Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:3485-1

Опубликовано: 01 окт. 2022
Источник: suse-cvrf

Описание

Security update for python39

This update for python39 fixes the following issues:

python39 was updated to version 3.9.14:

  • CVE-2020-10735: Fixed DoS due to int() type in PyLong_FromString() not limiting amount of digits when converting text to int (bsc#1203125).
  • CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).

Список пакетов

Container bci/python:3
libpython3_9-1_0-3.9.14-150300.4.16.1
python39-3.9.14-150300.4.16.1
python39-base-3.9.14-150300.4.16.1
python39-devel-3.9.14-150300.4.16.1
Container containers/python:3.9
libpython3_9-1_0-3.9.14-150300.4.16.1
python39-3.9.14-150300.4.16.1
python39-base-3.9.14-150300.4.16.1
python39-devel-3.9.14-150300.4.16.1
Image python_15_6
libpython3_9-1_0-3.9.14-150300.4.16.1
python39-3.9.14-150300.4.16.1
python39-base-3.9.14-150300.4.16.1
python39-devel-3.9.14-150300.4.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
libpython3_9-1_0-3.9.14-150300.4.16.1
python39-3.9.14-150300.4.16.1
python39-base-3.9.14-150300.4.16.1
python39-curses-3.9.14-150300.4.16.1
python39-dbm-3.9.14-150300.4.16.1
python39-devel-3.9.14-150300.4.16.1
python39-idle-3.9.14-150300.4.16.1
python39-tk-3.9.14-150300.4.16.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
python39-tools-3.9.14-150300.4.16.1
openSUSE Leap 15.3
libpython3_9-1_0-3.9.14-150300.4.16.1
libpython3_9-1_0-32bit-3.9.14-150300.4.16.1
python39-3.9.14-150300.4.16.1
python39-32bit-3.9.14-150300.4.16.1
python39-base-3.9.14-150300.4.16.1
python39-base-32bit-3.9.14-150300.4.16.1
python39-curses-3.9.14-150300.4.16.1
python39-dbm-3.9.14-150300.4.16.1
python39-devel-3.9.14-150300.4.16.1
python39-doc-3.9.14-150300.4.16.1
python39-doc-devhelp-3.9.14-150300.4.16.1
python39-idle-3.9.14-150300.4.16.1
python39-testsuite-3.9.14-150300.4.16.1
python39-tk-3.9.14-150300.4.16.1
python39-tools-3.9.14-150300.4.16.1
openSUSE Leap 15.4
libpython3_9-1_0-3.9.14-150300.4.16.1
libpython3_9-1_0-32bit-3.9.14-150300.4.16.1
python39-3.9.14-150300.4.16.1
python39-32bit-3.9.14-150300.4.16.1
python39-base-3.9.14-150300.4.16.1
python39-base-32bit-3.9.14-150300.4.16.1
python39-curses-3.9.14-150300.4.16.1
python39-dbm-3.9.14-150300.4.16.1
python39-devel-3.9.14-150300.4.16.1
python39-doc-3.9.14-150300.4.16.1
python39-doc-devhelp-3.9.14-150300.4.16.1
python39-idle-3.9.14-150300.4.16.1
python39-testsuite-3.9.14-150300.4.16.1
python39-tk-3.9.14-150300.4.16.1
python39-tools-3.9.14-150300.4.16.1

Ссылки

Описание

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Затронутые продукты
Container bci/python:3:libpython3_9-1_0-3.9.14-150300.4.16.1
Container bci/python:3:python39-3.9.14-150300.4.16.1
Container bci/python:3:python39-base-3.9.14-150300.4.16.1
Container bci/python:3:python39-devel-3.9.14-150300.4.16.1
Ссылки

Описание

** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Затронутые продукты
Container bci/python:3:libpython3_9-1_0-3.9.14-150300.4.16.1
Container bci/python:3:python39-3.9.14-150300.4.16.1
Container bci/python:3:python39-base-3.9.14-150300.4.16.1
Container bci/python:3:python39-devel-3.9.14-150300.4.16.1
Ссылки
Уязвимость SUSE-SU-2022:3485-1