Описание
Security update for python36
This update for python36 fixes the following issues:
Security issues fixed:
- CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825).
- CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367).
Non-security issue fixed:
- If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423).
Список пакетов
Image SLES12-SP5-Azure-BYOS
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-Azure-Basic-On-Demand
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-Azure-HPC-BYOS
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-Azure-HPC-On-Demand
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-Azure-SAP-BYOS
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-Azure-SAP-On-Demand
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-Azure-Standard-On-Demand
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-EC2-BYOS
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-EC2-ECS-On-Demand
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-EC2-On-Demand
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-EC2-SAP-BYOS
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-EC2-SAP-On-Demand
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-GCE-BYOS
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-GCE-On-Demand
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-GCE-SAP-BYOS
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-GCE-SAP-On-Demand
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython3_6m1_0-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
SUSE Linux Enterprise Server 12 SP5
libpython3_6m1_0-3.6.10-4.6.1
python36-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython3_6m1_0-3.6.10-4.6.1
python36-3.6.10-4.6.1
python36-base-3.6.10-4.6.1
Ссылки
- Link for SUSE-SU-2020:0557-1
- E-Mail link for SUSE-SU-2020:0557-1
- SUSE Security Ratings
- SUSE Bug 1162367
- SUSE Bug 1162423
- SUSE Bug 1162825
- SUSE CVE CVE-2019-9674 page
- SUSE CVE CVE-2020-8492 page
Описание
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython3_6m1_0-3.6.10-4.6.1
Image SLES12-SP5-Azure-BYOS:python36-base-3.6.10-4.6.1
Image SLES12-SP5-Azure-Basic-On-Demand:libpython3_6m1_0-3.6.10-4.6.1
Image SLES12-SP5-Azure-Basic-On-Demand:python36-base-3.6.10-4.6.1
Ссылки
- CVE-2019-9674
- SUSE Bug 1162825
Описание
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython3_6m1_0-3.6.10-4.6.1
Image SLES12-SP5-Azure-BYOS:python36-base-3.6.10-4.6.1
Image SLES12-SP5-Azure-Basic-On-Demand:libpython3_6m1_0-3.6.10-4.6.1
Image SLES12-SP5-Azure-Basic-On-Demand:python36-base-3.6.10-4.6.1
Ссылки
- CVE-2020-8492
- SUSE Bug 1162367