SUSE-SU-2023:4048-1

Опубликовано: 11 окт. 2023

Источник: suse-cvrf

Описание

Security update for python-reportlab

This update for python-reportlab fixes the following issues:

CVE-2019-19450: Fixed an issue which allowed remote code execution via start_unichar in paraparser.py evaluating untrusted user input. (bsc#1215560)

Список пакетов

SUSE Linux Enterprise Workstation Extension 12 SP5

python-reportlab-2.7-3.16.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234048-1/
Link for SUSE-SU-2023:4048-1
https://lists.suse.com/pipermail/sle-security-updates/2023-October/016630.html
E-Mail link for SUSE-SU-2023:4048-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1215560
SUSE Bug 1215560
https://www.suse.com/security/cve/CVE-2019-19450/
SUSE CVE CVE-2019-19450 page

Описание

paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.

Затронутые продукты

SUSE Linux Enterprise Workstation Extension 12 SP5:python-reportlab-2.7-3.16.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-19450.html
CVE-2019-19450
https://bugzilla.suse.com/1215560
SUSE Bug 1215560

SUSE-SU-2023:4048-1

Описание

Список пакетов

SUSE Linux Enterprise Workstation Extension 12 SP5

Ссылки

Уязвимость: CVE-2019-19450

Описание

Затронутые продукты

Ссылки