SUSE-SU-2019:0482-2

Опубликовано: 26 апр. 2019

Источник: suse-cvrf

Описание

Security update for python

This update for python fixes the following issues:

Security issues fixed:

CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191).
CVE-2018-14647: Fixed a denial-of-service vulnerability in Expat (bsc#1109847).

Non-security issue fixed:

Fixed a bug where PyWeakReference struct was not initialized correctly leading to a crash (bsc#1073748).

Список пакетов

Container caasp/v4/salt-api:beta1

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Container caasp/v4/salt-master:beta1

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Image SLES12-SP4-EC2-HVM-BYOS

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Image SLES12-SP4-GCE-BYOS

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Image SLES12-SP4-OCI-BYOS

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Image SLES12-SP4-SAP-Azure

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Image SLES12-SP4-SAP-EC2-HVM

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Image SLES12-SP4-SAP-GCE

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Image SLES12-SP4-SAP-GCE-BYOS

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Image SLES12-SP4-SAP-OCI-BYOS

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Image SLES12-SP5-OCI-BYOS-BYOS

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

libpython2_7-1_0-2.7.13-28.21.1

python-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

libpython2_7-1_0-2.7.13-28.21.1

libpython2_7-1_0-32bit-2.7.13-28.21.1

python-2.7.13-28.21.1

python-32bit-2.7.13-28.21.1

python-base-2.7.13-28.21.1

python-base-32bit-2.7.13-28.21.1

python-curses-2.7.13-28.21.1

python-demo-2.7.13-28.21.1

python-devel-2.7.13-28.21.1

python-doc-2.7.13-28.21.1

python-doc-pdf-2.7.13-28.21.1

python-gdbm-2.7.13-28.21.1

python-idle-2.7.13-28.21.1

python-tk-2.7.13-28.21.1

python-xml-2.7.13-28.21.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20190482-2/
Link for SUSE-SU-2019:0482-2
https://lists.suse.com/pipermail/sle-security-updates/2019-April/005374.html
E-Mail link for SUSE-SU-2019:0482-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1073748
SUSE Bug 1073748
https://bugzilla.suse.com/1109847
SUSE Bug 1109847
https://bugzilla.suse.com/1122191
SUSE Bug 1122191
https://www.suse.com/security/cve/CVE-2018-14647/
SUSE CVE CVE-2018-14647 page
https://www.suse.com/security/cve/CVE-2019-5010/
SUSE CVE CVE-2019-5010 page

Описание

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

Затронутые продукты

Container caasp/v4/salt-api:beta1:libpython2_7-1_0-2.7.13-28.21.1

Container caasp/v4/salt-api:beta1:python-2.7.13-28.21.1

Container caasp/v4/salt-api:beta1:python-base-2.7.13-28.21.1

Container caasp/v4/salt-api:beta1:python-xml-2.7.13-28.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14647.html
CVE-2018-14647
https://bugzilla.suse.com/1109847
SUSE Bug 1109847
https://bugzilla.suse.com/1126909
SUSE Bug 1126909

Описание

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Затронутые продукты

Container caasp/v4/salt-api:beta1:libpython2_7-1_0-2.7.13-28.21.1

Container caasp/v4/salt-api:beta1:python-2.7.13-28.21.1

Container caasp/v4/salt-api:beta1:python-base-2.7.13-28.21.1

Container caasp/v4/salt-api:beta1:python-xml-2.7.13-28.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-5010.html
CVE-2019-5010
https://bugzilla.suse.com/1122191
SUSE Bug 1122191
https://bugzilla.suse.com/1126909
SUSE Bug 1126909

SUSE-SU-2019:0482-2

Описание

Список пакетов

Container caasp/v4/salt-api:beta1

Container caasp/v4/salt-master:beta1

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

Image SLES12-SP5-OCI-BYOS-BYOS

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

SUSE Linux Enterprise Server for SAP Applications 12 SP1

Ссылки

Уязвимость: CVE-2018-14647

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-5010

Описание

Затронутые продукты

Ссылки