SUSE-SU-2019:2802-1

Опубликовано: 29 окт. 2019

Источник: suse-cvrf

Описание

Security update for python3

This update for python3 to 3.6.9 fixes the following issues:

Security issues fixed:

CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)
CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py (bsc#1153238).

Non-security issues fixed:

Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL. (bsc#1151490)
Improved locale handling by implementing PEP 538.

Список пакетов

Container caasp/v4/389-ds:1.4.2

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Container caasp/v4/hyperkube:v1.17.17

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Container caasp/v4/k8s-sidecar:0.1.75

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Container ses/6/cephcsi/cephcsi:latest

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Container ses/6/rook/ceph:latest

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Container ses/7/ceph/ceph:latest

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Container ses/7/cephcsi/cephcsi:latest

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Container ses/7/prometheus-webhook-snmp:latest

libpython3_6m1_0-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Container ses/7/rook/ceph:latest

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Container suse/sle-micro/5.0/toolbox:latest

libpython3_6m1_0-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Container suse/sles/15.2/virt-handler:0.38.1

libpython3_6m1_0-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Container suse/sles/15.2/virt-launcher:0.38.1

libpython3_6m1_0-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-Azure-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-EC2-CHOST-HVM-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-EC2-HVM-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-GCE-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-OCI-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SAP-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SAP-Azure-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SAP-EC2-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SAP-EC2-HVM-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SAP-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SAP-GCE-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SAP-OCI-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-Azure-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-Azure-HPC-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-SP1-CAP-Deployment-BYOS-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-SP1-CHOST-BYOS-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-SP1-CHOST-BYOS-EC2

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-SP1-CHOST-BYOS-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-SP1-EC2-HPC-HVM-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-EC2-HVM-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-GCE-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-OCI-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAP-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAP-Azure-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAP-EC2-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAP-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAP-GCE-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAP-OCI-BYOS

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAPCAL-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAPCAL-EC2-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP1-SAPCAL-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-Azure-Basic

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-Azure-Standard

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-BYOS-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-BYOS-EC2-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-BYOS-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-CAP-Deployment-BYOS-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-SP2-CHOST-BYOS-Aliyun

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-SP2-CHOST-BYOS-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-SP2-CHOST-BYOS-EC2

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-SP2-CHOST-BYOS-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-SP2-EC2-ECS-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

Image SLES15-SP2-EC2-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-HPC-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-HPC-BYOS-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-SAP-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-SAP-BYOS-Azure

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-SAP-BYOS-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-SAP-EC2-HVM

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

Image SLES15-SP2-SAP-GCE

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

SUSE Linux Enterprise Module for Basesystem 15

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

python3-dbm-3.6.9-3.39.1

python3-devel-3.6.9-3.39.1

python3-idle-3.6.9-3.39.1

python3-tk-3.6.9-3.39.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

libpython3_6m1_0-3.6.9-3.39.1

python3-3.6.9-3.39.1

python3-base-3.6.9-3.39.1

python3-curses-3.6.9-3.39.1

python3-dbm-3.6.9-3.39.1

python3-devel-3.6.9-3.39.1

python3-idle-3.6.9-3.39.1

python3-tk-3.6.9-3.39.1

SUSE Linux Enterprise Module for Development Tools 15

python3-tools-3.6.9-3.39.1

SUSE Linux Enterprise Module for Development Tools 15 SP1

python3-tools-3.6.9-3.39.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192802-1/
Link for SUSE-SU-2019:2802-1
https://lists.suse.com/pipermail/sle-security-updates/2019-October/006065.html
E-Mail link for SUSE-SU-2019:2802-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1149121
SUSE Bug 1149121
https://bugzilla.suse.com/1149792
SUSE Bug 1149792
https://bugzilla.suse.com/1149955
SUSE Bug 1149955
https://bugzilla.suse.com/1151490
SUSE Bug 1151490
https://bugzilla.suse.com/1153238
SUSE Bug 1153238
https://www.suse.com/security/cve/CVE-2019-16056/
SUSE CVE CVE-2019-16056 page
https://www.suse.com/security/cve/CVE-2019-16935/
SUSE CVE CVE-2019-16935 page
https://bugzilla.suse.com/PM-1350
SUSE Bug PM-1350
https://bugzilla.suse.com/SLE-9426
SUSE Bug SLE-9426

Описание

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Затронутые продукты

Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.9-3.39.1

Container caasp/v4/389-ds:1.4.2:python3-3.6.9-3.39.1

Container caasp/v4/389-ds:1.4.2:python3-base-3.6.9-3.39.1

Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.9-3.39.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-16056.html
CVE-2019-16056
https://bugzilla.suse.com/1149955
SUSE Bug 1149955

Описание

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.

Затронутые продукты

Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.9-3.39.1

Container caasp/v4/389-ds:1.4.2:python3-3.6.9-3.39.1

Container caasp/v4/389-ds:1.4.2:python3-base-3.6.9-3.39.1

Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.9-3.39.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-16935.html
CVE-2019-16935
https://bugzilla.suse.com/1153238
SUSE Bug 1153238