Описание
Security update for python-PyJWT
This update for python-PyJWT fixes the following issues:
-
CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756).
-
Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
-
Update to 2.4.0 (bsc#1199756)
- Explicit check the key for ECAlgorithm
- Don't use implicit optionals
- documentation fix: show correct scope
- fix: Update copyright information
- Don't mutate options dictionary in .decode_complete()
- Add support for Python 3.10
- api_jwk: Add PyJWKSet.getitem
- Update usage.rst
- Docs: mention performance reasons for reusing RSAPrivateKey when encoding
- Fixed typo in usage.rst
- Add detached payload support for JWS encoding and decoding
- Replace various string interpolations with f-strings by
Список пакетов
Container ses/7.1/cephcsi/cephcsi:latest
python3-PyJWT-2.4.0-150200.3.6.2
Container ses/7.1/rook/ceph:latest
python3-PyJWT-2.4.0-150200.3.6.2
Container suse/manager/5.0/x86_64/server:latest
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP2-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP2-HPC-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP2-SAP-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP2-SAP-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP2-SAP-BYOS-EC2-HVM
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP2-SAP-EC2-HVM
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-BYOS-EC2-HVM
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-CHOST-BYOS-Aliyun
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-CHOST-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-CHOST-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-HPC-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-HPC-BYOS-EC2-HVM
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-SAP-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-SAP-BYOS-EC2-HVM
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-SAPCAL-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP3-SAPCAL-EC2-HVM
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Azure-Basic
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Azure-Standard
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-CHOST-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-CHOST-BYOS-Aliyun
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-CHOST-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-CHOST-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-EC2-ECS-HVM
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-HPC
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-HPC-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-HPC-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-HPC-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-HPC-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-HPC-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Hardened-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Hardened-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Server-4-3
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Server-4-3-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAP
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAP-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAP-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAP-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAP-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAP-Hardened
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAP-Hardened-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAP-Hardened-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAP-Hardened-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAPCAL
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAPCAL-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SAPCAL-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Azure-3P
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Azure-Basic
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Azure-Standard
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-CHOST-BYOS-Aliyun
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-CHOST-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-CHOST-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-CHOST-BYOS-GDC
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-EC2-ECS-HVM
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-HPC-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-HPC-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-HPC-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-HPC-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Hardened-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Hardened-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Manager-Server-5-0
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Manager-Server-5-0-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Micro-5-5
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Micro-5-5-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Micro-5-5-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Micro-5-5-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Micro-5-5-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-Micro-5-5-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-SAP-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-SAP-Azure-3P
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-SAP-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-SAP-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-SAP-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-SAP-Hardened-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-SAP-Hardened-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-SAPCAL-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP5-SAPCAL-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-Azure-Basic
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-Azure-Standard
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-CHOST-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-CHOST-BYOS-Aliyun
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-CHOST-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-CHOST-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-CHOST-BYOS-GDC
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-EC2-ECS-HVM
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-HPC
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-HPC-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-HPC-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-HPC-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-HPC-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-HPC-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-Hardened-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-Hardened-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAP
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAP-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAP-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAP-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAP-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAP-Hardened
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAP-Hardened-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAP-Hardened-BYOS
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAP-Hardened-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAPCAL
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAPCAL-Azure
python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP6-SAPCAL-EC2
python3-PyJWT-2.4.0-150200.3.6.2
Image server-image
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Enterprise Storage 7
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Enterprise Storage 7.1
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise Module for Basesystem 15 SP4
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise Real Time 15 SP3
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise Server 15 SP2-LTSS
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise Server 15 SP3-LTSS
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Manager Proxy 4.2
python3-PyJWT-2.4.0-150200.3.6.2
SUSE Manager Server 4.2
python3-PyJWT-2.4.0-150200.3.6.2
openSUSE Leap 15.4
python3-PyJWT-2.4.0-150200.3.6.2
Ссылки
- Link for SUSE-SU-2023:0794-1
- E-Mail link for SUSE-SU-2023:0794-1
- SUSE Security Ratings
- SUSE Bug 1176785
- SUSE Bug 1199282
- SUSE Bug 1199756
- SUSE CVE CVE-2022-29217 page
Описание
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.
Затронутые продукты
Container ses/7.1/cephcsi/cephcsi:latest:python3-PyJWT-2.4.0-150200.3.6.2
Container ses/7.1/rook/ceph:latest:python3-PyJWT-2.4.0-150200.3.6.2
Container suse/manager/5.0/x86_64/server:latest:python3-PyJWT-2.4.0-150200.3.6.2
Image SLES15-SP2-BYOS-Azure:python3-PyJWT-2.4.0-150200.3.6.2
Ссылки
- CVE-2022-29217
- SUSE Bug 1199756
- SUSE Bug 1223417
- SUSE Bug 1226138