SUSE-SU-2019:2748-2

Опубликовано: 12 нояб. 2019

Источник: suse-cvrf

Описание

Security update for python

This update for python fixes the following issues:

Security issue fixed:

CVE-2019-16056: Fixed a parser issue in the email module (bsc#1149955).
CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238).

Список пакетов

Image SLES12-SP4-EC2-HVM-BYOS

libpython2_7-1_0-2.7.13-28.36.1

python-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

Image SLES12-SP4-GCE-BYOS

libpython2_7-1_0-2.7.13-28.36.1

python-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

Image SLES12-SP4-OCI-BYOS

libpython2_7-1_0-2.7.13-28.36.1

python-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

Image SLES12-SP4-SAP-Azure

libpython2_7-1_0-2.7.13-28.36.1

python-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

Image SLES12-SP4-SAP-EC2-HVM

libpython2_7-1_0-2.7.13-28.36.1

python-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

libpython2_7-1_0-2.7.13-28.36.1

python-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

Image SLES12-SP4-SAP-GCE

libpython2_7-1_0-2.7.13-28.36.1

python-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

Image SLES12-SP4-SAP-GCE-BYOS

libpython2_7-1_0-2.7.13-28.36.1

python-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

Image SLES12-SP4-SAP-OCI-BYOS

libpython2_7-1_0-2.7.13-28.36.1

python-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

Image SLES12-SP5-OCI-BYOS-BYOS

libpython2_7-1_0-2.7.13-28.36.1

python-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

libpython2_7-1_0-2.7.13-28.36.1

python-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

SUSE Linux Enterprise Server 12 SP5

libpython2_7-1_0-2.7.13-28.36.1

libpython2_7-1_0-32bit-2.7.13-28.36.1

python-2.7.13-28.36.1

python-32bit-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-base-32bit-2.7.13-28.36.1

python-curses-2.7.13-28.36.1

python-demo-2.7.13-28.36.1

python-devel-2.7.13-28.36.1

python-doc-2.7.13-28.36.1

python-doc-pdf-2.7.13-28.36.1

python-gdbm-2.7.13-28.36.1

python-idle-2.7.13-28.36.1

python-tk-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libpython2_7-1_0-2.7.13-28.36.1

libpython2_7-1_0-32bit-2.7.13-28.36.1

python-2.7.13-28.36.1

python-32bit-2.7.13-28.36.1

python-base-2.7.13-28.36.1

python-base-32bit-2.7.13-28.36.1

python-curses-2.7.13-28.36.1

python-demo-2.7.13-28.36.1

python-devel-2.7.13-28.36.1

python-doc-2.7.13-28.36.1

python-doc-pdf-2.7.13-28.36.1

python-gdbm-2.7.13-28.36.1

python-idle-2.7.13-28.36.1

python-tk-2.7.13-28.36.1

python-xml-2.7.13-28.36.1

SUSE Linux Enterprise Workstation Extension 12 SP5

python-devel-2.7.13-28.36.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192748-2/
Link for SUSE-SU-2019:2748-2
https://lists.suse.com/pipermail/sle-security-updates/2019-November/006125.html
E-Mail link for SUSE-SU-2019:2748-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1149955
SUSE Bug 1149955
https://bugzilla.suse.com/1153238
SUSE Bug 1153238
https://www.suse.com/security/cve/CVE-2019-16056/
SUSE CVE CVE-2019-16056 page
https://www.suse.com/security/cve/CVE-2019-16935/
SUSE CVE CVE-2019-16935 page

Описание

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Затронутые продукты

Image SLES12-SP4-EC2-HVM-BYOS:libpython2_7-1_0-2.7.13-28.36.1

Image SLES12-SP4-EC2-HVM-BYOS:python-2.7.13-28.36.1

Image SLES12-SP4-EC2-HVM-BYOS:python-base-2.7.13-28.36.1

Image SLES12-SP4-EC2-HVM-BYOS:python-xml-2.7.13-28.36.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-16056.html
CVE-2019-16056
https://bugzilla.suse.com/1149955
SUSE Bug 1149955

Описание

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.

Затронутые продукты

Image SLES12-SP4-EC2-HVM-BYOS:libpython2_7-1_0-2.7.13-28.36.1

Image SLES12-SP4-EC2-HVM-BYOS:python-2.7.13-28.36.1

Image SLES12-SP4-EC2-HVM-BYOS:python-base-2.7.13-28.36.1

Image SLES12-SP4-EC2-HVM-BYOS:python-xml-2.7.13-28.36.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-16935.html
CVE-2019-16935
https://bugzilla.suse.com/1153238
SUSE Bug 1153238

SUSE-SU-2019:2748-2

Описание

Список пакетов

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

Image SLES12-SP5-OCI-BYOS-BYOS

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Workstation Extension 12 SP5

Ссылки

Уязвимость: CVE-2019-16056

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-16935

Описание

Затронутые продукты

Ссылки