Описание
Security update for python-lxml
This update for python-lxml fixes the following issues:
- CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088).
- CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177).
- CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752).
- CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534).
Список пакетов
Container ses/7.1/cephcsi/cephcsi:latest
python3-lxml-4.7.1-3.7.1
Container ses/7.1/rook/ceph:latest
python3-lxml-4.7.1-3.7.1
Container ses/7/cephcsi/cephcsi:latest
python3-lxml-4.7.1-3.7.1
Container ses/7/rook/ceph:latest
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-BYOS-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-HPC-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-SAP-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-SAP-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-SAP-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-SAP-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP2-SAP-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-BYOS-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-CHOST-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-CHOST-BYOS-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-CHOST-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-EC2-ECS-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-HPC-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-HPC-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-HPC-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-SAP-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-SAP-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-SAP-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-SAP-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-SAP-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-SAPCAL-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-SAPCAL-EC2-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP3-SAPCAL-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Azure-Basic
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Azure-Standard
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-BYOS-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-CHOST-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-CHOST-BYOS-Aliyun
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-CHOST-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-CHOST-BYOS-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-CHOST-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-EC2-ECS-HVM
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-HPC
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-HPC-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-HPC-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-HPC-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-HPC-BYOS-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-HPC-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-HPC-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-HPC-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Hardened-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Hardened-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Hardened-BYOS-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Hardened-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Server-4-3
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-3
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-3-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-3-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-3-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-3-BYOS-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-3-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-3-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-3-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-4
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-4-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-4-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-4-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-4-BYOS-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-4-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-4-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-Micro-5-4-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-BYOS-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Hardened
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Hardened-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Hardened-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Hardened-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAP-Hardened-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAPCAL
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAPCAL-Azure
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAPCAL-EC2
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SAPCAL-GCE
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS
python3-lxml-4.7.1-3.7.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2
python3-lxml-4.7.1-3.7.1
SUSE Enterprise Storage 7
python2-lxml-4.7.1-3.7.1
python2-lxml-devel-4.7.1-3.7.1
python3-lxml-4.7.1-3.7.1
python3-lxml-devel-4.7.1-3.7.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
python2-lxml-4.7.1-3.7.1
python2-lxml-devel-4.7.1-3.7.1
python3-lxml-4.7.1-3.7.1
python3-lxml-devel-4.7.1-3.7.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
python2-lxml-4.7.1-3.7.1
python2-lxml-devel-4.7.1-3.7.1
python3-lxml-4.7.1-3.7.1
python3-lxml-devel-4.7.1-3.7.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
python3-lxml-4.7.1-3.7.1
python3-lxml-devel-4.7.1-3.7.1
SUSE Linux Enterprise Module for Python 2 15 SP3
python2-lxml-4.7.1-3.7.1
python2-lxml-devel-4.7.1-3.7.1
SUSE Linux Enterprise Real Time 15 SP2
python3-lxml-4.7.1-3.7.1
python3-lxml-devel-4.7.1-3.7.1
SUSE Linux Enterprise Server 15 SP2-BCL
python3-lxml-4.7.1-3.7.1
python3-lxml-devel-4.7.1-3.7.1
SUSE Linux Enterprise Server 15 SP2-LTSS
python2-lxml-4.7.1-3.7.1
python2-lxml-devel-4.7.1-3.7.1
python3-lxml-4.7.1-3.7.1
python3-lxml-devel-4.7.1-3.7.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
python2-lxml-4.7.1-3.7.1
python2-lxml-devel-4.7.1-3.7.1
python3-lxml-4.7.1-3.7.1
python3-lxml-devel-4.7.1-3.7.1
SUSE Manager Proxy 4.1
python2-lxml-4.7.1-3.7.1
python2-lxml-devel-4.7.1-3.7.1
python3-lxml-4.7.1-3.7.1
python3-lxml-devel-4.7.1-3.7.1
SUSE Manager Retail Branch Server 4.1
python2-lxml-4.7.1-3.7.1
python2-lxml-devel-4.7.1-3.7.1
python3-lxml-4.7.1-3.7.1
python3-lxml-devel-4.7.1-3.7.1
SUSE Manager Server 4.1
python2-lxml-4.7.1-3.7.1
python2-lxml-devel-4.7.1-3.7.1
python3-lxml-4.7.1-3.7.1
python3-lxml-devel-4.7.1-3.7.1
Ссылки
- Link for SUSE-SU-2022:0803-1
- E-Mail link for SUSE-SU-2022:0803-1
- SUSE Security Ratings
- SUSE Bug 1118088
- SUSE Bug 1179534
- SUSE Bug 1184177
- SUSE Bug 1193752
- SUSE CVE CVE-2018-19787 page
- SUSE CVE CVE-2020-27783 page
- SUSE CVE CVE-2021-28957 page
- SUSE CVE CVE-2021-43818 page
Описание
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.
Затронутые продукты
Container ses/7.1/cephcsi/cephcsi:latest:python3-lxml-4.7.1-3.7.1
Container ses/7.1/rook/ceph:latest:python3-lxml-4.7.1-3.7.1
Container ses/7/cephcsi/cephcsi:latest:python3-lxml-4.7.1-3.7.1
Container ses/7/rook/ceph:latest:python3-lxml-4.7.1-3.7.1
Ссылки
- CVE-2018-19787
- SUSE Bug 1118088
Описание
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Затронутые продукты
Container ses/7.1/cephcsi/cephcsi:latest:python3-lxml-4.7.1-3.7.1
Container ses/7.1/rook/ceph:latest:python3-lxml-4.7.1-3.7.1
Container ses/7/cephcsi/cephcsi:latest:python3-lxml-4.7.1-3.7.1
Container ses/7/rook/ceph:latest:python3-lxml-4.7.1-3.7.1
Ссылки
- CVE-2020-27783
- SUSE Bug 1179534
Описание
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
Затронутые продукты
Container ses/7.1/cephcsi/cephcsi:latest:python3-lxml-4.7.1-3.7.1
Container ses/7.1/rook/ceph:latest:python3-lxml-4.7.1-3.7.1
Container ses/7/cephcsi/cephcsi:latest:python3-lxml-4.7.1-3.7.1
Container ses/7/rook/ceph:latest:python3-lxml-4.7.1-3.7.1
Ссылки
- CVE-2021-28957
- SUSE Bug 1184177
Описание
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
Затронутые продукты
Container ses/7.1/cephcsi/cephcsi:latest:python3-lxml-4.7.1-3.7.1
Container ses/7.1/rook/ceph:latest:python3-lxml-4.7.1-3.7.1
Container ses/7/cephcsi/cephcsi:latest:python3-lxml-4.7.1-3.7.1
Container ses/7/rook/ceph:latest:python3-lxml-4.7.1-3.7.1
Ссылки
- CVE-2021-43818
- SUSE Bug 1193752