Описание
Security update for python
This update for python rebuilds python against a symbol versioned openssl 1.0.2 to allow usage with openssl 1.1.1.
Also the following security issues are fixed:
- CVE-2022-0391: Fixed sanitizing URLs containing ASCII newline and tabs in urlparse (bsc#1195396).
- CVE-2021-4189: Make ftplib not trust the PASV response (bsc#1194146).
Список пакетов
Image SLES12-SP4-Azure-BYOS
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP4-SAP-Azure-BYOS
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-Azure-BYOS
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-Azure-Basic-On-Demand
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-Azure-HPC-BYOS
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-Azure-HPC-On-Demand
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-Azure-SAP-BYOS
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-Azure-SAP-On-Demand
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-Azure-Standard-On-Demand
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-EC2-BYOS
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-EC2-ECS-On-Demand
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-EC2-On-Demand
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-EC2-SAP-BYOS
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-EC2-SAP-On-Demand
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-GCE-BYOS
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-GCE-On-Demand
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-GCE-SAP-BYOS
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-GCE-SAP-On-Demand
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.18-33.8.1
python-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libpython2_7-1_0-2.7.18-33.8.1
libpython2_7-1_0-32bit-2.7.18-33.8.1
python-2.7.18-33.8.1
python-32bit-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-base-32bit-2.7.18-33.8.1
python-curses-2.7.18-33.8.1
python-demo-2.7.18-33.8.1
python-devel-2.7.18-33.8.1
python-doc-2.7.18-33.8.1
python-doc-pdf-2.7.18-33.8.1
python-gdbm-2.7.18-33.8.1
python-idle-2.7.18-33.8.1
python-tk-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
SUSE Linux Enterprise Server 12 SP5
libpython2_7-1_0-2.7.18-33.8.1
libpython2_7-1_0-32bit-2.7.18-33.8.1
python-2.7.18-33.8.1
python-32bit-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-base-32bit-2.7.18-33.8.1
python-curses-2.7.18-33.8.1
python-demo-2.7.18-33.8.1
python-devel-2.7.18-33.8.1
python-doc-2.7.18-33.8.1
python-doc-pdf-2.7.18-33.8.1
python-gdbm-2.7.18-33.8.1
python-idle-2.7.18-33.8.1
python-tk-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libpython2_7-1_0-2.7.18-33.8.1
libpython2_7-1_0-32bit-2.7.18-33.8.1
python-2.7.18-33.8.1
python-32bit-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-base-32bit-2.7.18-33.8.1
python-curses-2.7.18-33.8.1
python-demo-2.7.18-33.8.1
python-devel-2.7.18-33.8.1
python-doc-2.7.18-33.8.1
python-doc-pdf-2.7.18-33.8.1
python-gdbm-2.7.18-33.8.1
python-idle-2.7.18-33.8.1
python-tk-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython2_7-1_0-2.7.18-33.8.1
libpython2_7-1_0-32bit-2.7.18-33.8.1
python-2.7.18-33.8.1
python-32bit-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-base-32bit-2.7.18-33.8.1
python-curses-2.7.18-33.8.1
python-demo-2.7.18-33.8.1
python-devel-2.7.18-33.8.1
python-doc-2.7.18-33.8.1
python-doc-pdf-2.7.18-33.8.1
python-gdbm-2.7.18-33.8.1
python-idle-2.7.18-33.8.1
python-tk-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
SUSE Linux Enterprise Workstation Extension 12 SP5
python-devel-2.7.18-33.8.1
SUSE OpenStack Cloud 9
libpython2_7-1_0-2.7.18-33.8.1
libpython2_7-1_0-32bit-2.7.18-33.8.1
python-2.7.18-33.8.1
python-32bit-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-base-32bit-2.7.18-33.8.1
python-curses-2.7.18-33.8.1
python-demo-2.7.18-33.8.1
python-devel-2.7.18-33.8.1
python-doc-2.7.18-33.8.1
python-doc-pdf-2.7.18-33.8.1
python-gdbm-2.7.18-33.8.1
python-idle-2.7.18-33.8.1
python-tk-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
SUSE OpenStack Cloud Crowbar 9
libpython2_7-1_0-2.7.18-33.8.1
libpython2_7-1_0-32bit-2.7.18-33.8.1
python-2.7.18-33.8.1
python-32bit-2.7.18-33.8.1
python-base-2.7.18-33.8.1
python-base-32bit-2.7.18-33.8.1
python-curses-2.7.18-33.8.1
python-demo-2.7.18-33.8.1
python-devel-2.7.18-33.8.1
python-doc-2.7.18-33.8.1
python-doc-pdf-2.7.18-33.8.1
python-gdbm-2.7.18-33.8.1
python-idle-2.7.18-33.8.1
python-tk-2.7.18-33.8.1
python-xml-2.7.18-33.8.1
Ссылки
- Link for SUSE-SU-2022:1140-1
- E-Mail link for SUSE-SU-2022:1140-1
- SUSE Security Ratings
- SUSE Bug 1187784
- SUSE Bug 1194146
- SUSE Bug 1195396
- SUSE CVE CVE-2021-4189 page
- SUSE CVE CVE-2022-0391 page
Описание
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
Затронутые продукты
Image SLES12-SP4-Azure-BYOS:libpython2_7-1_0-2.7.18-33.8.1
Image SLES12-SP4-Azure-BYOS:python-2.7.18-33.8.1
Image SLES12-SP4-Azure-BYOS:python-base-2.7.18-33.8.1
Image SLES12-SP4-Azure-BYOS:python-xml-2.7.18-33.8.1
Ссылки
- CVE-2021-4189
- SUSE Bug 1194146
Описание
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
Затронутые продукты
Image SLES12-SP4-Azure-BYOS:libpython2_7-1_0-2.7.18-33.8.1
Image SLES12-SP4-Azure-BYOS:python-2.7.18-33.8.1
Image SLES12-SP4-Azure-BYOS:python-base-2.7.18-33.8.1
Image SLES12-SP4-Azure-BYOS:python-xml-2.7.18-33.8.1
Ссылки
- CVE-2022-0391
- SUSE Bug 1195396
- SUSE Bug 1225672