Описание
Security update for python
This update for python fixes the following security issue:
- CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
libpython2_6-1_0-2.6.9-40.35.1
python-2.6.9-40.35.2
python-base-2.6.9-40.35.1
python-curses-2.6.9-40.35.2
python-demo-2.6.9-40.35.2
python-doc-2.6-8.40.35.1
python-doc-pdf-2.6-8.40.35.1
python-gdbm-2.6.9-40.35.2
python-idle-2.6.9-40.35.2
python-tk-2.6.9-40.35.2
python-xml-2.6.9-40.35.1
SUSE Linux Enterprise Server 11 SP4-LTSS
libpython2_6-1_0-2.6.9-40.35.1
libpython2_6-1_0-32bit-2.6.9-40.35.1
python-2.6.9-40.35.2
python-32bit-2.6.9-40.35.2
python-base-2.6.9-40.35.1
python-base-32bit-2.6.9-40.35.1
python-curses-2.6.9-40.35.2
python-demo-2.6.9-40.35.2
python-doc-2.6-8.40.35.1
python-doc-pdf-2.6-8.40.35.1
python-gdbm-2.6.9-40.35.2
python-idle-2.6.9-40.35.2
python-tk-2.6.9-40.35.2
python-xml-2.6.9-40.35.1
Ссылки
- Link for SUSE-SU-2020:14306-1
- E-Mail link for SUSE-SU-2020:14306-1
- SUSE Security Ratings
- SUSE Bug 1162367
- SUSE CVE CVE-2020-8492 page
Описание
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libpython2_6-1_0-2.6.9-40.35.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-2.6.9-40.35.2
SUSE Linux Enterprise Point of Sale 11 SP3:python-base-2.6.9-40.35.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-curses-2.6.9-40.35.2
Ссылки
- CVE-2020-8492
- SUSE Bug 1162367