SUSE-SU-2020:0467-1

Опубликовано: 25 фев. 2020

Источник: suse-cvrf

Описание

Security update for python3

This update for python3 fixes the following issues:

Security issues fixed:

CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825).
CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367).

Non-security issue fixed:

If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423).

Список пакетов

Container caasp/v4/389-ds:1.4.2

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Container caasp/v4/hyperkube:v1.17.17

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Container caasp/v4/k8s-sidecar:0.1.75

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Container ses/6/cephcsi/cephcsi:latest

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Container ses/6/rook/ceph:latest

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Container ses/7/ceph/ceph:latest

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Container ses/7/cephcsi/cephcsi:latest

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Container ses/7/prometheus-webhook-snmp:latest

libpython3_6m1_0-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Container ses/7/rook/ceph:latest

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Container suse/sle-micro/5.0/toolbox:latest

libpython3_6m1_0-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Container suse/sles/15.2/virt-handler:0.38.1

libpython3_6m1_0-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Container suse/sles/15.2/virt-launcher:0.38.1

libpython3_6m1_0-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-Azure-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-EC2-CHOST-HVM-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-EC2-HVM-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-GCE-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-OCI-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SAP-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SAP-Azure-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SAP-EC2-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SAP-EC2-HVM-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SAP-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SAP-GCE-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SAP-OCI-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-Azure-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-Azure-HPC-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-SP1-CAP-Deployment-BYOS-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-SP1-CHOST-BYOS-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-SP1-CHOST-BYOS-EC2

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-SP1-CHOST-BYOS-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-SP1-EC2-HPC-HVM-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-EC2-HVM-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-GCE-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-OCI-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAP-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAP-Azure-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAP-EC2-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAP-EC2-HVM-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAP-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAP-GCE-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAP-OCI-BYOS

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAPCAL-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAPCAL-EC2-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP1-SAPCAL-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-Azure-Basic

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-Azure-Standard

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-BYOS-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-BYOS-EC2-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-BYOS-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-CAP-Deployment-BYOS-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-SP2-CHOST-BYOS-Aliyun

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-SP2-CHOST-BYOS-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-SP2-CHOST-BYOS-EC2

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-SP2-CHOST-BYOS-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-SP2-EC2-ECS-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

Image SLES15-SP2-EC2-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-HPC-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-HPC-BYOS-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-HPC-BYOS-EC2-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-SAP-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-SAP-BYOS-Azure

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-SAP-BYOS-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-SAP-EC2-HVM

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

Image SLES15-SP2-SAP-GCE

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

SUSE Linux Enterprise Module for Basesystem 15 SP1

libpython3_6m1_0-3.6.10-3.47.2

python3-3.6.10-3.47.2

python3-base-3.6.10-3.47.2

python3-curses-3.6.10-3.47.2

python3-dbm-3.6.10-3.47.2

python3-devel-3.6.10-3.47.2

python3-idle-3.6.10-3.47.2

python3-tk-3.6.10-3.47.2

SUSE Linux Enterprise Module for Development Tools 15 SP1

python3-tools-3.6.10-3.47.2

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20200467-1/
Link for SUSE-SU-2020:0467-1
https://lists.suse.com/pipermail/sle-security-updates/2020-February/006520.html
E-Mail link for SUSE-SU-2020:0467-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1162224
SUSE Bug 1162224
https://bugzilla.suse.com/1162367
SUSE Bug 1162367
https://bugzilla.suse.com/1162423
SUSE Bug 1162423
https://bugzilla.suse.com/1162825
SUSE Bug 1162825
https://www.suse.com/security/cve/CVE-2019-9674/
SUSE CVE CVE-2019-9674 page
https://www.suse.com/security/cve/CVE-2020-8492/
SUSE CVE CVE-2020-8492 page

Описание

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

Затронутые продукты

Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.10-3.47.2

Container caasp/v4/389-ds:1.4.2:python3-3.6.10-3.47.2

Container caasp/v4/389-ds:1.4.2:python3-base-3.6.10-3.47.2

Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.10-3.47.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-9674.html
CVE-2019-9674
https://bugzilla.suse.com/1162825
SUSE Bug 1162825

Описание

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Затронутые продукты

Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.10-3.47.2

Container caasp/v4/389-ds:1.4.2:python3-3.6.10-3.47.2

Container caasp/v4/389-ds:1.4.2:python3-base-3.6.10-3.47.2

Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.10-3.47.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-8492.html
CVE-2020-8492
https://bugzilla.suse.com/1162367
SUSE Bug 1162367