Описание
Security update for python
This update for python fixes the following issues:
- CVE-2022-48566: Fixed a potential timing side channel due to inadequate checking during HMAC comparison (bsc#1214691).
Список пакетов
Image SLES15-SP2-SAP-Azure
libpython2_7-1_0-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
Image SLES15-SP2-SAP-BYOS-Azure
libpython2_7-1_0-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
libpython2_7-1_0-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
Image SLES15-SP2-SAP-BYOS-GCE
libpython2_7-1_0-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
Image SLES15-SP2-SAP-EC2-HVM
libpython2_7-1_0-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
Image SLES15-SP2-SAP-GCE
libpython2_7-1_0-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libpython2_7-1_0-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libpython2_7-1_0-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
Image SLES15-SP3-SAPCAL-Azure
libpython2_7-1_0-2.7.18-150000.57.1
python-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libpython2_7-1_0-2.7.18-150000.57.1
python-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
Image SLES15-SP3-SAPCAL-GCE
libpython2_7-1_0-2.7.18-150000.57.1
python-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
python-devel-2.7.18-150000.57.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
libpython2_7-1_0-2.7.18-150000.57.1
python-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-curses-2.7.18-150000.57.1
python-devel-2.7.18-150000.57.1
python-gdbm-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
SUSE Manager Proxy 4.2
libpython2_7-1_0-2.7.18-150000.57.1
python-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
SUSE Manager Server 4.2
libpython2_7-1_0-2.7.18-150000.57.1
python-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-curses-2.7.18-150000.57.1
python-devel-2.7.18-150000.57.1
python-gdbm-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
openSUSE Leap 15.4
libpython2_7-1_0-2.7.18-150000.57.1
libpython2_7-1_0-32bit-2.7.18-150000.57.1
python-2.7.18-150000.57.1
python-32bit-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-base-32bit-2.7.18-150000.57.1
python-curses-2.7.18-150000.57.1
python-demo-2.7.18-150000.57.1
python-devel-2.7.18-150000.57.1
python-doc-2.7.18-150000.57.1
python-doc-pdf-2.7.18-150000.57.1
python-gdbm-2.7.18-150000.57.1
python-idle-2.7.18-150000.57.1
python-tk-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
openSUSE Leap 15.5
libpython2_7-1_0-2.7.18-150000.57.1
libpython2_7-1_0-32bit-2.7.18-150000.57.1
python-2.7.18-150000.57.1
python-32bit-2.7.18-150000.57.1
python-base-2.7.18-150000.57.1
python-base-32bit-2.7.18-150000.57.1
python-curses-2.7.18-150000.57.1
python-demo-2.7.18-150000.57.1
python-devel-2.7.18-150000.57.1
python-doc-2.7.18-150000.57.1
python-doc-pdf-2.7.18-150000.57.1
python-gdbm-2.7.18-150000.57.1
python-idle-2.7.18-150000.57.1
python-tk-2.7.18-150000.57.1
python-xml-2.7.18-150000.57.1
Ссылки
- Link for SUSE-SU-2023:4220-1
- E-Mail link for SUSE-SU-2023:4220-1
- SUSE Security Ratings
- SUSE Bug 1210638
- SUSE Bug 1214685
- SUSE Bug 1214691
- SUSE CVE CVE-2022-48565 page
- SUSE CVE CVE-2022-48566 page
- SUSE CVE CVE-2023-27043 page
Описание
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.57.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.57.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.57.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.57.1
Ссылки
- CVE-2022-48565
- SUSE Bug 1214685
- SUSE Bug 1221186
Описание
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.57.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.57.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.57.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.57.1
Ссылки
- CVE-2022-48566
- SUSE Bug 1214691
Описание
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.57.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.57.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.57.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.57.1
Ссылки
- CVE-2023-27043
- SUSE Bug 1210638
- SUSE Bug 1222537