Описание
Security update for python3
This update for python3 fixes the following issues:
- CVE-2020-10735: Fixed possible DoS when converting text to int and vice versa (bsc#1203125).
- CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244).
Список пакетов
Image SLES12-SP5-Azure-BYOS
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
Image SLES12-SP5-Azure-Basic-On-Demand
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
Image SLES12-SP5-Azure-HPC-BYOS
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
Image SLES12-SP5-Azure-HPC-On-Demand
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
Image SLES12-SP5-Azure-SAP-BYOS
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
Image SLES12-SP5-Azure-SAP-On-Demand
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
Image SLES12-SP5-Azure-Standard-On-Demand
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
Image SLES12-SP5-EC2-BYOS
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
Image SLES12-SP5-EC2-ECS-On-Demand
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
Image SLES12-SP5-EC2-On-Demand
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
Image SLES12-SP5-EC2-SAP-BYOS
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
Image SLES12-SP5-EC2-SAP-On-Demand
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
Image SLES12-SP5-GCE-BYOS
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
Image SLES12-SP5-GCE-On-Demand
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
Image SLES12-SP5-GCE-SAP-BYOS
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
Image SLES12-SP5-GCE-SAP-On-Demand
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
SUSE Linux Enterprise Module for Web and Scripting 12
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
SUSE Linux Enterprise Server 12 SP2-BCL
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
SUSE Linux Enterprise Server 12 SP3-BCL
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
SUSE Linux Enterprise Server 12 SP4-LTSS
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
python3-devel-3.4.10-25.102.2
SUSE Linux Enterprise Server 12 SP5
libpython3_4m1_0-3.4.10-25.102.2
libpython3_4m1_0-32bit-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
python3-devel-3.4.10-25.102.2
python3-tk-3.4.10-25.102.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
python3-devel-3.4.10-25.102.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython3_4m1_0-3.4.10-25.102.2
libpython3_4m1_0-32bit-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
python3-devel-3.4.10-25.102.2
python3-tk-3.4.10-25.102.2
SUSE Linux Enterprise Software Development Kit 12 SP5
python3-dbm-3.4.10-25.102.2
python3-devel-3.4.10-25.102.2
SUSE OpenStack Cloud 9
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
python3-devel-3.4.10-25.102.2
SUSE OpenStack Cloud Crowbar 9
libpython3_4m1_0-3.4.10-25.102.2
python3-3.4.10-25.102.2
python3-base-3.4.10-25.102.2
python3-curses-3.4.10-25.102.2
python3-devel-3.4.10-25.102.2
Ссылки
- Link for SUSE-SU-2022:4251-1
- E-Mail link for SUSE-SU-2022:4251-1
- SUSE Security Ratings
- SUSE Bug 1203125
- SUSE Bug 1205244
- SUSE CVE CVE-2020-10735 page
- SUSE CVE CVE-2022-45061 page
Описание
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython3_4m1_0-3.4.10-25.102.2
Image SLES12-SP5-Azure-BYOS:python3-3.4.10-25.102.2
Image SLES12-SP5-Azure-BYOS:python3-base-3.4.10-25.102.2
Image SLES12-SP5-Azure-Basic-On-Demand:libpython3_4m1_0-3.4.10-25.102.2
Ссылки
- CVE-2020-10735
- SUSE Bug 1203125
- SUSE Bug 1204077
- SUSE Bug 1204096
- SUSE Bug 1204097
- SUSE Bug 1205075
- SUSE Bug 1208131
Описание
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython3_4m1_0-3.4.10-25.102.2
Image SLES12-SP5-Azure-BYOS:python3-3.4.10-25.102.2
Image SLES12-SP5-Azure-BYOS:python3-base-3.4.10-25.102.2
Image SLES12-SP5-Azure-Basic-On-Demand:libpython3_4m1_0-3.4.10-25.102.2
Ссылки
- CVE-2022-45061
- SUSE Bug 1205244
- SUSE Bug 1211488