Описание
Security update for python-sqlparse
This update for python-sqlparse fixes the following issues:
- CVE-2023-30608: Fixed a Regular Expression Denial of Service (ReDOS) vulnerability (bsc#1210617).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP4
python3-sqlparse-0.4.2-150300.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
python3-sqlparse-0.4.2-150300.3.6.1
SUSE Linux Enterprise Real Time 15 SP3
python3-sqlparse-0.4.2-150300.3.6.1
openSUSE Leap 15.4
python3-sqlparse-0.4.2-150300.3.6.1
openSUSE Leap 15.5
python3-sqlparse-0.4.2-150300.3.6.1
Ссылки
- Link for SUSE-SU-2023:2619-1
- E-Mail link for SUSE-SU-2023:2619-1
- SUSE Security Ratings
- SUSE Bug 1210617
- SUSE CVE CVE-2023-30608 page
Описание
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP4:python3-sqlparse-0.4.2-150300.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-sqlparse-0.4.2-150300.3.6.1
SUSE Linux Enterprise Real Time 15 SP3:python3-sqlparse-0.4.2-150300.3.6.1
openSUSE Leap 15.4:python3-sqlparse-0.4.2-150300.3.6.1
Ссылки
- CVE-2023-30608
- SUSE Bug 1210617
- SUSE Bug 1227303