Описание
Security update for python39-setuptools
This update for python39-setuptools fixes the following issues:
- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667).
Список пакетов
Container containers/python:3.9
python39-setuptools-44.1.1-150300.7.6.1
Image python_15_6
python39-setuptools-44.1.1-150300.7.6.1
SUSE Linux Enterprise Real Time 15 SP3
python39-setuptools-44.1.1-150300.7.6.1
openSUSE Leap 15.4
python39-setuptools-44.1.1-150300.7.6.1
Ссылки
- Link for SUSE-SU-2023:0202-1
- E-Mail link for SUSE-SU-2023:0202-1
- SUSE Security Ratings
- SUSE Bug 1206667
- SUSE CVE CVE-2022-40897 page
Описание
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
Затронутые продукты
Container containers/python:3.9:python39-setuptools-44.1.1-150300.7.6.1
Image python_15_6:python39-setuptools-44.1.1-150300.7.6.1
SUSE Linux Enterprise Real Time 15 SP3:python39-setuptools-44.1.1-150300.7.6.1
openSUSE Leap 15.4:python39-setuptools-44.1.1-150300.7.6.1
Ссылки
- CVE-2022-40897
- SUSE Bug 1206667