Описание
Security update for python
This update for python fixes the following issues:
- CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091).
Список пакетов
Image SLES12-SP4-EC2-HVM-BYOS
libpython2_7-1_0-2.7.17-28.48.1
python-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
Image SLES12-SP4-GCE-BYOS
libpython2_7-1_0-2.7.17-28.48.1
python-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
Image SLES12-SP4-OCI-BYOS
libpython2_7-1_0-2.7.17-28.48.1
python-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
Image SLES12-SP4-SAP-Azure
libpython2_7-1_0-2.7.17-28.48.1
python-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
Image SLES12-SP4-SAP-EC2-HVM
libpython2_7-1_0-2.7.17-28.48.1
python-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libpython2_7-1_0-2.7.17-28.48.1
python-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
Image SLES12-SP4-SAP-GCE
libpython2_7-1_0-2.7.17-28.48.1
python-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
Image SLES12-SP4-SAP-GCE-BYOS
libpython2_7-1_0-2.7.17-28.48.1
python-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
Image SLES12-SP4-SAP-OCI-BYOS
libpython2_7-1_0-2.7.17-28.48.1
python-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
Image SLES12-SP5-OCI-BYOS-BYOS
libpython2_7-1_0-2.7.17-28.48.1
python-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libpython2_7-1_0-2.7.17-28.48.1
python-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
SUSE Enterprise Storage 5
python-strict-tls-check-2.7.17-28.48.1
SUSE Linux Enterprise Server 12 SP5
libpython2_7-1_0-2.7.17-28.48.1
libpython2_7-1_0-32bit-2.7.17-28.48.1
python-2.7.17-28.48.1
python-32bit-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-base-32bit-2.7.17-28.48.1
python-curses-2.7.17-28.48.1
python-demo-2.7.17-28.48.1
python-devel-2.7.17-28.48.1
python-doc-2.7.17-28.48.1
python-doc-pdf-2.7.17-28.48.1
python-gdbm-2.7.17-28.48.1
python-idle-2.7.17-28.48.1
python-tk-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython2_7-1_0-2.7.17-28.48.1
libpython2_7-1_0-32bit-2.7.17-28.48.1
python-2.7.17-28.48.1
python-32bit-2.7.17-28.48.1
python-base-2.7.17-28.48.1
python-base-32bit-2.7.17-28.48.1
python-curses-2.7.17-28.48.1
python-demo-2.7.17-28.48.1
python-devel-2.7.17-28.48.1
python-doc-2.7.17-28.48.1
python-doc-pdf-2.7.17-28.48.1
python-gdbm-2.7.17-28.48.1
python-idle-2.7.17-28.48.1
python-tk-2.7.17-28.48.1
python-xml-2.7.17-28.48.1
SUSE Linux Enterprise Workstation Extension 12 SP5
python-devel-2.7.17-28.48.1
Ссылки
- Link for SUSE-SU-2020:2275-1
- E-Mail link for SUSE-SU-2020:2275-1
- SUSE Security Ratings
- SUSE Bug 1174091
- SUSE CVE CVE-2019-20907 page
Описание
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
Затронутые продукты
Image SLES12-SP4-EC2-HVM-BYOS:libpython2_7-1_0-2.7.17-28.48.1
Image SLES12-SP4-EC2-HVM-BYOS:python-2.7.17-28.48.1
Image SLES12-SP4-EC2-HVM-BYOS:python-base-2.7.17-28.48.1
Image SLES12-SP4-EC2-HVM-BYOS:python-xml-2.7.17-28.48.1
Ссылки
- CVE-2019-20907
- SUSE Bug 1174091