Описание
Security update for python36
This update for python36 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
Список пакетов
Image SLES12-SP5-Azure-BYOS
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-Azure-Basic-On-Demand
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-Azure-HPC-BYOS
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-Azure-HPC-On-Demand
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-Azure-SAP-BYOS
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-Azure-SAP-On-Demand
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-Azure-Standard-On-Demand
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-EC2-BYOS
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-EC2-ECS-On-Demand
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-EC2-On-Demand
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-EC2-SAP-BYOS
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-EC2-SAP-On-Demand
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-GCE-BYOS
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-GCE-On-Demand
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-GCE-SAP-BYOS
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-GCE-SAP-On-Demand
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython3_6m1_0-3.6.15-24.1
python36-base-3.6.15-24.1
SUSE Linux Enterprise Server 12 SP5
libpython3_6m1_0-3.6.15-24.1
libpython3_6m1_0-32bit-3.6.15-24.1
python36-3.6.15-24.1
python36-base-3.6.15-24.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython3_6m1_0-3.6.15-24.1
libpython3_6m1_0-32bit-3.6.15-24.1
python36-3.6.15-24.1
python36-base-3.6.15-24.1
SUSE Linux Enterprise Software Development Kit 12 SP5
python36-devel-3.6.15-24.1
Ссылки
- Link for SUSE-SU-2022:2147-1
- E-Mail link for SUSE-SU-2022:2147-1
- SUSE Security Ratings
- SUSE Bug 1198511
- SUSE CVE CVE-2015-20107 page
Описание
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython3_6m1_0-3.6.15-24.1
Image SLES12-SP5-Azure-BYOS:python36-base-3.6.15-24.1
Image SLES12-SP5-Azure-Basic-On-Demand:libpython3_6m1_0-3.6.15-24.1
Image SLES12-SP5-Azure-Basic-On-Demand:python36-base-3.6.15-24.1
Ссылки
- CVE-2015-20107
- SUSE Bug 1198511
- SUSE Bug 1200507
- SUSE Bug 1201777
- SUSE Bug 1201791
- SUSE Bug 1205068
- SUSE Bug 1208337