Описание
Security update for python-reportlab
This update for python-reportlab fixes the following issues:
- CVE-2019-17626: Fixed a potential remote code execution because of the lack of input sanitization in toColor() (bsc#1154370).
Список пакетов
SUSE Linux Enterprise Workstation Extension 12 SP4
python-reportlab-2.7-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5
python-reportlab-2.7-3.3.1
Ссылки
- Link for SUSE-SU-2020:0324-1
- E-Mail link for SUSE-SU-2020:0324-1
- SUSE Security Ratings
- SUSE Bug 1154370
- SUSE CVE CVE-2019-17626 page
Описание
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
Затронутые продукты
SUSE Linux Enterprise Workstation Extension 12 SP4:python-reportlab-2.7-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5:python-reportlab-2.7-3.3.1
Ссылки
- CVE-2019-17626
- SUSE Bug 1154370
- SUSE Bug 1215560