Описание
Security update for python310-setuptools
This update for python310-setuptools fixes the following issues:
- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667).
Список пакетов
Container bci/python:3
python310-setuptools-57.4.0-150400.4.3.1
SUSE Linux Enterprise Module for Python 3 15 SP4
python310-setuptools-57.4.0-150400.4.3.1
openSUSE Leap 15.4
python310-setuptools-57.4.0-150400.4.3.1
Ссылки
- Link for SUSE-SU-2023:0091-1
- E-Mail link for SUSE-SU-2023:0091-1
- SUSE Security Ratings
- SUSE Bug 1206667
- SUSE CVE CVE-2022-40897 page
Описание
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
Затронутые продукты
Container bci/python:3:python310-setuptools-57.4.0-150400.4.3.1
SUSE Linux Enterprise Module for Python 3 15 SP4:python310-setuptools-57.4.0-150400.4.3.1
openSUSE Leap 15.4:python310-setuptools-57.4.0-150400.4.3.1
Ссылки
- CVE-2022-40897
- SUSE Bug 1206667