Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.5-3.8.1
Container caasp/v4/389-ds:1.4.2:python3-3.6.5-3.8.1
Container caasp/v4/389-ds:1.4.2:python3-base-3.6.5-3.8.1
Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.5-3.8.1
Ссылки
Уязвимость SUSE-SU-2019:0215-1