SUSE-SU-2020:3566-1

Опубликовано: 30 нояб. 2020

Источник: suse-cvrf

Описание

Security update for python-setuptools

This update for python-setuptools fixes the following issues:

Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)

Список пакетов

Container bci/python:3

python3-setuptools-40.5.0-6.3.1

Container caasp/v4/389-ds:1.4.2

python3-setuptools-40.5.0-6.3.1

Container caasp/v4/k8s-sidecar:0.1.75

python3-setuptools-40.5.0-6.3.1

Container ses/6/cephcsi/cephcsi:latest

python3-setuptools-40.5.0-6.3.1

Container ses/6/rook/ceph:latest

python3-setuptools-40.5.0-6.3.1

Container ses/7.1/cephcsi/cephcsi:latest

python3-setuptools-40.5.0-6.3.1

Container ses/7.1/rook/ceph:latest

python3-setuptools-40.5.0-6.3.1

Container ses/7/cephcsi/cephcsi:latest

python3-setuptools-40.5.0-6.3.1

Container ses/7/rook/ceph:latest

python3-setuptools-40.5.0-6.3.1

Container suse/sles/15.3/virt-launcher:0.45.0

python3-setuptools-40.5.0-6.3.1

Container trento/trento-runner:latest

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-Azure-BYOS

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-Azure-HPC-BYOS

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-CAP-Deployment-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-CHOST-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-CHOST-BYOS-EC2

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-CHOST-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-EC2-HPC-HVM-BYOS

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-EC2-HVM-BYOS

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-GCE-BYOS

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-OCI-BYOS

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAP-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAP-Azure-BYOS

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAP-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAP-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAP-GCE-BYOS

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAP-OCI-BYOS

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAPCAL-Azure

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAPCAL-EC2-HVM

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP1-SAPCAL-GCE

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-Azure-Basic

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-Azure-Standard

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-BYOS-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-CAP-Deployment-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-CHOST-BYOS-Aliyun

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-CHOST-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-CHOST-BYOS-EC2

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-CHOST-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-EC2-ECS-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-HPC-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-HPC-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-SAP-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-SAP-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-SAP-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-SAP-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP2-SAP-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-BYOS-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-CHOST-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-CHOST-BYOS-EC2

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-CHOST-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-EC2-ECS-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-EC2-HVM

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-HPC-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-HPC-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-HPC-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-Micro-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-SAP-Azure

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-SAP-BYOS-Azure

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-SAP-BYOS-GCE

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-SAP-EC2-HVM

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-SAP-GCE

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-SAPCAL-Azure

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-SAPCAL-EC2-HVM

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

Image SLES15-SP3-SAPCAL-GCE

python2-setuptools-40.5.0-6.3.1

python3-setuptools-40.5.0-6.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

python3-setuptools-40.5.0-6.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP2

python3-setuptools-40.5.0-6.3.1

SUSE Linux Enterprise Module for Python 2 15 SP1

python2-setuptools-40.5.0-6.3.1

SUSE Linux Enterprise Module for Python 2 15 SP2

python2-setuptools-40.5.0-6.3.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20203566-1/
Link for SUSE-SU-2020:3566-1
https://lists.suse.com/pipermail/sle-security-updates/2020-November/007890.html
E-Mail link for SUSE-SU-2020:3566-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1176262
SUSE Bug 1176262
https://www.suse.com/security/cve/CVE-2019-20916/
SUSE CVE CVE-2019-20916 page

Описание

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

Затронутые продукты

Container bci/python:3:python3-setuptools-40.5.0-6.3.1

Container caasp/v4/389-ds:1.4.2:python3-setuptools-40.5.0-6.3.1

Container caasp/v4/k8s-sidecar:0.1.75:python3-setuptools-40.5.0-6.3.1

Container ses/6/cephcsi/cephcsi:latest:python3-setuptools-40.5.0-6.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-20916.html
CVE-2019-20916
https://bugzilla.suse.com/1176262
SUSE Bug 1176262