Описание
Security update for python3
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
The following non-security bugs were fixed:
- Fixed a crash in the garbage collection (bsc#1188607)
- Fixed email.generator.py to not replace a non-existent header (bsc#1208443, gh#python/cpython#71508).
Список пакетов
SUSE Enterprise Storage 7
libpython3_6m1_0-3.6.15-150000.3.124.1
python3-3.6.15-150000.3.124.1
python3-base-3.6.15-150000.3.124.1
python3-curses-3.6.15-150000.3.124.1
python3-dbm-3.6.15-150000.3.124.1
python3-devel-3.6.15-150000.3.124.1
python3-idle-3.6.15-150000.3.124.1
python3-tk-3.6.15-150000.3.124.1
python3-tools-3.6.15-150000.3.124.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libpython3_6m1_0-3.6.15-150000.3.124.1
python3-3.6.15-150000.3.124.1
python3-base-3.6.15-150000.3.124.1
python3-curses-3.6.15-150000.3.124.1
python3-dbm-3.6.15-150000.3.124.1
python3-devel-3.6.15-150000.3.124.1
python3-idle-3.6.15-150000.3.124.1
python3-testsuite-3.6.15-150000.3.124.1
python3-tk-3.6.15-150000.3.124.1
python3-tools-3.6.15-150000.3.124.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libpython3_6m1_0-3.6.15-150000.3.124.1
python3-3.6.15-150000.3.124.1
python3-base-3.6.15-150000.3.124.1
python3-curses-3.6.15-150000.3.124.1
python3-dbm-3.6.15-150000.3.124.1
python3-devel-3.6.15-150000.3.124.1
python3-idle-3.6.15-150000.3.124.1
python3-tk-3.6.15-150000.3.124.1
python3-tools-3.6.15-150000.3.124.1
SUSE Linux Enterprise Micro 5.1
libpython3_6m1_0-3.6.15-150000.3.124.1
python3-3.6.15-150000.3.124.1
python3-base-3.6.15-150000.3.124.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libpython3_6m1_0-3.6.15-150000.3.124.1
python3-3.6.15-150000.3.124.1
python3-base-3.6.15-150000.3.124.1
python3-curses-3.6.15-150000.3.124.1
python3-dbm-3.6.15-150000.3.124.1
python3-devel-3.6.15-150000.3.124.1
python3-idle-3.6.15-150000.3.124.1
python3-testsuite-3.6.15-150000.3.124.1
python3-tk-3.6.15-150000.3.124.1
python3-tools-3.6.15-150000.3.124.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libpython3_6m1_0-3.6.15-150000.3.124.1
python3-3.6.15-150000.3.124.1
python3-base-3.6.15-150000.3.124.1
python3-curses-3.6.15-150000.3.124.1
python3-dbm-3.6.15-150000.3.124.1
python3-devel-3.6.15-150000.3.124.1
python3-idle-3.6.15-150000.3.124.1
python3-tk-3.6.15-150000.3.124.1
python3-tools-3.6.15-150000.3.124.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libpython3_6m1_0-3.6.15-150000.3.124.1
python3-3.6.15-150000.3.124.1
python3-base-3.6.15-150000.3.124.1
python3-curses-3.6.15-150000.3.124.1
python3-dbm-3.6.15-150000.3.124.1
python3-devel-3.6.15-150000.3.124.1
python3-idle-3.6.15-150000.3.124.1
python3-testsuite-3.6.15-150000.3.124.1
python3-tk-3.6.15-150000.3.124.1
python3-tools-3.6.15-150000.3.124.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libpython3_6m1_0-3.6.15-150000.3.124.1
python3-3.6.15-150000.3.124.1
python3-base-3.6.15-150000.3.124.1
python3-curses-3.6.15-150000.3.124.1
python3-dbm-3.6.15-150000.3.124.1
python3-devel-3.6.15-150000.3.124.1
python3-idle-3.6.15-150000.3.124.1
python3-tk-3.6.15-150000.3.124.1
python3-tools-3.6.15-150000.3.124.1
Ссылки
- Link for SUSE-SU-2023:0736-1
- E-Mail link for SUSE-SU-2023:0736-1
- SUSE Security Ratings
- SUSE Bug 1188607
- SUSE Bug 1208443
- SUSE Bug 1208471
- SUSE CVE CVE-2023-24329 page
Описание
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
Затронутые продукты
SUSE Enterprise Storage 7:libpython3_6m1_0-3.6.15-150000.3.124.1
SUSE Enterprise Storage 7:python3-3.6.15-150000.3.124.1
SUSE Enterprise Storage 7:python3-base-3.6.15-150000.3.124.1
SUSE Enterprise Storage 7:python3-curses-3.6.15-150000.3.124.1
Ссылки
- CVE-2023-24329
- SUSE Bug 1208471
- SUSE Bug 1213553
- SUSE Bug 1213554
- SUSE Bug 1213839
- SUSE Bug 1225672