Описание
Security update for python-sqlparse
This update for python-sqlparse fixes the following issues:
- CVE-2023-30608: Fixed a Regular Expression Denial of Service (ReDOS) vulnerability (bsc#1210617).
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP4
python2-sqlparse-0.2.4-150100.6.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
python2-sqlparse-0.2.4-150100.6.3.1
Ссылки
- Link for SUSE-SU-2023:2462-1
- E-Mail link for SUSE-SU-2023:2462-1
- SUSE Security Ratings
- SUSE Bug 1210617
- SUSE CVE CVE-2023-30608 page
Описание
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP4:python2-sqlparse-0.2.4-150100.6.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:python2-sqlparse-0.2.4-150100.6.3.1
Ссылки
- CVE-2023-30608
- SUSE Bug 1210617
- SUSE Bug 1227303