Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:2748-1

Опубликовано: 23 окт. 2019
Источник: suse-cvrf

Описание

Security update for python

This update for python fixes the following issues:

Security issue fixed:

  • CVE-2019-16056: Fixed a parser issue in the email module (bsc#1149955).
  • CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238).

Список пакетов

Image SLES12-SP4-EC2-HVM-BYOS
libpython2_7-1_0-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
Image SLES12-SP4-GCE-BYOS
libpython2_7-1_0-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
Image SLES12-SP4-OCI-BYOS
libpython2_7-1_0-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
Image SLES12-SP4-SAP-Azure
libpython2_7-1_0-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
Image SLES12-SP4-SAP-EC2-HVM
libpython2_7-1_0-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libpython2_7-1_0-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
Image SLES12-SP4-SAP-GCE
libpython2_7-1_0-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
Image SLES12-SP4-SAP-GCE-BYOS
libpython2_7-1_0-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
Image SLES12-SP4-SAP-OCI-BYOS
libpython2_7-1_0-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
Image SLES12-SP5-OCI-BYOS-BYOS
libpython2_7-1_0-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libpython2_7-1_0-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
SUSE Enterprise Storage 5
python-strict-tls-check-2.7.13-28.36.1
SUSE Linux Enterprise Desktop 12 SP4
libpython2_7-1_0-2.7.13-28.36.1
libpython2_7-1_0-32bit-2.7.13-28.36.1
python-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-curses-2.7.13-28.36.1
python-devel-2.7.13-28.36.1
python-tk-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
SUSE Linux Enterprise Server 12 SP4
libpython2_7-1_0-2.7.13-28.36.1
libpython2_7-1_0-32bit-2.7.13-28.36.1
python-2.7.13-28.36.1
python-32bit-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-base-32bit-2.7.13-28.36.1
python-curses-2.7.13-28.36.1
python-demo-2.7.13-28.36.1
python-devel-2.7.13-28.36.1
python-doc-2.7.13-28.36.1
python-doc-pdf-2.7.13-28.36.1
python-gdbm-2.7.13-28.36.1
python-idle-2.7.13-28.36.1
python-tk-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libpython2_7-1_0-2.7.13-28.36.1
libpython2_7-1_0-32bit-2.7.13-28.36.1
python-2.7.13-28.36.1
python-32bit-2.7.13-28.36.1
python-base-2.7.13-28.36.1
python-base-32bit-2.7.13-28.36.1
python-curses-2.7.13-28.36.1
python-demo-2.7.13-28.36.1
python-devel-2.7.13-28.36.1
python-doc-2.7.13-28.36.1
python-doc-pdf-2.7.13-28.36.1
python-gdbm-2.7.13-28.36.1
python-idle-2.7.13-28.36.1
python-tk-2.7.13-28.36.1
python-xml-2.7.13-28.36.1
SUSE Linux Enterprise Software Development Kit 12 SP4
python-devel-2.7.13-28.36.1
SUSE Linux Enterprise Workstation Extension 12 SP4
python-devel-2.7.13-28.36.1

Ссылки

Описание

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Затронутые продукты
Image SLES12-SP4-EC2-HVM-BYOS:libpython2_7-1_0-2.7.13-28.36.1
Image SLES12-SP4-EC2-HVM-BYOS:python-2.7.13-28.36.1
Image SLES12-SP4-EC2-HVM-BYOS:python-base-2.7.13-28.36.1
Image SLES12-SP4-EC2-HVM-BYOS:python-xml-2.7.13-28.36.1
Ссылки

Описание

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.

Затронутые продукты
Image SLES12-SP4-EC2-HVM-BYOS:libpython2_7-1_0-2.7.13-28.36.1
Image SLES12-SP4-EC2-HVM-BYOS:python-2.7.13-28.36.1
Image SLES12-SP4-EC2-HVM-BYOS:python-base-2.7.13-28.36.1
Image SLES12-SP4-EC2-HVM-BYOS:python-xml-2.7.13-28.36.1
Ссылки
Уязвимость SUSE-SU-2019:2748-1