Описание
Security update for python311
This update for python311 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2023-27043: Fixed incorrect e-mqil parsing (bsc#1210638).
- CVE-2022-25236: Fixed an expat vulnerability by supporting expat >= 2.4.4 (bsc#1212015).
Список пакетов
Container bci/python:latest
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
python311-devel-3.11.8-150400.9.23.1
Image SLES15-SP4-BYOS-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-BYOS-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-HPC-BYOS
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-HPC-BYOS-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-HPC-BYOS-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-HPC-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-Hardened-BYOS-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-Hardened-BYOS-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-Manager-Server-4-3
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAP
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAP-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAP-BYOS-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAP-BYOS-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAP-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAP-Hardened
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAP-Hardened-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAP-Hardened-BYOS
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAPCAL
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAPCAL-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP4-SAPCAL-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-Azure-3P
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-Azure-Basic
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-Azure-Standard
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-BYOS-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-BYOS-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-HPC-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-HPC-BYOS-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-HPC-BYOS-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-Hardened-BYOS-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-Hardened-BYOS-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-Manager-Server-5-0
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-SAP-Azure-3P
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-SAP-BYOS-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-SAP-BYOS-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-SAP-Hardened-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-SAPCAL-Azure
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Image SLES15-SP5-SAPCAL-EC2
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4
libpython3_11-1_0-3.11.8-150400.9.23.1
python311-3.11.8-150400.9.23.1
python311-base-3.11.8-150400.9.23.1
Ссылки
- Link for SUSE-SU-2024:0782-2
- E-Mail link for SUSE-SU-2024:0782-2
- SUSE Security Ratings
- SUSE Bug 1196025
- SUSE Bug 1210638
- SUSE Bug 1219666
- SUSE CVE CVE-2022-25236 page
- SUSE CVE CVE-2023-27043 page
- SUSE CVE CVE-2023-6597 page
Описание
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
Затронутые продукты
Container bci/python:latest:libpython3_11-1_0-3.11.8-150400.9.23.1
Container bci/python:latest:python311-3.11.8-150400.9.23.1
Container bci/python:latest:python311-base-3.11.8-150400.9.23.1
Container bci/python:latest:python311-devel-3.11.8-150400.9.23.1
Ссылки
- CVE-2022-25236
- SUSE Bug 1196025
- SUSE Bug 1196784
- SUSE Bug 1197217
- SUSE Bug 1200038
- SUSE Bug 1201735
Описание
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Затронутые продукты
Container bci/python:latest:libpython3_11-1_0-3.11.8-150400.9.23.1
Container bci/python:latest:python311-3.11.8-150400.9.23.1
Container bci/python:latest:python311-base-3.11.8-150400.9.23.1
Container bci/python:latest:python311-devel-3.11.8-150400.9.23.1
Ссылки
- CVE-2023-27043
- SUSE Bug 1210638
- SUSE Bug 1222537
Описание
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Затронутые продукты
Container bci/python:latest:libpython3_11-1_0-3.11.8-150400.9.23.1
Container bci/python:latest:python311-3.11.8-150400.9.23.1
Container bci/python:latest:python311-base-3.11.8-150400.9.23.1
Container bci/python:latest:python311-devel-3.11.8-150400.9.23.1
Ссылки
- CVE-2023-6597
- SUSE Bug 1219666
- SUSE Bug 1221854
- SUSE Bug 1224879
- SUSE Bug 1225185