Описание
Security update for python
This update for python fixes the following issues:
Security issues fixed:
- CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. (bsc#1130840)
- CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)
- CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238).
Список пакетов
Image SLES15-Azure-BYOS
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-EC2-HVM-BYOS
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-GCE-BYOS
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-OCI-BYOS
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SAP-Azure
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SAP-Azure-BYOS
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SAP-EC2-HVM
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SAP-EC2-HVM-BYOS
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SAP-GCE
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SAP-GCE-BYOS
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SAP-OCI-BYOS
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP1-SAPCAL-Azure
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP1-SAPCAL-EC2-HVM
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP1-SAPCAL-GCE
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP2-SAP-Azure
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
Image SLES15-SP2-SAP-BYOS-Azure
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP2-SAP-BYOS-GCE
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP2-SAP-EC2-HVM
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP2-SAP-GCE
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP3-EC2-HVM
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP3-SAP-Azure
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.14-7.24.1
python-base-2.7.14-7.24.1
Image SLES15-SP3-SAP-EC2-HVM
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP3-SAP-GCE
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP3-SAPCAL-Azure
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Image SLES15-SP3-SAPCAL-GCE
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
SUSE Linux Enterprise Module for Basesystem 15
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
python-curses-2.7.14-7.24.1
python-devel-2.7.14-7.24.1
python-gdbm-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
libpython2_7-1_0-2.7.14-7.24.1
python-2.7.14-7.24.1
python-base-2.7.14-7.24.1
SUSE Linux Enterprise Module for Desktop Applications 15
python-tk-2.7.14-7.24.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
python-tk-2.7.14-7.24.1
SUSE Linux Enterprise Module for Python 2 15 SP1
python-curses-2.7.14-7.24.1
python-devel-2.7.14-7.24.1
python-gdbm-2.7.14-7.24.1
python-xml-2.7.14-7.24.1
Ссылки
- Link for SUSE-SU-2019:2743-1
- E-Mail link for SUSE-SU-2019:2743-1
- SUSE Security Ratings
- SUSE Bug 1130840
- SUSE Bug 1149955
- SUSE Bug 1153238
- SUSE CVE CVE-2019-16056 page
- SUSE CVE CVE-2019-16935 page
- SUSE CVE CVE-2019-9947 page
Описание
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
Затронутые продукты
Image SLES15-Azure-BYOS:libpython2_7-1_0-2.7.14-7.24.1
Image SLES15-Azure-BYOS:python-2.7.14-7.24.1
Image SLES15-Azure-BYOS:python-base-2.7.14-7.24.1
Image SLES15-Azure-BYOS:python-xml-2.7.14-7.24.1
Ссылки
- CVE-2019-16056
- SUSE Bug 1149955
Описание
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
Затронутые продукты
Image SLES15-Azure-BYOS:libpython2_7-1_0-2.7.14-7.24.1
Image SLES15-Azure-BYOS:python-2.7.14-7.24.1
Image SLES15-Azure-BYOS:python-base-2.7.14-7.24.1
Image SLES15-Azure-BYOS:python-xml-2.7.14-7.24.1
Ссылки
- CVE-2019-16935
- SUSE Bug 1153238
Описание
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
Затронутые продукты
Image SLES15-Azure-BYOS:libpython2_7-1_0-2.7.14-7.24.1
Image SLES15-Azure-BYOS:python-2.7.14-7.24.1
Image SLES15-Azure-BYOS:python-base-2.7.14-7.24.1
Image SLES15-Azure-BYOS:python-xml-2.7.14-7.24.1
Ссылки
- CVE-2019-9947
- SUSE Bug 1130840
- SUSE Bug 1136184
- SUSE Bug 1155094
- SUSE Bug 1201559