SUSE-SU-2022:3940-1

Опубликовано: 10 нояб. 2022

Источник: suse-cvrf

Описание

Security update for python

This update for python fixes the following issues:

CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // BaseHTTPServer (bsc#1202624).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

libpython2_7-1_0-2.7.18-28.90.1

libpython2_7-1_0-32bit-2.7.18-28.90.1

python-2.7.18-28.90.1

python-32bit-2.7.18-28.90.1

python-base-2.7.18-28.90.1

python-base-32bit-2.7.18-28.90.1

python-curses-2.7.18-28.90.1

python-demo-2.7.18-28.90.1

python-doc-2.7.18-28.90.1

python-doc-pdf-2.7.18-28.90.1

python-gdbm-2.7.18-28.90.1

python-idle-2.7.18-28.90.1

python-tk-2.7.18-28.90.1

python-xml-2.7.18-28.90.1

SUSE Linux Enterprise Server 12 SP3-BCL

libpython2_7-1_0-2.7.18-28.90.1

libpython2_7-1_0-32bit-2.7.18-28.90.1

python-2.7.18-28.90.1

python-32bit-2.7.18-28.90.1

python-base-2.7.18-28.90.1

python-base-32bit-2.7.18-28.90.1

python-curses-2.7.18-28.90.1

python-demo-2.7.18-28.90.1

python-devel-2.7.18-28.90.1

python-doc-2.7.18-28.90.1

python-doc-pdf-2.7.18-28.90.1

python-gdbm-2.7.18-28.90.1

python-idle-2.7.18-28.90.1

python-tk-2.7.18-28.90.1

python-xml-2.7.18-28.90.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223940-1/
Link for SUSE-SU-2022:3940-1
https://lists.suse.com/pipermail/sle-updates/2022-November/026107.html
E-Mail link for SUSE-SU-2022:3940-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1202624
SUSE Bug 1202624
https://www.suse.com/security/cve/CVE-2021-28861/
SUSE CVE CVE-2021-28861 page

Описание

** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:libpython2_7-1_0-2.7.18-28.90.1

SUSE Linux Enterprise Server 12 SP2-BCL:libpython2_7-1_0-32bit-2.7.18-28.90.1

SUSE Linux Enterprise Server 12 SP2-BCL:python-2.7.18-28.90.1

SUSE Linux Enterprise Server 12 SP2-BCL:python-32bit-2.7.18-28.90.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-28861.html
CVE-2021-28861
https://bugzilla.suse.com/1202624
SUSE Bug 1202624
https://bugzilla.suse.com/1204077
SUSE Bug 1204077
https://bugzilla.suse.com/1204801
SUSE Bug 1204801
https://bugzilla.suse.com/1204802
SUSE Bug 1204802
https://bugzilla.suse.com/1205068
SUSE Bug 1205068
https://bugzilla.suse.com/1205075
SUSE Bug 1205075
https://bugzilla.suse.com/1205467
SUSE Bug 1205467

SUSE-SU-2022:3940-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP3-BCL

Ссылки

Уязвимость: CVE-2021-28861

Описание

Затронутые продукты

Ссылки