SUSE-SU-2023:2641-1

Опубликовано: 26 июн. 2023

Источник: suse-cvrf

Описание

Security update for python39

This update for python39 fixes the following issues:

CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).

Список пакетов

Container containers/python:3.9

libpython3_9-1_0-3.9.16-150300.4.27.1

python39-3.9.16-150300.4.27.1

python39-base-3.9.16-150300.4.27.1

python39-devel-3.9.16-150300.4.27.1

Image python_15_6

libpython3_9-1_0-3.9.16-150300.4.27.1

python39-3.9.16-150300.4.27.1

python39-base-3.9.16-150300.4.27.1

python39-devel-3.9.16-150300.4.27.1

SUSE Linux Enterprise Real Time 15 SP3

libpython3_9-1_0-3.9.16-150300.4.27.1

python39-3.9.16-150300.4.27.1

python39-base-3.9.16-150300.4.27.1

python39-curses-3.9.16-150300.4.27.1

python39-dbm-3.9.16-150300.4.27.1

python39-devel-3.9.16-150300.4.27.1

python39-idle-3.9.16-150300.4.27.1

python39-tk-3.9.16-150300.4.27.1

python39-tools-3.9.16-150300.4.27.1

openSUSE Leap 15.4

libpython3_9-1_0-3.9.16-150300.4.27.1

libpython3_9-1_0-32bit-3.9.16-150300.4.27.1

python39-3.9.16-150300.4.27.1

python39-32bit-3.9.16-150300.4.27.1

python39-base-3.9.16-150300.4.27.1

python39-base-32bit-3.9.16-150300.4.27.1

python39-curses-3.9.16-150300.4.27.1

python39-dbm-3.9.16-150300.4.27.1

python39-devel-3.9.16-150300.4.27.1

python39-doc-3.9.16-150300.4.27.1

python39-doc-devhelp-3.9.16-150300.4.27.1

python39-idle-3.9.16-150300.4.27.1

python39-testsuite-3.9.16-150300.4.27.1

python39-tk-3.9.16-150300.4.27.1

python39-tools-3.9.16-150300.4.27.1

openSUSE Leap 15.5

libpython3_9-1_0-3.9.16-150300.4.27.1

libpython3_9-1_0-32bit-3.9.16-150300.4.27.1

python39-3.9.16-150300.4.27.1

python39-32bit-3.9.16-150300.4.27.1

python39-base-3.9.16-150300.4.27.1

python39-base-32bit-3.9.16-150300.4.27.1

python39-curses-3.9.16-150300.4.27.1

python39-dbm-3.9.16-150300.4.27.1

python39-devel-3.9.16-150300.4.27.1

python39-doc-3.9.16-150300.4.27.1

python39-doc-devhelp-3.9.16-150300.4.27.1

python39-idle-3.9.16-150300.4.27.1

python39-testsuite-3.9.16-150300.4.27.1

python39-tk-3.9.16-150300.4.27.1

python39-tools-3.9.16-150300.4.27.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232641-1/
Link for SUSE-SU-2023:2641-1
https://lists.suse.com/pipermail/sle-security-updates/2024-February/018022.html
E-Mail link for SUSE-SU-2023:2641-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1203750
SUSE Bug 1203750
https://bugzilla.suse.com/1211158
SUSE Bug 1211158
https://www.suse.com/security/cve/CVE-2007-4559/
SUSE CVE CVE-2007-4559 page

Описание

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Затронутые продукты

Container containers/python:3.9:libpython3_9-1_0-3.9.16-150300.4.27.1

Container containers/python:3.9:python39-3.9.16-150300.4.27.1

Container containers/python:3.9:python39-base-3.9.16-150300.4.27.1

Container containers/python:3.9:python39-devel-3.9.16-150300.4.27.1

Ссылки

https://www.suse.com/security/cve/CVE-2007-4559.html
CVE-2007-4559
https://bugzilla.suse.com/1203750
SUSE Bug 1203750
https://bugzilla.suse.com/1204077
SUSE Bug 1204077

SUSE-SU-2023:2641-1

Описание

Список пакетов

Container containers/python:3.9

Image python_15_6

SUSE Linux Enterprise Real Time 15 SP3

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2007-4559

Описание

Затронутые продукты

Ссылки