SUSE-SU-2019:1352-1

Опубликовано: 24 мая 2019

Источник: suse-cvrf

Описание

Security update for python3

This update for python3 to version 3.6.8 fixes the following issues:

Security issue fixed:

CVE-2019-9947: Fixed an issue in urllib2 which allowed CRLF injection if the attacker controls a url parameter (bsc#1130840).

Non-security issue fixed:

Fixed broken debuginfo packages by switching off LTO and PGO optimization (bsc#1133452).

Список пакетов

Container caasp/v4/389-ds:1.4.2

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Container caasp/v4/hyperkube:v1.17.17

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Container caasp/v4/k8s-sidecar:0.1.75

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Container ses/6/cephcsi/cephcsi:latest

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Container ses/6/rook/ceph:latest

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Container ses/7/ceph/ceph:latest

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Container ses/7/cephcsi/cephcsi:latest

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Container ses/7/prometheus-webhook-snmp:latest

libpython3_6m1_0-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Container ses/7/rook/ceph:latest

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Container suse/sle-micro/5.0/toolbox:latest

libpython3_6m1_0-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Container suse/sles/15.2/virt-handler:0.38.1

libpython3_6m1_0-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Container suse/sles/15.2/virt-launcher:0.38.1

libpython3_6m1_0-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-Azure-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-EC2-CHOST-HVM-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-EC2-HVM-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-GCE-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-OCI-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SAP-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SAP-Azure-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SAP-EC2-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SAP-EC2-HVM-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SAP-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SAP-GCE-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SAP-OCI-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-Azure-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-Azure-HPC-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-SP1-CAP-Deployment-BYOS-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-SP1-CHOST-BYOS-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-SP1-CHOST-BYOS-EC2

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-SP1-CHOST-BYOS-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-SP1-EC2-HPC-HVM-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-EC2-HVM-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-GCE-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-OCI-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAP-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAP-Azure-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAP-EC2-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAP-EC2-HVM-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAP-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAP-GCE-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAP-OCI-BYOS

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAPCAL-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAPCAL-EC2-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP1-SAPCAL-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-Azure-Basic

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-Azure-Standard

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-BYOS-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-BYOS-EC2-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-BYOS-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-CAP-Deployment-BYOS-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-SP2-CHOST-BYOS-Aliyun

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-SP2-CHOST-BYOS-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-SP2-CHOST-BYOS-EC2

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-SP2-CHOST-BYOS-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-SP2-EC2-ECS-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

Image SLES15-SP2-EC2-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-HPC-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-HPC-BYOS-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-HPC-BYOS-EC2-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-SAP-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-SAP-BYOS-Azure

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-SAP-BYOS-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-SAP-EC2-HVM

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

Image SLES15-SP2-SAP-GCE

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

SUSE Linux Enterprise Module for Basesystem 15

libpython3_6m1_0-3.6.8-3.16.2

python3-3.6.8-3.16.2

python3-base-3.6.8-3.16.2

python3-curses-3.6.8-3.16.2

python3-dbm-3.6.8-3.16.2

python3-devel-3.6.8-3.16.2

python3-idle-3.6.8-3.16.2

python3-tk-3.6.8-3.16.2

SUSE Linux Enterprise Module for Development Tools 15

python3-tools-3.6.8-3.16.2

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20191352-1/
Link for SUSE-SU-2019:1352-1
https://lists.suse.com/pipermail/sle-security-updates/2019-May/005497.html
E-Mail link for SUSE-SU-2019:1352-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1130840
SUSE Bug 1130840
https://bugzilla.suse.com/1133452
SUSE Bug 1133452
https://www.suse.com/security/cve/CVE-2019-9947/
SUSE CVE CVE-2019-9947 page

Описание

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Затронутые продукты

Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.8-3.16.2

Container caasp/v4/389-ds:1.4.2:python3-3.6.8-3.16.2

Container caasp/v4/389-ds:1.4.2:python3-base-3.6.8-3.16.2

Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.8-3.16.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-9947.html
CVE-2019-9947
https://bugzilla.suse.com/1130840
SUSE Bug 1130840
https://bugzilla.suse.com/1136184
SUSE Bug 1136184
https://bugzilla.suse.com/1155094
SUSE Bug 1155094
https://bugzilla.suse.com/1201559
SUSE Bug 1201559