Описание
Security update for python3
This update for python3 fixes the following issues:
Update to 3.4.10 (jsc#SLE-9427, bsc#1159208) from 3.4.6:
Security issues fixed:
- Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063
- CVE-2017-1000158: Fix an integer overflow in thePyString_DecodeEscape function in stringobject.c, resulting in heap-based bufferoverflow (bsc#1068664).
Список пакетов
HPE Helion OpenStack 8
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
Image SLES12-SP4-Azure-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP4-EC2-HVM-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP4-GCE-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP4-OCI-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP4-SAP-Azure
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP4-SAP-Azure-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP4-SAP-EC2-HVM
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP4-SAP-GCE
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP4-SAP-GCE-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP4-SAP-OCI-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP5-Azure-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP5-Azure-Basic-On-Demand
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP5-Azure-HPC-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP5-Azure-HPC-On-Demand
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP5-Azure-SAP-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP5-Azure-SAP-On-Demand
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP5-Azure-Standard-On-Demand
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP5-EC2-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP5-EC2-ECS-On-Demand
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP5-EC2-On-Demand
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP5-EC2-SAP-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP5-EC2-SAP-On-Demand
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP5-GCE-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP5-GCE-On-Demand
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP5-GCE-SAP-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP5-GCE-SAP-On-Demand
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP5-OCI-BYOS-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
SUSE Enterprise Storage 5
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
SUSE Linux Enterprise Desktop 12 SP4
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
SUSE Linux Enterprise Module for Web and Scripting 12
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
SUSE Linux Enterprise Server 12 SP1-LTSS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
SUSE Linux Enterprise Server 12 SP2-BCL
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
SUSE Linux Enterprise Server 12 SP2-LTSS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
SUSE Linux Enterprise Server 12 SP3-BCL
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
SUSE Linux Enterprise Server 12 SP3-LTSS
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
SUSE Linux Enterprise Server 12 SP4
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
SUSE Linux Enterprise Server 12 SP5
libpython3_4m1_0-3.4.10-25.39.2
libpython3_4m1_0-32bit-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-tk-3.4.10-25.39.3
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython3_4m1_0-3.4.10-25.39.2
libpython3_4m1_0-32bit-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-tk-3.4.10-25.39.3
SUSE Linux Enterprise Software Development Kit 12 SP4
python3-dbm-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
SUSE Linux Enterprise Software Development Kit 12 SP5
python3-dbm-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
SUSE OpenStack Cloud 7
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
SUSE OpenStack Cloud 8
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
SUSE OpenStack Cloud Crowbar 8
libpython3_4m1_0-3.4.10-25.39.2
python3-3.4.10-25.39.3
python3-base-3.4.10-25.39.2
python3-curses-3.4.10-25.39.3
python3-devel-3.4.10-25.39.2
Ссылки
- Link for SUSE-SU-2020:0497-1
- E-Mail link for SUSE-SU-2020:0497-1
- SUSE Security Ratings
- SUSE Bug 1068664
- SUSE Bug 1159208
- SUSE Bug 1159623
- SUSE CVE CVE-2012-0876 page
- SUSE CVE CVE-2016-0718 page
- SUSE CVE CVE-2016-4472 page
- SUSE CVE CVE-2016-9063 page
- SUSE CVE CVE-2017-1000158 page
- SUSE CVE CVE-2017-9233 page
Описание
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
Затронутые продукты
HPE Helion OpenStack 8:libpython3_4m1_0-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-3.4.10-25.39.3
HPE Helion OpenStack 8:python3-base-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-curses-3.4.10-25.39.3
Ссылки
- CVE-2012-0876
- SUSE Bug 750914
- SUSE Bug 751464
- SUSE Bug 751465
- SUSE Bug 983215
- SUSE Bug 983216
Описание
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Затронутые продукты
HPE Helion OpenStack 8:libpython3_4m1_0-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-3.4.10-25.39.3
HPE Helion OpenStack 8:python3-base-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-curses-3.4.10-25.39.3
Ссылки
- CVE-2016-0718
- SUSE Bug 979441
- SUSE Bug 991809
Описание
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
Затронутые продукты
HPE Helion OpenStack 8:libpython3_4m1_0-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-3.4.10-25.39.3
HPE Helion OpenStack 8:python3-base-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-curses-3.4.10-25.39.3
Ссылки
- CVE-2016-4472
- SUSE Bug 1034050
- SUSE Bug 939077
- SUSE Bug 980391
- SUSE Bug 983985
Описание
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
Затронутые продукты
HPE Helion OpenStack 8:libpython3_4m1_0-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-3.4.10-25.39.3
HPE Helion OpenStack 8:python3-base-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-curses-3.4.10-25.39.3
Ссылки
- CVE-2016-9063
- SUSE Bug 1009026
- SUSE Bug 1010424
- SUSE Bug 1047240
- SUSE Bug 1123115
Описание
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
Затронутые продукты
HPE Helion OpenStack 8:libpython3_4m1_0-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-3.4.10-25.39.3
HPE Helion OpenStack 8:python3-base-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-curses-3.4.10-25.39.3
Ссылки
- CVE-2017-1000158
- SUSE Bug 1068664
Описание
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Затронутые продукты
HPE Helion OpenStack 8:libpython3_4m1_0-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-3.4.10-25.39.3
HPE Helion OpenStack 8:python3-base-3.4.10-25.39.2
HPE Helion OpenStack 8:python3-curses-3.4.10-25.39.3
Ссылки
- CVE-2017-9233
- SUSE Bug 1030296
- SUSE Bug 1047236
- SUSE Bug 1073350
- SUSE Bug 1123115
- SUSE Bug 983216