Описание
Security update for python
This update for python fixes the following issues:
- CVE-2022-0391: Fixed URL sanitization containing ASCII newline and tabs in urlparse (bsc#1195396).
- CVE-2021-4189: Fixed ftplib not to trust the PASV response (bsc#1194146).
- CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819).
Список пакетов
Image SLES15-Azure-BYOS
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SAP-Azure-BYOS
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP1-SAPCAL-Azure
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP1-SAPCAL-EC2-HVM
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP1-SAPCAL-GCE
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP2-SAP-Azure
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
Image SLES15-SP2-SAP-BYOS-Azure
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP2-SAP-BYOS-EC2-HVM
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP2-SAP-BYOS-GCE
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP2-SAP-EC2-HVM
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP2-SAP-GCE
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP3-EC2-HVM
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP3-SAP-Azure
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.18-150000.38.2
python-base-2.7.18-150000.38.2
Image SLES15-SP3-SAP-EC2-HVM
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP3-SAP-GCE
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP3-SAPCAL-Azure
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP3-SAPCAL-EC2-HVM
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
Image SLES15-SP3-SAPCAL-GCE
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-xml-2.7.18-150000.38.2
SUSE Linux Enterprise Module for Basesystem 15 SP3
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
python-tk-2.7.18-150000.38.1
SUSE Linux Enterprise Module for Python 2 15 SP3
python-curses-2.7.18-150000.38.1
python-devel-2.7.18-150000.38.2
python-gdbm-2.7.18-150000.38.1
python-xml-2.7.18-150000.38.2
SUSE Linux Enterprise Real Time 15 SP2
libpython2_7-1_0-2.7.18-150000.38.2
python-2.7.18-150000.38.1
python-base-2.7.18-150000.38.2
python-tk-2.7.18-150000.38.1
Ссылки
- Link for SUSE-SU-2022:1091-1
- E-Mail link for SUSE-SU-2022:1091-1
- SUSE Security Ratings
- SUSE Bug 1175619
- SUSE Bug 1186819
- SUSE Bug 1194146
- SUSE Bug 1195396
- SUSE CVE CVE-2021-3572 page
- SUSE CVE CVE-2021-4189 page
- SUSE CVE CVE-2022-0391 page
Описание
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
Затронутые продукты
Image SLES15-Azure-BYOS:libpython2_7-1_0-2.7.18-150000.38.2
Image SLES15-Azure-BYOS:python-2.7.18-150000.38.1
Image SLES15-Azure-BYOS:python-base-2.7.18-150000.38.2
Image SLES15-Azure-BYOS:python-xml-2.7.18-150000.38.2
Ссылки
- CVE-2021-3572
- SUSE Bug 1186819
Описание
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
Затронутые продукты
Image SLES15-Azure-BYOS:libpython2_7-1_0-2.7.18-150000.38.2
Image SLES15-Azure-BYOS:python-2.7.18-150000.38.1
Image SLES15-Azure-BYOS:python-base-2.7.18-150000.38.2
Image SLES15-Azure-BYOS:python-xml-2.7.18-150000.38.2
Ссылки
- CVE-2021-4189
- SUSE Bug 1194146
Описание
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
Затронутые продукты
Image SLES15-Azure-BYOS:libpython2_7-1_0-2.7.18-150000.38.2
Image SLES15-Azure-BYOS:python-2.7.18-150000.38.1
Image SLES15-Azure-BYOS:python-base-2.7.18-150000.38.2
Image SLES15-Azure-BYOS:python-xml-2.7.18-150000.38.2
Ссылки
- CVE-2022-0391
- SUSE Bug 1195396
- SUSE Bug 1225672