SUSE-SU-2020:1822-1

Опубликовано: 02 июл. 2020

Источник: suse-cvrf

Описание

Security update for python3

This update for python3 fixes the following issues:

CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274).

Список пакетов

Container caasp/v4/389-ds:1.4.2

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

Container caasp/v4/hyperkube:v1.17.17

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

Container caasp/v4/k8s-sidecar:0.1.75

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

Container ses/6/cephcsi/cephcsi:latest

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

Container ses/6/rook/ceph:latest

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

Container ses/7/ceph/ceph:latest

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

python3-curses-3.6.10-3.56.1

Container ses/7/cephcsi/cephcsi:latest

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

python3-curses-3.6.10-3.56.1

Container ses/7/prometheus-webhook-snmp:latest

libpython3_6m1_0-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

Container ses/7/rook/ceph:latest

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

python3-curses-3.6.10-3.56.1

Container suse/sle-micro/5.0/toolbox:latest

libpython3_6m1_0-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

Container suse/sles/15.2/virt-handler:0.38.1

libpython3_6m1_0-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

Container suse/sles/15.2/virt-launcher:0.38.1

libpython3_6m1_0-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

python3-curses-3.6.10-3.56.1

python3-dbm-3.6.10-3.56.1

python3-devel-3.6.10-3.56.1

python3-idle-3.6.10-3.56.1

python3-tk-3.6.10-3.56.1

python3-tools-3.6.10-3.56.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

python3-curses-3.6.10-3.56.1

python3-dbm-3.6.10-3.56.1

python3-devel-3.6.10-3.56.1

python3-idle-3.6.10-3.56.1

python3-tk-3.6.10-3.56.1

python3-tools-3.6.10-3.56.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

python3-curses-3.6.10-3.56.1

python3-dbm-3.6.10-3.56.1

python3-devel-3.6.10-3.56.1

python3-idle-3.6.10-3.56.1

python3-testsuite-3.6.10-3.56.1

python3-tk-3.6.10-3.56.1

SUSE Linux Enterprise Module for Basesystem 15 SP2

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

python3-curses-3.6.10-3.56.1

python3-dbm-3.6.10-3.56.1

python3-devel-3.6.10-3.56.1

python3-idle-3.6.10-3.56.1

python3-tk-3.6.10-3.56.1

SUSE Linux Enterprise Module for Development Tools 15 SP1

python3-tools-3.6.10-3.56.1

SUSE Linux Enterprise Module for Development Tools 15 SP2

python3-tools-3.6.10-3.56.1

SUSE Linux Enterprise Server 15-LTSS

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

python3-curses-3.6.10-3.56.1

python3-dbm-3.6.10-3.56.1

python3-devel-3.6.10-3.56.1

python3-idle-3.6.10-3.56.1

python3-tk-3.6.10-3.56.1

python3-tools-3.6.10-3.56.1

SUSE Linux Enterprise Server for SAP Applications 15

libpython3_6m1_0-3.6.10-3.56.1

python3-3.6.10-3.56.1

python3-base-3.6.10-3.56.1

python3-curses-3.6.10-3.56.1

python3-dbm-3.6.10-3.56.1

python3-devel-3.6.10-3.56.1

python3-idle-3.6.10-3.56.1

python3-tk-3.6.10-3.56.1

python3-tools-3.6.10-3.56.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201822-1/
Link for SUSE-SU-2020:1822-1
https://lists.suse.com/pipermail/sle-security-updates/2020-July/007067.html
E-Mail link for SUSE-SU-2020:1822-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1173274
SUSE Bug 1173274
https://www.suse.com/security/cve/CVE-2020-14422/
SUSE CVE CVE-2020-14422 page

Описание

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

Затронутые продукты

Container caasp/v4/389-ds:1.4.2:libpython3_6m1_0-3.6.10-3.56.1

Container caasp/v4/389-ds:1.4.2:python3-3.6.10-3.56.1

Container caasp/v4/389-ds:1.4.2:python3-base-3.6.10-3.56.1

Container caasp/v4/hyperkube:v1.17.17:libpython3_6m1_0-3.6.10-3.56.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-14422.html
CVE-2020-14422
https://bugzilla.suse.com/1173274
SUSE Bug 1173274

SUSE-SU-2020:1822-1

Описание

Список пакетов

Container caasp/v4/389-ds:1.4.2

Container caasp/v4/hyperkube:v1.17.17

Container caasp/v4/k8s-sidecar:0.1.75

Container ses/6/cephcsi/cephcsi:latest

Container ses/6/rook/ceph:latest

Container ses/7/ceph/ceph:latest

Container ses/7/cephcsi/cephcsi:latest

Container ses/7/prometheus-webhook-snmp:latest

Container ses/7/rook/ceph:latest

Container suse/sle-micro/5.0/toolbox:latest

Container suse/sles/15.2/virt-handler:0.38.1

Container suse/sles/15.2/virt-launcher:0.38.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Module for Basesystem 15 SP1

SUSE Linux Enterprise Module for Basesystem 15 SP2

SUSE Linux Enterprise Module for Development Tools 15 SP1

SUSE Linux Enterprise Module for Development Tools 15 SP2

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

Ссылки

Уязвимость: CVE-2020-14422

Описание

Затронутые продукты

Ссылки