Описание
Security update for python
This update for python fixes the following issues:
- CVE-2022-48566: Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. (bsc#1214691)
- CVE-2022-48565: Fixed an XXE in the plistlib module. (bsc#1214685)
Список пакетов
Image SLES12-SP5-Azure-BYOS
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-Azure-Basic-On-Demand
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-Azure-HPC-BYOS
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-Azure-HPC-On-Demand
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-Azure-SAP-BYOS
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-Azure-SAP-On-Demand
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-Azure-Standard-On-Demand
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-EC2-BYOS
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-EC2-ECS-On-Demand
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-EC2-On-Demand
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-EC2-SAP-BYOS
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-EC2-SAP-On-Demand
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-GCE-BYOS
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-GCE-On-Demand
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-GCE-SAP-BYOS
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-GCE-SAP-On-Demand
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.18-33.26.1
python-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
SUSE Linux Enterprise Server 12 SP5
libpython2_7-1_0-2.7.18-33.26.1
libpython2_7-1_0-32bit-2.7.18-33.26.1
python-2.7.18-33.26.1
python-32bit-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-base-32bit-2.7.18-33.26.1
python-curses-2.7.18-33.26.1
python-demo-2.7.18-33.26.1
python-devel-2.7.18-33.26.1
python-doc-2.7.18-33.26.1
python-doc-pdf-2.7.18-33.26.1
python-gdbm-2.7.18-33.26.1
python-idle-2.7.18-33.26.1
python-tk-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython2_7-1_0-2.7.18-33.26.1
libpython2_7-1_0-32bit-2.7.18-33.26.1
python-2.7.18-33.26.1
python-32bit-2.7.18-33.26.1
python-base-2.7.18-33.26.1
python-base-32bit-2.7.18-33.26.1
python-curses-2.7.18-33.26.1
python-demo-2.7.18-33.26.1
python-devel-2.7.18-33.26.1
python-doc-2.7.18-33.26.1
python-doc-pdf-2.7.18-33.26.1
python-gdbm-2.7.18-33.26.1
python-idle-2.7.18-33.26.1
python-tk-2.7.18-33.26.1
python-xml-2.7.18-33.26.1
SUSE Linux Enterprise Workstation Extension 12 SP5
python-devel-2.7.18-33.26.1
Ссылки
- Link for SUSE-SU-2023:4001-1
- E-Mail link for SUSE-SU-2023:4001-1
- SUSE Security Ratings
- SUSE Bug 1214685
- SUSE Bug 1214691
- SUSE CVE CVE-2022-48565 page
- SUSE CVE CVE-2022-48566 page
Описание
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython2_7-1_0-2.7.18-33.26.1
Image SLES12-SP5-Azure-BYOS:python-2.7.18-33.26.1
Image SLES12-SP5-Azure-BYOS:python-base-2.7.18-33.26.1
Image SLES12-SP5-Azure-BYOS:python-xml-2.7.18-33.26.1
Ссылки
- CVE-2022-48565
- SUSE Bug 1214685
- SUSE Bug 1221186
Описание
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython2_7-1_0-2.7.18-33.26.1
Image SLES12-SP5-Azure-BYOS:python-2.7.18-33.26.1
Image SLES12-SP5-Azure-BYOS:python-base-2.7.18-33.26.1
Image SLES12-SP5-Azure-BYOS:python-xml-2.7.18-33.26.1
Ссылки
- CVE-2022-48566
- SUSE Bug 1214691