SUSE-SU-2022:3460-1

Опубликовано: 29 сент. 2022

Источник: suse-cvrf

Описание

Security update for python3-lxml

This update for python3-lxml fixes the following issues:

CVE-2020-27783: Fixed XSS due to the use of improper parser (bsc#1179534).

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 12

python3-lxml-3.3.5-3.12.1

python3-lxml-doc-3.3.5-3.12.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223460-1/
Link for SUSE-SU-2022:3460-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012452.html
E-Mail link for SUSE-SU-2022:3460-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1179534
SUSE Bug 1179534
https://www.suse.com/security/cve/CVE-2020-27783/
SUSE CVE CVE-2020-27783 page

Описание

A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

Затронутые продукты

SUSE Linux Enterprise Module for Public Cloud 12:python3-lxml-3.3.5-3.12.1

SUSE Linux Enterprise Module for Public Cloud 12:python3-lxml-doc-3.3.5-3.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-27783.html
CVE-2020-27783
https://bugzilla.suse.com/1179534
SUSE Bug 1179534

SUSE-SU-2022:3460-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 12

Ссылки

Уязвимость: CVE-2020-27783

Описание

Затронутые продукты

Ссылки