SUSE-SU-2023:2937-1

Опубликовано: 21 июл. 2023

Источник: suse-cvrf

Описание

Security update for python311

This update for python311 fixes the following issues:

python was updated to version 3.11.4:

CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
CVE-2007-4559: Fixed python tarfile module directory traversal (bsc#1203750).
Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified.
Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler.

Bugfixes:

trace.main now uses io.open_code() for files to be executed instead of raw open().

Список пакетов

Container bci/python:latest

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

python311-devel-3.11.4-150400.9.15.3

Image SLES15-SP4-BYOS-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-BYOS-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-HPC-BYOS

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-HPC-BYOS-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-HPC-BYOS-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-HPC-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-Hardened-BYOS-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-Hardened-BYOS-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-Manager-Server-4-3

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAP

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAP-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAP-BYOS-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAP-BYOS-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAP-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAP-Hardened

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAP-Hardened-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAP-Hardened-BYOS

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAPCAL

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAPCAL-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP4-SAPCAL-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-Azure-3P

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-Azure-Basic

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-Azure-Standard

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-BYOS-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-BYOS-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-HPC-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-HPC-BYOS-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-HPC-BYOS-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-Hardened-BYOS-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-Hardened-BYOS-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-Manager-Server-5-0

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-Manager-Server-5-0-EC2-llc

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-Manager-Server-5-0-EC2-ltd

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-SAP-Azure-3P

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-SAP-BYOS-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-SAP-BYOS-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-SAP-Hardened-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-SAPCAL-Azure

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

Image SLES15-SP5-SAPCAL-EC2

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

SUSE Linux Enterprise Module for Python 3 15 SP4

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

python311-curses-3.11.4-150400.9.15.1

python311-dbm-3.11.4-150400.9.15.1

python311-devel-3.11.4-150400.9.15.3

python311-doc-3.11.4-150400.9.15.2

python311-doc-devhelp-3.11.4-150400.9.15.2

python311-idle-3.11.4-150400.9.15.1

python311-tk-3.11.4-150400.9.15.1

python311-tools-3.11.4-150400.9.15.3

SUSE Linux Enterprise Module for Python 3 15 SP5

libpython3_11-1_0-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

python311-curses-3.11.4-150400.9.15.1

python311-dbm-3.11.4-150400.9.15.1

python311-devel-3.11.4-150400.9.15.3

python311-doc-3.11.4-150400.9.15.2

python311-doc-devhelp-3.11.4-150400.9.15.2

python311-idle-3.11.4-150400.9.15.1

python311-tk-3.11.4-150400.9.15.1

python311-tools-3.11.4-150400.9.15.3

openSUSE Leap 15.4

libpython3_11-1_0-3.11.4-150400.9.15.3

libpython3_11-1_0-32bit-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-32bit-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

python311-base-32bit-3.11.4-150400.9.15.3

python311-curses-3.11.4-150400.9.15.1

python311-dbm-3.11.4-150400.9.15.1

python311-devel-3.11.4-150400.9.15.3

python311-doc-3.11.4-150400.9.15.2

python311-doc-devhelp-3.11.4-150400.9.15.2

python311-idle-3.11.4-150400.9.15.1

python311-testsuite-3.11.4-150400.9.15.3

python311-tk-3.11.4-150400.9.15.1

python311-tools-3.11.4-150400.9.15.3

openSUSE Leap 15.5

libpython3_11-1_0-3.11.4-150400.9.15.3

libpython3_11-1_0-32bit-3.11.4-150400.9.15.3

python311-3.11.4-150400.9.15.1

python311-32bit-3.11.4-150400.9.15.1

python311-base-3.11.4-150400.9.15.3

python311-base-32bit-3.11.4-150400.9.15.3

python311-curses-3.11.4-150400.9.15.1

python311-dbm-3.11.4-150400.9.15.1

python311-devel-3.11.4-150400.9.15.3

python311-doc-3.11.4-150400.9.15.2

python311-doc-devhelp-3.11.4-150400.9.15.2

python311-idle-3.11.4-150400.9.15.1

python311-testsuite-3.11.4-150400.9.15.3

python311-tk-3.11.4-150400.9.15.1

python311-tools-3.11.4-150400.9.15.3

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232937-1/
Link for SUSE-SU-2023:2937-1
https://lists.suse.com/pipermail/sle-security-updates/2024-February/018040.html
E-Mail link for SUSE-SU-2023:2937-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1203750
SUSE Bug 1203750
https://bugzilla.suse.com/1208471
SUSE Bug 1208471
https://www.suse.com/security/cve/CVE-2007-4559/
SUSE CVE CVE-2007-4559 page
https://www.suse.com/security/cve/CVE-2023-24329/
SUSE CVE CVE-2023-24329 page

Описание

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Затронутые продукты

Container bci/python:latest:libpython3_11-1_0-3.11.4-150400.9.15.3

Container bci/python:latest:python311-3.11.4-150400.9.15.1

Container bci/python:latest:python311-base-3.11.4-150400.9.15.3

Container bci/python:latest:python311-devel-3.11.4-150400.9.15.3

Ссылки

https://www.suse.com/security/cve/CVE-2007-4559.html
CVE-2007-4559
https://bugzilla.suse.com/1203750
SUSE Bug 1203750
https://bugzilla.suse.com/1204077
SUSE Bug 1204077

Описание

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Затронутые продукты

Container bci/python:latest:libpython3_11-1_0-3.11.4-150400.9.15.3

Container bci/python:latest:python311-3.11.4-150400.9.15.1

Container bci/python:latest:python311-base-3.11.4-150400.9.15.3

Container bci/python:latest:python311-devel-3.11.4-150400.9.15.3

Ссылки

https://www.suse.com/security/cve/CVE-2023-24329.html
CVE-2023-24329
https://bugzilla.suse.com/1208471
SUSE Bug 1208471
https://bugzilla.suse.com/1213553
SUSE Bug 1213553
https://bugzilla.suse.com/1213554
SUSE Bug 1213554
https://bugzilla.suse.com/1213839
SUSE Bug 1213839
https://bugzilla.suse.com/1225672
SUSE Bug 1225672

SUSE-SU-2023:2937-1

Описание

Список пакетов

Container bci/python:latest

Image SLES15-SP4-BYOS-Azure

Image SLES15-SP4-BYOS-EC2

Image SLES15-SP4-HPC-BYOS

Image SLES15-SP4-HPC-BYOS-Azure

Image SLES15-SP4-HPC-BYOS-EC2

Image SLES15-SP4-HPC-EC2

Image SLES15-SP4-Hardened-BYOS-Azure

Image SLES15-SP4-Hardened-BYOS-EC2

Image SLES15-SP4-Manager-Server-4-3

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

Image SLES15-SP4-SAP

Image SLES15-SP4-SAP-Azure

Image SLES15-SP4-SAP-BYOS-Azure

Image SLES15-SP4-SAP-BYOS-EC2

Image SLES15-SP4-SAP-EC2

Image SLES15-SP4-SAP-Hardened

Image SLES15-SP4-SAP-Hardened-Azure

Image SLES15-SP4-SAP-Hardened-BYOS

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

Image SLES15-SP4-SAPCAL

Image SLES15-SP4-SAPCAL-Azure

Image SLES15-SP4-SAPCAL-EC2

Image SLES15-SP5-Azure-3P

Image SLES15-SP5-Azure-Basic

Image SLES15-SP5-Azure-Standard

Image SLES15-SP5-BYOS-Azure

Image SLES15-SP5-BYOS-EC2

Image SLES15-SP5-EC2

Image SLES15-SP5-HPC-Azure

Image SLES15-SP5-HPC-BYOS-Azure

Image SLES15-SP5-HPC-BYOS-EC2

Image SLES15-SP5-Hardened-BYOS-Azure

Image SLES15-SP5-Hardened-BYOS-EC2

Image SLES15-SP5-Manager-Server-5-0

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

Image SLES15-SP5-Manager-Server-5-0-EC2-llc

Image SLES15-SP5-Manager-Server-5-0-EC2-ltd

Image SLES15-SP5-SAP-Azure-3P

Image SLES15-SP5-SAP-BYOS-Azure

Image SLES15-SP5-SAP-BYOS-EC2

Image SLES15-SP5-SAP-Hardened-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

Image SLES15-SP5-SAPCAL-Azure

Image SLES15-SP5-SAPCAL-EC2

SUSE Linux Enterprise Module for Python 3 15 SP4

SUSE Linux Enterprise Module for Python 3 15 SP5

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2007-4559

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-24329

Описание

Затронутые продукты

Ссылки