Описание
Security update for python3
This update for python3 fixes the following issues:
- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)
Список пакетов
Image SLES12-SP5-Azure-BYOS
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-Azure-Basic-On-Demand
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-Azure-HPC-BYOS
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-Azure-HPC-On-Demand
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-Azure-SAP-BYOS
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-Azure-SAP-On-Demand
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-Azure-Standard-On-Demand
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-EC2-BYOS
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-EC2-ECS-On-Demand
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-EC2-On-Demand
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-EC2-SAP-BYOS
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-EC2-SAP-On-Demand
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-GCE-BYOS
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-GCE-On-Demand
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-GCE-SAP-BYOS
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-GCE-SAP-On-Demand
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython3_6m1_0-3.6.15-32.2
python36-base-3.6.15-32.2
SUSE Linux Enterprise Server 12 SP5
libpython3_6m1_0-3.6.15-32.2
libpython3_6m1_0-32bit-3.6.15-32.2
python36-3.6.15-32.2
python36-base-3.6.15-32.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython3_6m1_0-3.6.15-32.2
libpython3_6m1_0-32bit-3.6.15-32.2
python36-3.6.15-32.2
python36-base-3.6.15-32.2
SUSE Linux Enterprise Software Development Kit 12 SP5
python36-devel-3.6.15-32.2
Ссылки
- Link for SUSE-SU-2022:4274-1
- E-Mail link for SUSE-SU-2022:4274-1
- SUSE Security Ratings
- SUSE Bug 1203125
- SUSE Bug 1204577
- SUSE CVE CVE-2020-10735 page
- SUSE CVE CVE-2022-37454 page
Описание
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython3_6m1_0-3.6.15-32.2
Image SLES12-SP5-Azure-BYOS:python36-base-3.6.15-32.2
Image SLES12-SP5-Azure-Basic-On-Demand:libpython3_6m1_0-3.6.15-32.2
Image SLES12-SP5-Azure-Basic-On-Demand:python36-base-3.6.15-32.2
Ссылки
- CVE-2020-10735
- SUSE Bug 1203125
- SUSE Bug 1204077
- SUSE Bug 1204096
- SUSE Bug 1204097
- SUSE Bug 1205075
- SUSE Bug 1208131
Описание
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython3_6m1_0-3.6.15-32.2
Image SLES12-SP5-Azure-BYOS:python36-base-3.6.15-32.2
Image SLES12-SP5-Azure-Basic-On-Demand:libpython3_6m1_0-3.6.15-32.2
Image SLES12-SP5-Azure-Basic-On-Demand:python36-base-3.6.15-32.2
Ссылки
- CVE-2022-37454
- SUSE Bug 1204577
- SUSE Bug 1204966
- SUSE Bug 1205836