Описание
Security update for python
This update for python fixes the following issues:
- python27 was upgraded to 2.7.18
- CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379).
Список пакетов
HPE Helion OpenStack 8
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
Image SLES12-SP4-EC2-HVM-BYOS
libpython2_7-1_0-2.7.18-28.67.1
python-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
Image SLES12-SP4-GCE-BYOS
libpython2_7-1_0-2.7.18-28.67.1
python-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
Image SLES12-SP4-SAP-Azure
libpython2_7-1_0-2.7.18-28.67.1
python-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
Image SLES12-SP4-SAP-EC2-HVM
libpython2_7-1_0-2.7.18-28.67.1
python-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libpython2_7-1_0-2.7.18-28.67.1
python-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
Image SLES12-SP4-SAP-GCE
libpython2_7-1_0-2.7.18-28.67.1
python-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
Image SLES12-SP4-SAP-GCE-BYOS
libpython2_7-1_0-2.7.18-28.67.1
python-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
Image SLES12-SP5-OCI-BYOS-BYOS
libpython2_7-1_0-2.7.18-28.67.1
python-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libpython2_7-1_0-2.7.18-28.67.1
python-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE Linux Enterprise Server 12 SP2-BCL
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE Linux Enterprise Server 12 SP3-BCL
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE Linux Enterprise Server 12 SP5
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE Linux Enterprise Workstation Extension 12 SP5
python-devel-2.7.18-28.67.1
SUSE OpenStack Cloud 7
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE OpenStack Cloud 8
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE OpenStack Cloud 9
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE OpenStack Cloud Crowbar 8
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
SUSE OpenStack Cloud Crowbar 9
libpython2_7-1_0-2.7.18-28.67.1
libpython2_7-1_0-32bit-2.7.18-28.67.1
python-2.7.18-28.67.1
python-32bit-2.7.18-28.67.1
python-base-2.7.18-28.67.1
python-base-32bit-2.7.18-28.67.1
python-curses-2.7.18-28.67.1
python-demo-2.7.18-28.67.1
python-devel-2.7.18-28.67.1
python-doc-2.7.18-28.67.1
python-doc-pdf-2.7.18-28.67.1
python-gdbm-2.7.18-28.67.1
python-idle-2.7.18-28.67.1
python-tk-2.7.18-28.67.1
python-xml-2.7.18-28.67.1
Ссылки
- Link for SUSE-SU-2021:0794-1
- E-Mail link for SUSE-SU-2021:0794-1
- SUSE Security Ratings
- SUSE Bug 1182379
- SUSE CVE CVE-2019-18348 page
- SUSE CVE CVE-2021-23336 page
Описание
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.
Затронутые продукты
HPE Helion OpenStack 8:libpython2_7-1_0-2.7.18-28.67.1
HPE Helion OpenStack 8:libpython2_7-1_0-32bit-2.7.18-28.67.1
HPE Helion OpenStack 8:python-2.7.18-28.67.1
HPE Helion OpenStack 8:python-32bit-2.7.18-28.67.1
Ссылки
- CVE-2019-18348
- SUSE Bug 1155094
Описание
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.
Затронутые продукты
HPE Helion OpenStack 8:libpython2_7-1_0-2.7.18-28.67.1
HPE Helion OpenStack 8:libpython2_7-1_0-32bit-2.7.18-28.67.1
HPE Helion OpenStack 8:python-2.7.18-28.67.1
HPE Helion OpenStack 8:python-32bit-2.7.18-28.67.1
Ссылки
- CVE-2021-23336
- SUSE Bug 1182179
- SUSE Bug 1182379
- SUSE Bug 1182433