SUSE-SU-2022:2997-1

Опубликовано: 02 сент. 2022

Источник: suse-cvrf

Описание

Security update for python-pyxdg

This update for python-pyxdg fixes the following issues:

CVE-2019-12761: Fixed a code injection issue in Category elements of a Menu XML (bsc#1137627).

Список пакетов

SUSE Enterprise Storage 6

python2-pyxdg-0.25-150000.3.3.1

python3-pyxdg-0.25-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

python2-pyxdg-0.25-150000.3.3.1

python3-pyxdg-0.25-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

python2-pyxdg-0.25-150000.3.3.1

python3-pyxdg-0.25-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

python2-pyxdg-0.25-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

python2-pyxdg-0.25-150000.3.3.1

SUSE Linux Enterprise Server 15 SP1-BCL

python2-pyxdg-0.25-150000.3.3.1

python3-pyxdg-0.25-150000.3.3.1

SUSE Linux Enterprise Server 15 SP1-LTSS

python2-pyxdg-0.25-150000.3.3.1

python3-pyxdg-0.25-150000.3.3.1

SUSE Linux Enterprise Server 15-LTSS

python2-pyxdg-0.25-150000.3.3.1

SUSE Linux Enterprise Server for SAP Applications 15

python2-pyxdg-0.25-150000.3.3.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

python2-pyxdg-0.25-150000.3.3.1

python3-pyxdg-0.25-150000.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222997-1/
Link for SUSE-SU-2022:2997-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012064.html
E-Mail link for SUSE-SU-2022:2997-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1137627
SUSE Bug 1137627
https://www.suse.com/security/cve/CVE-2019-12761/
SUSE CVE CVE-2019-12761 page

Описание

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.

Затронутые продукты

SUSE Enterprise Storage 6:python2-pyxdg-0.25-150000.3.3.1

SUSE Enterprise Storage 6:python3-pyxdg-0.25-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:python2-pyxdg-0.25-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:python3-pyxdg-0.25-150000.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-12761.html
CVE-2019-12761
https://bugzilla.suse.com/1137627
SUSE Bug 1137627

SUSE-SU-2022:2997-1

Описание

Список пакетов

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

SUSE Linux Enterprise Server for SAP Applications 15 SP1

Ссылки

Уязвимость: CVE-2019-12761

Описание

Затронутые продукты

Ссылки