Описание
Security update for python
This update for python fixes the following issues:
- CVE-2020-26116: Fixed CRLF injection via HTTP request method (bsc#1177211).
Список пакетов
Image SLES12-SP4-EC2-HVM-BYOS
libpython2_7-1_0-2.7.17-28.56.1
python-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
Image SLES12-SP4-GCE-BYOS
libpython2_7-1_0-2.7.17-28.56.1
python-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
Image SLES12-SP4-OCI-BYOS
libpython2_7-1_0-2.7.17-28.56.1
python-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
Image SLES12-SP4-SAP-Azure
libpython2_7-1_0-2.7.17-28.56.1
python-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
Image SLES12-SP4-SAP-EC2-HVM
libpython2_7-1_0-2.7.17-28.56.1
python-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libpython2_7-1_0-2.7.17-28.56.1
python-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
Image SLES12-SP4-SAP-GCE
libpython2_7-1_0-2.7.17-28.56.1
python-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
Image SLES12-SP4-SAP-GCE-BYOS
libpython2_7-1_0-2.7.17-28.56.1
python-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
Image SLES12-SP4-SAP-OCI-BYOS
libpython2_7-1_0-2.7.17-28.56.1
python-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
Image SLES12-SP5-OCI-BYOS-BYOS
libpython2_7-1_0-2.7.17-28.56.1
python-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libpython2_7-1_0-2.7.17-28.56.1
python-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
SUSE Enterprise Storage 5
python-strict-tls-check-2.7.17-28.56.1
SUSE Linux Enterprise Server 12 SP5
libpython2_7-1_0-2.7.17-28.56.1
libpython2_7-1_0-32bit-2.7.17-28.56.1
python-2.7.17-28.56.1
python-32bit-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-base-32bit-2.7.17-28.56.1
python-curses-2.7.17-28.56.1
python-demo-2.7.17-28.56.1
python-devel-2.7.17-28.56.1
python-doc-2.7.17-28.56.1
python-doc-pdf-2.7.17-28.56.1
python-gdbm-2.7.17-28.56.1
python-idle-2.7.17-28.56.1
python-tk-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython2_7-1_0-2.7.17-28.56.1
libpython2_7-1_0-32bit-2.7.17-28.56.1
python-2.7.17-28.56.1
python-32bit-2.7.17-28.56.1
python-base-2.7.17-28.56.1
python-base-32bit-2.7.17-28.56.1
python-curses-2.7.17-28.56.1
python-demo-2.7.17-28.56.1
python-devel-2.7.17-28.56.1
python-doc-2.7.17-28.56.1
python-doc-pdf-2.7.17-28.56.1
python-gdbm-2.7.17-28.56.1
python-idle-2.7.17-28.56.1
python-tk-2.7.17-28.56.1
python-xml-2.7.17-28.56.1
SUSE Linux Enterprise Workstation Extension 12 SP5
python-devel-2.7.17-28.56.1
Ссылки
- Link for SUSE-SU-2020:3121-1
- E-Mail link for SUSE-SU-2020:3121-1
- SUSE Security Ratings
- SUSE Bug 1177211
- SUSE CVE CVE-2020-26116 page
Описание
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
Затронутые продукты
Image SLES12-SP4-EC2-HVM-BYOS:libpython2_7-1_0-2.7.17-28.56.1
Image SLES12-SP4-EC2-HVM-BYOS:python-2.7.17-28.56.1
Image SLES12-SP4-EC2-HVM-BYOS:python-base-2.7.17-28.56.1
Image SLES12-SP4-EC2-HVM-BYOS:python-xml-2.7.17-28.56.1
Ссылки
- CVE-2020-26116
- SUSE Bug 1177120
- SUSE Bug 1177211
- SUSE Bug 1192361