Описание
Security update for python3
This update for python3 fixes the following issues:
Security issues fixed:
- CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825).
- CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367).
Non-security issue fixed:
- If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423).
Список пакетов
Container caasp/v4/389-ds:1.4.2
libpython3_6m1_0-3.6.10-3.47.2
python3-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
Container caasp/v4/hyperkube:v1.17.17
libpython3_6m1_0-3.6.10-3.47.2
python3-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
Container caasp/v4/k8s-sidecar:0.1.75
libpython3_6m1_0-3.6.10-3.47.2
python3-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
Container ses/6/cephcsi/cephcsi:latest
libpython3_6m1_0-3.6.10-3.47.2
python3-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
Container ses/6/rook/ceph:latest
libpython3_6m1_0-3.6.10-3.47.2
python3-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
Container ses/7/ceph/ceph:latest
libpython3_6m1_0-3.6.10-3.47.2
python3-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
python3-curses-3.6.10-3.47.2
Container ses/7/cephcsi/cephcsi:latest
libpython3_6m1_0-3.6.10-3.47.2
python3-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
python3-curses-3.6.10-3.47.2
Container ses/7/prometheus-webhook-snmp:latest
libpython3_6m1_0-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
Container ses/7/rook/ceph:latest
libpython3_6m1_0-3.6.10-3.47.2
python3-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
python3-curses-3.6.10-3.47.2
Container suse/sle-micro/5.0/toolbox:latest
libpython3_6m1_0-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
Container suse/sles/15.2/virt-handler:0.38.1
libpython3_6m1_0-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
Container suse/sles/15.2/virt-launcher:0.38.1
libpython3_6m1_0-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
SUSE Linux Enterprise Module for Basesystem 15 SP1
libpython3_6m1_0-3.6.10-3.47.2
python3-3.6.10-3.47.2
python3-base-3.6.10-3.47.2
python3-curses-3.6.10-3.47.2
python3-dbm-3.6.10-3.47.2
python3-devel-3.6.10-3.47.2
python3-idle-3.6.10-3.47.2
python3-tk-3.6.10-3.47.2
SUSE Linux Enterprise Module for Development Tools 15 SP1
python3-tools-3.6.10-3.47.2
Ссылки
- Link for SUSE-SU-2020:0467-1
- E-Mail link for SUSE-SU-2020:0467-1
- SUSE Security Ratings
- SUSE Bug 1162224
- SUSE Bug 1162367
- SUSE Bug 1162423
- SUSE Bug 1162825
- SUSE CVE CVE-2019-9674 page
- SUSE CVE CVE-2020-8492 page
Описание
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
Затронутые продукты
Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.10-3.47.2
Container caasp/v4/389-ds:1.4.2:python3-3.6.10-3.47.2
Container caasp/v4/389-ds:1.4.2:python3-base-3.6.10-3.47.2
Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.10-3.47.2
Ссылки
- CVE-2019-9674
- SUSE Bug 1162825
Описание
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
Затронутые продукты
Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.10-3.47.2
Container caasp/v4/389-ds:1.4.2:python3-3.6.10-3.47.2
Container caasp/v4/389-ds:1.4.2:python3-base-3.6.10-3.47.2
Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.10-3.47.2
Ссылки
- CVE-2020-8492
- SUSE Bug 1162367