Описание
Security update for python
This update for python fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
Список пакетов
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-Azure-BYOS
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-Azure-Basic-On-Demand
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-Azure-HPC-BYOS
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-Azure-HPC-On-Demand
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-Azure-SAP-BYOS
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-Azure-SAP-On-Demand
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-Azure-Standard-On-Demand
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-EC2-BYOS
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-EC2-ECS-On-Demand
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-EC2-On-Demand
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-EC2-SAP-BYOS
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-EC2-SAP-On-Demand
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-GCE-BYOS
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-GCE-On-Demand
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-GCE-SAP-BYOS
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-GCE-SAP-On-Demand
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.18-33.11.1
python-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libpython2_7-1_0-2.7.18-33.11.1
libpython2_7-1_0-32bit-2.7.18-33.11.1
python-2.7.18-33.11.1
python-32bit-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-base-32bit-2.7.18-33.11.1
python-curses-2.7.18-33.11.1
python-demo-2.7.18-33.11.1
python-devel-2.7.18-33.11.1
python-doc-2.7.18-33.11.1
python-doc-pdf-2.7.18-33.11.1
python-gdbm-2.7.18-33.11.1
python-idle-2.7.18-33.11.1
python-tk-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
SUSE Linux Enterprise Server 12 SP5
libpython2_7-1_0-2.7.18-33.11.1
libpython2_7-1_0-32bit-2.7.18-33.11.1
python-2.7.18-33.11.1
python-32bit-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-base-32bit-2.7.18-33.11.1
python-curses-2.7.18-33.11.1
python-demo-2.7.18-33.11.1
python-devel-2.7.18-33.11.1
python-doc-2.7.18-33.11.1
python-doc-pdf-2.7.18-33.11.1
python-gdbm-2.7.18-33.11.1
python-idle-2.7.18-33.11.1
python-tk-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libpython2_7-1_0-2.7.18-33.11.1
libpython2_7-1_0-32bit-2.7.18-33.11.1
python-2.7.18-33.11.1
python-32bit-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-base-32bit-2.7.18-33.11.1
python-curses-2.7.18-33.11.1
python-demo-2.7.18-33.11.1
python-devel-2.7.18-33.11.1
python-doc-2.7.18-33.11.1
python-doc-pdf-2.7.18-33.11.1
python-gdbm-2.7.18-33.11.1
python-idle-2.7.18-33.11.1
python-tk-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython2_7-1_0-2.7.18-33.11.1
libpython2_7-1_0-32bit-2.7.18-33.11.1
python-2.7.18-33.11.1
python-32bit-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-base-32bit-2.7.18-33.11.1
python-curses-2.7.18-33.11.1
python-demo-2.7.18-33.11.1
python-devel-2.7.18-33.11.1
python-doc-2.7.18-33.11.1
python-doc-pdf-2.7.18-33.11.1
python-gdbm-2.7.18-33.11.1
python-idle-2.7.18-33.11.1
python-tk-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
SUSE Linux Enterprise Workstation Extension 12 SP5
python-devel-2.7.18-33.11.1
SUSE OpenStack Cloud 9
libpython2_7-1_0-2.7.18-33.11.1
libpython2_7-1_0-32bit-2.7.18-33.11.1
python-2.7.18-33.11.1
python-32bit-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-base-32bit-2.7.18-33.11.1
python-curses-2.7.18-33.11.1
python-demo-2.7.18-33.11.1
python-devel-2.7.18-33.11.1
python-doc-2.7.18-33.11.1
python-doc-pdf-2.7.18-33.11.1
python-gdbm-2.7.18-33.11.1
python-idle-2.7.18-33.11.1
python-tk-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
SUSE OpenStack Cloud Crowbar 9
libpython2_7-1_0-2.7.18-33.11.1
libpython2_7-1_0-32bit-2.7.18-33.11.1
python-2.7.18-33.11.1
python-32bit-2.7.18-33.11.1
python-base-2.7.18-33.11.1
python-base-32bit-2.7.18-33.11.1
python-curses-2.7.18-33.11.1
python-demo-2.7.18-33.11.1
python-devel-2.7.18-33.11.1
python-doc-2.7.18-33.11.1
python-doc-pdf-2.7.18-33.11.1
python-gdbm-2.7.18-33.11.1
python-idle-2.7.18-33.11.1
python-tk-2.7.18-33.11.1
python-xml-2.7.18-33.11.1
Ссылки
- Link for SUSE-SU-2022:2248-1
- E-Mail link for SUSE-SU-2022:2248-1
- SUSE Security Ratings
- SUSE Bug 1198511
- SUSE CVE CVE-2015-20107 page
Описание
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-33.11.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:python-2.7.18-33.11.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-33.11.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:python-xml-2.7.18-33.11.1
Ссылки
- CVE-2015-20107
- SUSE Bug 1198511
- SUSE Bug 1200507
- SUSE Bug 1201777
- SUSE Bug 1201791
- SUSE Bug 1205068
- SUSE Bug 1208337