Описание
Security update for python3
This update for python3 fixes the following issues:
- CVE-2021-4189: Fixed default access from PASV response in the FTP client (bsc#1194146).
- CVE-2022-0391: Fixed sanitizing of URLs containing ASCII newline and tabs in urlparse (bsc#1195396).
Список пакетов
Image SLES12-SP4-Azure-BYOS
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
Image SLES12-SP4-SAP-Azure-BYOS
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
Image SLES12-SP5-Azure-BYOS
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
Image SLES12-SP5-Azure-Basic-On-Demand
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
Image SLES12-SP5-Azure-HPC-BYOS
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
Image SLES12-SP5-Azure-HPC-On-Demand
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
Image SLES12-SP5-Azure-SAP-BYOS
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
Image SLES12-SP5-Azure-SAP-On-Demand
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
Image SLES12-SP5-Azure-Standard-On-Demand
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
Image SLES12-SP5-EC2-BYOS
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
Image SLES12-SP5-EC2-ECS-On-Demand
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
Image SLES12-SP5-EC2-On-Demand
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
Image SLES12-SP5-EC2-SAP-BYOS
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
Image SLES12-SP5-EC2-SAP-On-Demand
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
Image SLES12-SP5-GCE-BYOS
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
Image SLES12-SP5-GCE-On-Demand
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
Image SLES12-SP5-GCE-SAP-BYOS
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
Image SLES12-SP5-GCE-SAP-On-Demand
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
SUSE Linux Enterprise Module for Web and Scripting 12
libpython3_4m1_0-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
SUSE Linux Enterprise Server 12 SP5
libpython3_4m1_0-3.4.10-25.85.1
libpython3_4m1_0-32bit-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
python3-devel-3.4.10-25.85.1
python3-tk-3.4.10-25.85.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython3_4m1_0-3.4.10-25.85.1
libpython3_4m1_0-32bit-3.4.10-25.85.1
python3-3.4.10-25.85.2
python3-base-3.4.10-25.85.1
python3-curses-3.4.10-25.85.2
python3-devel-3.4.10-25.85.1
python3-tk-3.4.10-25.85.2
SUSE Linux Enterprise Software Development Kit 12 SP5
python3-dbm-3.4.10-25.85.2
python3-devel-3.4.10-25.85.1
Ссылки
- Link for SUSE-SU-2022:0882-1
- E-Mail link for SUSE-SU-2022:0882-1
- SUSE Security Ratings
- SUSE Bug 1194146
- SUSE Bug 1195396
- SUSE CVE CVE-2021-4189 page
- SUSE CVE CVE-2022-0391 page
Описание
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
Затронутые продукты
Image SLES12-SP4-Azure-BYOS:libpython3_4m1_0-3.4.10-25.85.1
Image SLES12-SP4-Azure-BYOS:python3-3.4.10-25.85.2
Image SLES12-SP4-Azure-BYOS:python3-base-3.4.10-25.85.1
Image SLES12-SP4-SAP-Azure-BYOS:libpython3_4m1_0-3.4.10-25.85.1
Ссылки
- CVE-2021-4189
- SUSE Bug 1194146
Описание
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
Затронутые продукты
Image SLES12-SP4-Azure-BYOS:libpython3_4m1_0-3.4.10-25.85.1
Image SLES12-SP4-Azure-BYOS:python3-3.4.10-25.85.2
Image SLES12-SP4-Azure-BYOS:python3-base-3.4.10-25.85.1
Image SLES12-SP4-SAP-Azure-BYOS:libpython3_4m1_0-3.4.10-25.85.1
Ссылки
- CVE-2022-0391
- SUSE Bug 1195396
- SUSE Bug 1225672