SUSE-SU-2023:3943-1

Опубликовано: 03 окт. 2023

Источник: suse-cvrf

Описание

Security update for python311

This update for python311 fixes the following issues:

Update to 3.11.5.

CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
CVE-2023-41105: Fixed input truncation on null bytes in os.path.normpath (bsc#1214693).

Список пакетов

Container bci/python:latest

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

python311-devel-3.11.5-150400.9.20.2

Image SLES15-SP4-BYOS-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-BYOS-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-HPC-BYOS

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-HPC-BYOS-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-HPC-BYOS-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-HPC-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-Hardened-BYOS-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-Hardened-BYOS-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-Manager-Server-4-3

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAP

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAP-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAP-BYOS-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAP-BYOS-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAP-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAP-Hardened

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAP-Hardened-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAP-Hardened-BYOS

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAPCAL

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAPCAL-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP4-SAPCAL-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-Azure-3P

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-Azure-Basic

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-Azure-Standard

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-BYOS-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-BYOS-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-HPC-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-HPC-BYOS-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-HPC-BYOS-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-Hardened-BYOS-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-Hardened-BYOS-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-Manager-Server-5-0

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-Manager-Server-5-0-EC2-llc

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-Manager-Server-5-0-EC2-ltd

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-SAP-Azure-3P

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-SAP-BYOS-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-SAP-BYOS-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-SAP-Hardened-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-SAPCAL-Azure

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

Image SLES15-SP5-SAPCAL-EC2

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

SUSE Linux Enterprise Module for Python 3 15 SP4

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

python311-curses-3.11.5-150400.9.20.1

python311-dbm-3.11.5-150400.9.20.1

python311-devel-3.11.5-150400.9.20.2

python311-doc-3.11.5-150400.9.20.2

python311-doc-devhelp-3.11.5-150400.9.20.2

python311-idle-3.11.5-150400.9.20.1

python311-tk-3.11.5-150400.9.20.1

python311-tools-3.11.5-150400.9.20.2

SUSE Linux Enterprise Module for Python 3 15 SP5

libpython3_11-1_0-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

python311-curses-3.11.5-150400.9.20.1

python311-dbm-3.11.5-150400.9.20.1

python311-devel-3.11.5-150400.9.20.2

python311-doc-3.11.5-150400.9.20.2

python311-doc-devhelp-3.11.5-150400.9.20.2

python311-idle-3.11.5-150400.9.20.1

python311-tk-3.11.5-150400.9.20.1

python311-tools-3.11.5-150400.9.20.2

openSUSE Leap 15.4

libpython3_11-1_0-3.11.5-150400.9.20.2

libpython3_11-1_0-32bit-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-32bit-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

python311-base-32bit-3.11.5-150400.9.20.2

python311-curses-3.11.5-150400.9.20.1

python311-dbm-3.11.5-150400.9.20.1

python311-devel-3.11.5-150400.9.20.2

python311-doc-3.11.5-150400.9.20.2

python311-doc-devhelp-3.11.5-150400.9.20.2

python311-idle-3.11.5-150400.9.20.1

python311-testsuite-3.11.5-150400.9.20.2

python311-tk-3.11.5-150400.9.20.1

python311-tools-3.11.5-150400.9.20.2

openSUSE Leap 15.5

libpython3_11-1_0-3.11.5-150400.9.20.2

libpython3_11-1_0-32bit-3.11.5-150400.9.20.2

python311-3.11.5-150400.9.20.1

python311-32bit-3.11.5-150400.9.20.1

python311-base-3.11.5-150400.9.20.2

python311-base-32bit-3.11.5-150400.9.20.2

python311-curses-3.11.5-150400.9.20.1

python311-dbm-3.11.5-150400.9.20.1

python311-devel-3.11.5-150400.9.20.2

python311-doc-3.11.5-150400.9.20.2

python311-doc-devhelp-3.11.5-150400.9.20.2

python311-idle-3.11.5-150400.9.20.1

python311-testsuite-3.11.5-150400.9.20.2

python311-tk-3.11.5-150400.9.20.1

python311-tools-3.11.5-150400.9.20.2

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233943-1/
Link for SUSE-SU-2023:3943-1
https://lists.suse.com/pipermail/sle-updates/2023-October/031897.html
E-Mail link for SUSE-SU-2023:3943-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1214692
SUSE Bug 1214692
https://bugzilla.suse.com/1214693
SUSE Bug 1214693
https://www.suse.com/security/cve/CVE-2023-40217/
SUSE CVE CVE-2023-40217 page
https://www.suse.com/security/cve/CVE-2023-41105/
SUSE CVE CVE-2023-41105 page

Описание

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

Затронутые продукты

Container bci/python:latest:libpython3_11-1_0-3.11.5-150400.9.20.2

Container bci/python:latest:python311-3.11.5-150400.9.20.1

Container bci/python:latest:python311-base-3.11.5-150400.9.20.2

Container bci/python:latest:python311-devel-3.11.5-150400.9.20.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-40217.html
CVE-2023-40217
https://bugzilla.suse.com/1214692
SUSE Bug 1214692
https://bugzilla.suse.com/1217524
SUSE Bug 1217524
https://bugzilla.suse.com/1218319
SUSE Bug 1218319
https://bugzilla.suse.com/1218476
SUSE Bug 1218476
https://bugzilla.suse.com/1218965
SUSE Bug 1218965
https://bugzilla.suse.com/1219472
SUSE Bug 1219472
https://bugzilla.suse.com/1219713
SUSE Bug 1219713
https://bugzilla.suse.com/1221582
SUSE Bug 1221582
https://bugzilla.suse.com/1224883
SUSE Bug 1224883

Описание

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

Затронутые продукты

Container bci/python:latest:libpython3_11-1_0-3.11.5-150400.9.20.2

Container bci/python:latest:python311-3.11.5-150400.9.20.1

Container bci/python:latest:python311-base-3.11.5-150400.9.20.2

Container bci/python:latest:python311-devel-3.11.5-150400.9.20.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-41105.html
CVE-2023-41105
https://bugzilla.suse.com/1214693
SUSE Bug 1214693

SUSE-SU-2023:3943-1

Описание

Список пакетов

Container bci/python:latest

Image SLES15-SP4-BYOS-Azure

Image SLES15-SP4-BYOS-EC2

Image SLES15-SP4-HPC-BYOS

Image SLES15-SP4-HPC-BYOS-Azure

Image SLES15-SP4-HPC-BYOS-EC2

Image SLES15-SP4-HPC-EC2

Image SLES15-SP4-Hardened-BYOS-Azure

Image SLES15-SP4-Hardened-BYOS-EC2

Image SLES15-SP4-Manager-Server-4-3

Image SLES15-SP4-Manager-Server-4-3-Azure-llc

Image SLES15-SP4-Manager-Server-4-3-Azure-ltd

Image SLES15-SP4-SAP

Image SLES15-SP4-SAP-Azure

Image SLES15-SP4-SAP-BYOS-Azure

Image SLES15-SP4-SAP-BYOS-EC2

Image SLES15-SP4-SAP-EC2

Image SLES15-SP4-SAP-Hardened

Image SLES15-SP4-SAP-Hardened-Azure

Image SLES15-SP4-SAP-Hardened-BYOS

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

Image SLES15-SP4-SAPCAL

Image SLES15-SP4-SAPCAL-Azure

Image SLES15-SP4-SAPCAL-EC2

Image SLES15-SP5-Azure-3P

Image SLES15-SP5-Azure-Basic

Image SLES15-SP5-Azure-Standard

Image SLES15-SP5-BYOS-Azure

Image SLES15-SP5-BYOS-EC2

Image SLES15-SP5-EC2

Image SLES15-SP5-HPC-Azure

Image SLES15-SP5-HPC-BYOS-Azure

Image SLES15-SP5-HPC-BYOS-EC2

Image SLES15-SP5-Hardened-BYOS-Azure

Image SLES15-SP5-Hardened-BYOS-EC2

Image SLES15-SP5-Manager-Server-5-0

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

Image SLES15-SP5-Manager-Server-5-0-EC2-llc

Image SLES15-SP5-Manager-Server-5-0-EC2-ltd

Image SLES15-SP5-SAP-Azure-3P

Image SLES15-SP5-SAP-BYOS-Azure

Image SLES15-SP5-SAP-BYOS-EC2

Image SLES15-SP5-SAP-Hardened-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

Image SLES15-SP5-SAPCAL-Azure

Image SLES15-SP5-SAPCAL-EC2

SUSE Linux Enterprise Module for Python 3 15 SP4

SUSE Linux Enterprise Module for Python 3 15 SP5

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-40217

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-41105

Описание

Затронутые продукты

Ссылки