Описание
Security update for python
This update for python to version 2.7.17 fixes the following issues:
Syncing with lots of upstream bug fixes and security fixes.
Bug fixes:
- CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825).
- CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094).
- CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367).
- Fixed mismatches between libpython and python-base versions (bsc#1162224).
- Fixed segfault in libpython2.7.so.1 (bsc#1073748).
- Unified packages among openSUSE:Factory and SLE versions (bsc#1159035).
- Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830).
- Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401).
- Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894).
Additionally a new 'shared-python-startup' package is provided containing startup files.
python-rpm-macros was updated to fix:
- Do not write .pyc files for tests (bsc#1171561)
Список пакетов
HPE Helion OpenStack 8
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
Image SLES12-SP4-EC2-HVM-BYOS
libpython2_7-1_0-2.7.17-28.42.1
python-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
Image SLES12-SP4-GCE-BYOS
libpython2_7-1_0-2.7.17-28.42.1
python-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
Image SLES12-SP4-OCI-BYOS
libpython2_7-1_0-2.7.17-28.42.1
python-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-xml-2.7.17-28.42.1
Image SLES12-SP4-SAP-Azure
libpython2_7-1_0-2.7.17-28.42.1
python-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
Image SLES12-SP4-SAP-EC2-HVM
libpython2_7-1_0-2.7.17-28.42.1
python-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libpython2_7-1_0-2.7.17-28.42.1
python-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
Image SLES12-SP4-SAP-GCE
libpython2_7-1_0-2.7.17-28.42.1
python-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
Image SLES12-SP4-SAP-GCE-BYOS
libpython2_7-1_0-2.7.17-28.42.1
python-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
Image SLES12-SP4-SAP-OCI-BYOS
libpython2_7-1_0-2.7.17-28.42.1
python-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-xml-2.7.17-28.42.1
Image SLES12-SP5-OCI-BYOS-BYOS
libpython2_7-1_0-2.7.17-28.42.1
python-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libpython2_7-1_0-2.7.17-28.42.1
python-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
SUSE Enterprise Storage 5
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-strict-tls-check-2.7.17-28.42.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server 12 SP2-BCL
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server 12 SP3-BCL
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server 12 SP4
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server 12 SP5
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE Linux Enterprise Software Development Kit 12 SP4
python-devel-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
SUSE Linux Enterprise Software Development Kit 12 SP5
python-rpm-macros-20200207.5feb6c1-3.19.1
SUSE Linux Enterprise Workstation Extension 12 SP4
python-devel-2.7.17-28.42.1
SUSE Linux Enterprise Workstation Extension 12 SP5
python-devel-2.7.17-28.42.1
SUSE OpenStack Cloud 7
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE OpenStack Cloud 8
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
SUSE OpenStack Cloud Crowbar 8
libpython2_7-1_0-2.7.17-28.42.1
libpython2_7-1_0-32bit-2.7.17-28.42.1
python-2.7.17-28.42.1
python-32bit-2.7.17-28.42.1
python-base-2.7.17-28.42.1
python-base-32bit-2.7.17-28.42.1
python-curses-2.7.17-28.42.1
python-demo-2.7.17-28.42.1
python-devel-2.7.17-28.42.1
python-doc-2.7.17-28.42.1
python-doc-pdf-2.7.17-28.42.1
python-gdbm-2.7.17-28.42.1
python-idle-2.7.17-28.42.1
python-rpm-macros-20200207.5feb6c1-3.19.1
python-tk-2.7.17-28.42.1
python-xml-2.7.17-28.42.1
shared-python-startup-0.1-1.3.1
Ссылки
- Link for SUSE-SU-2020:1524-1
- E-Mail link for SUSE-SU-2020:1524-1
- SUSE Security Ratings
- SUSE Bug 1027282
- SUSE Bug 1041090
- SUSE Bug 1042670
- SUSE Bug 1073269
- SUSE Bug 1073748
- SUSE Bug 1078326
- SUSE Bug 1078485
- SUSE Bug 1081750
- SUSE Bug 1084650
- SUSE Bug 1086001
- SUSE Bug 1149792
- SUSE Bug 1153830
- SUSE Bug 1155094
- SUSE Bug 1159035
- SUSE Bug 1162224
- SUSE Bug 1162367
- SUSE Bug 1162825
Описание
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.
Затронутые продукты
HPE Helion OpenStack 8:libpython2_7-1_0-2.7.17-28.42.1
HPE Helion OpenStack 8:libpython2_7-1_0-32bit-2.7.17-28.42.1
HPE Helion OpenStack 8:python-2.7.17-28.42.1
HPE Helion OpenStack 8:python-32bit-2.7.17-28.42.1
Ссылки
- CVE-2019-18348
- SUSE Bug 1155094
Описание
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
Затронутые продукты
HPE Helion OpenStack 8:libpython2_7-1_0-2.7.17-28.42.1
HPE Helion OpenStack 8:libpython2_7-1_0-32bit-2.7.17-28.42.1
HPE Helion OpenStack 8:python-2.7.17-28.42.1
HPE Helion OpenStack 8:python-32bit-2.7.17-28.42.1
Ссылки
- CVE-2019-9674
- SUSE Bug 1162825
Описание
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
Затронутые продукты
HPE Helion OpenStack 8:libpython2_7-1_0-2.7.17-28.42.1
HPE Helion OpenStack 8:libpython2_7-1_0-32bit-2.7.17-28.42.1
HPE Helion OpenStack 8:python-2.7.17-28.42.1
HPE Helion OpenStack 8:python-32bit-2.7.17-28.42.1
Ссылки
- CVE-2020-8492
- SUSE Bug 1162367