SUSE-SU-2022:4258-1

Опубликовано: 28 нояб. 2022

Источник: suse-cvrf

Описание

Security update for python3

This update for python3 fixes the following issues:

CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244).

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

Image SLES15-SP2-BYOS-Azure

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

Image SLES15-SP2-HPC-BYOS-Azure

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

Image SLES15-SP2-SAP-Azure

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

Image SLES15-SP2-SAP-BYOS-Azure

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

Image SLES15-SP2-SAP-BYOS-GCE

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

Image SLES15-SP2-SAP-EC2-HVM

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

Image SLES15-SP2-SAP-GCE

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

SUSE Enterprise Storage 6

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-testsuite-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Enterprise Storage 7

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-testsuite-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-testsuite-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise Micro 5.1

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

SUSE Linux Enterprise Server 15 SP1-BCL

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-testsuite-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise Server 15 SP1-LTSS

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-testsuite-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise Server 15 SP2-BCL

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise Server 15 SP2-LTSS

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise Server 15-LTSS

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise Server for SAP Applications 15

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-testsuite-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Manager Proxy 4.1

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Manager Retail Branch Server 4.1

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

SUSE Manager Server 4.1

libpython3_6m1_0-3.6.15-150000.3.119.1

python3-3.6.15-150000.3.119.1

python3-base-3.6.15-150000.3.119.1

python3-curses-3.6.15-150000.3.119.1

python3-dbm-3.6.15-150000.3.119.1

python3-devel-3.6.15-150000.3.119.1

python3-idle-3.6.15-150000.3.119.1

python3-tk-3.6.15-150000.3.119.1

python3-tools-3.6.15-150000.3.119.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224258-1/
Link for SUSE-SU-2022:4258-1
https://lists.suse.com/pipermail/sle-security-updates/2022-November/013134.html
E-Mail link for SUSE-SU-2022:4258-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1205244
SUSE Bug 1205244
https://www.suse.com/security/cve/CVE-2022-45061/
SUSE CVE CVE-2022-45061 page

Описание

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

Затронутые продукты

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libpython3_6m1_0-3.6.15-150000.3.119.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:python3-3.6.15-150000.3.119.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:python3-base-3.6.15-150000.3.119.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:python3-curses-3.6.15-150000.3.119.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-45061.html
CVE-2022-45061
https://bugzilla.suse.com/1205244
SUSE Bug 1205244
https://bugzilla.suse.com/1211488
SUSE Bug 1211488

SUSE-SU-2022:4258-1

Описание

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-BYOS-Azure

Image SLES15-SP2-HPC-BYOS-Azure

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP2-SAP-BYOS-EC2-HVM

Image SLES15-SP2-SAP-BYOS-GCE

Image SLES15-SP2-SAP-EC2-HVM

Image SLES15-SP2-SAP-GCE

SUSE Enterprise Storage 6

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15 SP2-BCL

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

SUSE Linux Enterprise Server for SAP Applications 15 SP1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Manager Proxy 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Server 4.1

Ссылки

Уязвимость: CVE-2022-45061

Описание

Затронутые продукты

Ссылки