SUSE-SU-2024:0329-2

Опубликовано: 05 мар. 2024

Источник: suse-cvrf

Описание

Security update for python

This update for python fixes the following issues:

CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).

Список пакетов

Image SLES15-SP2-SAP-Azure

libpython2_7-1_0-2.7.18-150000.60.1

python-base-2.7.18-150000.60.1

python-xml-2.7.18-150000.60.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libpython2_7-1_0-2.7.18-150000.60.1

python-base-2.7.18-150000.60.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libpython2_7-1_0-2.7.18-150000.60.1

python-base-2.7.18-150000.60.1

Image SLES15-SP2-SAP-BYOS-Azure

libpython2_7-1_0-2.7.18-150000.60.1

python-base-2.7.18-150000.60.1

python-xml-2.7.18-150000.60.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libpython2_7-1_0-2.7.18-150000.60.1

python-base-2.7.18-150000.60.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libpython2_7-1_0-2.7.18-150000.60.1

python-base-2.7.18-150000.60.1

Image SLES15-SP3-SAPCAL-Azure

libpython2_7-1_0-2.7.18-150000.60.1

python-2.7.18-150000.60.1

python-base-2.7.18-150000.60.1

python-xml-2.7.18-150000.60.1

Image SLES15-SP3-SAPCAL-EC2-HVM

libpython2_7-1_0-2.7.18-150000.60.1

python-2.7.18-150000.60.1

python-base-2.7.18-150000.60.1

python-xml-2.7.18-150000.60.1

Image SLES15-SP3-SAPCAL-GCE

libpython2_7-1_0-2.7.18-150000.60.1

python-2.7.18-150000.60.1

python-base-2.7.18-150000.60.1

python-xml-2.7.18-150000.60.1

SUSE Linux Enterprise Module for Package Hub 15 SP4

libpython2_7-1_0-2.7.18-150000.60.1

python-2.7.18-150000.60.1

python-base-2.7.18-150000.60.1

python-curses-2.7.18-150000.60.1

python-devel-2.7.18-150000.60.1

python-gdbm-2.7.18-150000.60.1

python-tk-2.7.18-150000.60.1

python-xml-2.7.18-150000.60.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240329-2/
Link for SUSE-SU-2024:0329-2
https://lists.suse.com/pipermail/sle-security-updates/2024-March/018099.html
E-Mail link for SUSE-SU-2024:0329-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1210638
SUSE Bug 1210638
https://www.suse.com/security/cve/CVE-2023-27043/
SUSE CVE CVE-2023-27043 page

Описание

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

Затронутые продукты

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.60.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.60.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.60.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.60.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-27043.html
CVE-2023-27043
https://bugzilla.suse.com/1210638
SUSE Bug 1210638
https://bugzilla.suse.com/1222537
SUSE Bug 1222537

SUSE-SU-2024:0329-2

Описание

Список пакетов

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAPCAL-Azure

Image SLES15-SP3-SAPCAL-EC2-HVM

Image SLES15-SP3-SAPCAL-GCE

SUSE Linux Enterprise Module for Package Hub 15 SP4

Ссылки

Уязвимость: CVE-2023-27043

Описание

Затронутые продукты

Ссылки