Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:3972-1

Опубликовано: 04 окт. 2023
Источник: suse-cvrf

Описание

Security update for python-reportlab

This update for python-reportlab fixes the following issues:

  • CVE-2019-19450: Fixed an issue which allowed remote code execution via start_unichar in paraparser.py evaluating untrusted user input. (bsc#1215560)

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP4
python3-reportlab-3.4.0-150000.3.12.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
python3-reportlab-3.4.0-150000.3.12.1
openSUSE Leap 15.4
python3-reportlab-3.4.0-150000.3.12.1
openSUSE Leap 15.5
python3-reportlab-3.4.0-150000.3.12.1

Ссылки

Описание

paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP4:python3-reportlab-3.4.0-150000.3.12.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:python3-reportlab-3.4.0-150000.3.12.1
openSUSE Leap 15.4:python3-reportlab-3.4.0-150000.3.12.1
openSUSE Leap 15.5:python3-reportlab-3.4.0-150000.3.12.1
Ссылки