SUSE-SU-2020:3597-1

Опубликовано: 02 дек. 2020

Источник: suse-cvrf

Описание

Security update for python

This update for python fixes the following issues:

Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916)

Список пакетов

Image SLES15-Azure-BYOS

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-EC2-HVM-BYOS

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-GCE-BYOS

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-OCI-BYOS

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SAP-Azure

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SAP-Azure-BYOS

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SAP-Azure-LI-BYOS-Production

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SAP-EC2-HVM

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SAP-EC2-HVM-BYOS

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SAP-GCE

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SAP-GCE-BYOS

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SAP-OCI-BYOS

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP1-SAPCAL-Azure

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP1-SAPCAL-EC2-HVM

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP1-SAPCAL-GCE

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP2-SAP-Azure

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

Image SLES15-SP2-SAP-BYOS-Azure

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP2-SAP-BYOS-GCE

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP2-SAP-EC2-HVM

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP2-SAP-GCE

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP3-EC2-HVM

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP3-SAP-Azure

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libpython2_7-1_0-2.7.17-7.47.1

python-base-2.7.17-7.47.1

Image SLES15-SP3-SAP-EC2-HVM

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP3-SAP-GCE

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP3-SAPCAL-Azure

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP3-SAPCAL-EC2-HVM

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Image SLES15-SP3-SAPCAL-GCE

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-curses-2.7.17-7.47.1

python-devel-2.7.17-7.47.1

python-gdbm-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-curses-2.7.17-7.47.1

python-devel-2.7.17-7.47.1

python-gdbm-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

SUSE Linux Enterprise Module for Basesystem 15 SP2

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP1

python-tk-2.7.17-7.47.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP2

python-tk-2.7.17-7.47.1

SUSE Linux Enterprise Module for Python 2 15 SP1

python-curses-2.7.17-7.47.1

python-devel-2.7.17-7.47.1

python-gdbm-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

SUSE Linux Enterprise Module for Python 2 15 SP2

python-curses-2.7.17-7.47.1

python-devel-2.7.17-7.47.1

python-gdbm-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

SUSE Linux Enterprise Server 15-LTSS

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-curses-2.7.17-7.47.1

python-devel-2.7.17-7.47.1

python-gdbm-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

SUSE Linux Enterprise Server for SAP Applications 15

libpython2_7-1_0-2.7.17-7.47.1

python-2.7.17-7.47.1

python-base-2.7.17-7.47.1

python-curses-2.7.17-7.47.1

python-devel-2.7.17-7.47.1

python-gdbm-2.7.17-7.47.1

python-xml-2.7.17-7.47.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20203597-1/
Link for SUSE-SU-2020:3597-1
https://lists.suse.com/pipermail/sle-security-updates/2020-December/007904.html
E-Mail link for SUSE-SU-2020:3597-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1176262
SUSE Bug 1176262
https://www.suse.com/security/cve/CVE-2019-20916/
SUSE CVE CVE-2019-20916 page

Описание

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

Затронутые продукты

Image SLES15-Azure-BYOS:libpython2_7-1_0-2.7.17-7.47.1

Image SLES15-Azure-BYOS:python-2.7.17-7.47.1

Image SLES15-Azure-BYOS:python-base-2.7.17-7.47.1

Image SLES15-Azure-BYOS:python-xml-2.7.17-7.47.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-20916.html
CVE-2019-20916
https://bugzilla.suse.com/1176262
SUSE Bug 1176262

SUSE-SU-2020:3597-1

Описание

Список пакетов

Image SLES15-Azure-BYOS

Image SLES15-EC2-HVM-BYOS

Image SLES15-GCE-BYOS

Image SLES15-OCI-BYOS

Image SLES15-SAP-Azure

Image SLES15-SAP-Azure-BYOS

Image SLES15-SAP-Azure-LI-BYOS-Production

Image SLES15-SAP-Azure-VLI-BYOS-Production

Image SLES15-SAP-EC2-HVM

Image SLES15-SAP-EC2-HVM-BYOS

Image SLES15-SAP-GCE

Image SLES15-SAP-GCE-BYOS

Image SLES15-SAP-OCI-BYOS

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

Image SLES15-SP1-SAPCAL-Azure

Image SLES15-SP1-SAPCAL-EC2-HVM

Image SLES15-SP1-SAPCAL-GCE

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP2-SAP-BYOS-EC2-HVM

Image SLES15-SP2-SAP-BYOS-GCE

Image SLES15-SP2-SAP-EC2-HVM

Image SLES15-SP2-SAP-GCE

Image SLES15-SP3-EC2-HVM

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

Image SLES15-SP3-SAP-Azure

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAP-EC2-HVM

Image SLES15-SP3-SAP-GCE

Image SLES15-SP3-SAPCAL-Azure

Image SLES15-SP3-SAPCAL-EC2-HVM

Image SLES15-SP3-SAPCAL-GCE

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Module for Basesystem 15 SP1

SUSE Linux Enterprise Module for Basesystem 15 SP2

SUSE Linux Enterprise Module for Desktop Applications 15 SP1

SUSE Linux Enterprise Module for Desktop Applications 15 SP2

SUSE Linux Enterprise Module for Python 2 15 SP1

SUSE Linux Enterprise Module for Python 2 15 SP2

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

Ссылки

Уязвимость: CVE-2019-20916

Описание

Затронутые продукты

Ссылки