SUSE-SU-2023:2463-1

Опубликовано: 08 июн. 2023

Источник: suse-cvrf

Описание

Security update for python310

This update for python310 fixes the following issues:

CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).

Список пакетов

Container bci/python:3

libpython3_10-1_0-3.10.11-150400.4.25.1

python310-3.10.11-150400.4.25.1

python310-base-3.10.11-150400.4.25.1

python310-devel-3.10.11-150400.4.25.1

SUSE Linux Enterprise Module for Python 3 15 SP4

libpython3_10-1_0-3.10.11-150400.4.25.1

python310-3.10.11-150400.4.25.1

python310-base-3.10.11-150400.4.25.1

python310-curses-3.10.11-150400.4.25.1

python310-dbm-3.10.11-150400.4.25.1

python310-devel-3.10.11-150400.4.25.1

python310-idle-3.10.11-150400.4.25.1

python310-tk-3.10.11-150400.4.25.1

python310-tools-3.10.11-150400.4.25.1

openSUSE Leap 15.4

libpython3_10-1_0-3.10.11-150400.4.25.1

libpython3_10-1_0-32bit-3.10.11-150400.4.25.1

python310-3.10.11-150400.4.25.1

python310-32bit-3.10.11-150400.4.25.1

python310-base-3.10.11-150400.4.25.1

python310-base-32bit-3.10.11-150400.4.25.1

python310-curses-3.10.11-150400.4.25.1

python310-dbm-3.10.11-150400.4.25.1

python310-devel-3.10.11-150400.4.25.1

python310-doc-3.10.11-150400.4.25.1

python310-doc-devhelp-3.10.11-150400.4.25.1

python310-idle-3.10.11-150400.4.25.1

python310-testsuite-3.10.11-150400.4.25.1

python310-tk-3.10.11-150400.4.25.1

python310-tools-3.10.11-150400.4.25.1

openSUSE Leap 15.5

libpython3_10-1_0-3.10.11-150400.4.25.1

libpython3_10-1_0-32bit-3.10.11-150400.4.25.1

python310-3.10.11-150400.4.25.1

python310-32bit-3.10.11-150400.4.25.1

python310-base-3.10.11-150400.4.25.1

python310-base-32bit-3.10.11-150400.4.25.1

python310-curses-3.10.11-150400.4.25.1

python310-dbm-3.10.11-150400.4.25.1

python310-devel-3.10.11-150400.4.25.1

python310-doc-3.10.11-150400.4.25.1

python310-doc-devhelp-3.10.11-150400.4.25.1

python310-idle-3.10.11-150400.4.25.1

python310-testsuite-3.10.11-150400.4.25.1

python310-tk-3.10.11-150400.4.25.1

python310-tools-3.10.11-150400.4.25.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232463-1/
Link for SUSE-SU-2023:2463-1
https://lists.suse.com/pipermail/sle-updates/2023-June/029776.html
E-Mail link for SUSE-SU-2023:2463-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1203750
SUSE Bug 1203750
https://www.suse.com/security/cve/CVE-2007-4559/
SUSE CVE CVE-2007-4559 page

Описание

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Затронутые продукты

Container bci/python:3:libpython3_10-1_0-3.10.11-150400.4.25.1

Container bci/python:3:python310-3.10.11-150400.4.25.1

Container bci/python:3:python310-base-3.10.11-150400.4.25.1

Container bci/python:3:python310-devel-3.10.11-150400.4.25.1

Ссылки

https://www.suse.com/security/cve/CVE-2007-4559.html
CVE-2007-4559
https://bugzilla.suse.com/1203750
SUSE Bug 1203750
https://bugzilla.suse.com/1204077
SUSE Bug 1204077

SUSE-SU-2023:2463-1

Описание

Список пакетов

Container bci/python:3

SUSE Linux Enterprise Module for Python 3 15 SP4

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2007-4559

Описание

Затронутые продукты

Ссылки