SUSE-SU-2019:0243-1

Опубликовано: 05 фев. 2019

Источник: suse-cvrf

Описание

Security update for python3

This update for python3 fixes the following issues:

Security issue fixed:

CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191)
CVE-2018-20406: Fixed a integer overflow via a large LONG_BINPUT (bsc#1120644)

Список пакетов

Image SLES12-SP4-Azure-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP4-EC2-HVM-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP4-GCE-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP4-OCI-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP4-SAP-Azure

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-Azure-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-EC2-HVM

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-GCE

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-GCE-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP4-SAP-OCI-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-Azure-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-Azure-Basic-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-Azure-HPC-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-Azure-HPC-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-Azure-SAP-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-Azure-SAP-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-Azure-Standard-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-EC2-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-EC2-ECS-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-EC2-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-EC2-SAP-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-EC2-SAP-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-GCE-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-GCE-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-GCE-SAP-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-GCE-SAP-On-Demand

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-OCI-BYOS-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Enterprise Storage 4

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Linux Enterprise Desktop 12 SP3

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Linux Enterprise Desktop 12 SP4

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Linux Enterprise Module for Web and Scripting 12

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

SUSE Linux Enterprise Server 12 SP1-LTSS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

SUSE Linux Enterprise Server 12 SP2-BCL

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Linux Enterprise Server 12 SP2-LTSS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Linux Enterprise Server 12 SP3

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Linux Enterprise Server 12 SP4

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Linux Enterprise Server 12-LTSS

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

SUSE Linux Enterprise Software Development Kit 12 SP3

python3-devel-3.4.6-25.21.1

SUSE Linux Enterprise Software Development Kit 12 SP4

python3-dbm-3.4.6-25.21.1

python3-devel-3.4.6-25.21.1

SUSE OpenStack Cloud 7

libpython3_4m1_0-3.4.6-25.21.1

python3-3.4.6-25.21.1

python3-base-3.4.6-25.21.1

python3-curses-3.4.6-25.21.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20190243-1/
Link for SUSE-SU-2019:0243-1
https://lists.suse.com/pipermail/sle-security-updates/2019-February/005085.html
E-Mail link for SUSE-SU-2019:0243-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1120644
SUSE Bug 1120644
https://bugzilla.suse.com/1122191
SUSE Bug 1122191
https://www.suse.com/security/cve/CVE-2018-20406/
SUSE CVE CVE-2018-20406 page
https://www.suse.com/security/cve/CVE-2019-5010/
SUSE CVE CVE-2019-5010 page

Описание

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Затронутые продукты

Image SLES12-SP4-Azure-BYOS:libpython3_4m1_0-3.4.6-25.21.1

Image SLES12-SP4-Azure-BYOS:python3-3.4.6-25.21.1

Image SLES12-SP4-Azure-BYOS:python3-base-3.4.6-25.21.1

Image SLES12-SP4-EC2-HVM-BYOS:libpython3_4m1_0-3.4.6-25.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-20406.html
CVE-2018-20406
https://bugzilla.suse.com/1120644
SUSE Bug 1120644

Описание

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Затронутые продукты

Image SLES12-SP4-Azure-BYOS:libpython3_4m1_0-3.4.6-25.21.1

Image SLES12-SP4-Azure-BYOS:python3-3.4.6-25.21.1

Image SLES12-SP4-Azure-BYOS:python3-base-3.4.6-25.21.1

Image SLES12-SP4-EC2-HVM-BYOS:libpython3_4m1_0-3.4.6-25.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-5010.html
CVE-2019-5010
https://bugzilla.suse.com/1122191
SUSE Bug 1122191
https://bugzilla.suse.com/1126909
SUSE Bug 1126909

SUSE-SU-2019:0243-1

Описание

Список пакетов

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-OCI-BYOS-BYOS

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Enterprise Storage 4

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Module for Web and Scripting 12

SUSE Linux Enterprise Server 12 SP1-LTSS

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE OpenStack Cloud 7

Ссылки

Уязвимость: CVE-2018-20406

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-5010

Описание

Затронутые продукты

Ссылки