Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:1009-1

Опубликовано: 27 мар. 2024
Источник: suse-cvrf

Описание

Security update for python39

This update for python39 fixes the following issues:

  • CVE-2023-52425: Fixed denial of service (resource consumption) caused by processing large tokens in expat (bsc#1219559).
  • CVE-2023-6597: Fixed symlink race condition in tempfile.TemporaryDirectory (bsc#1219666).
  • CVE-2024-0450: Fixed 'quoted-overlap' in zipfile module (bsc#1221854).

The following non-security bugs were fixed:

  • Use the system-wide crypto-policies (bsc#1211301).

Список пакетов

Container containers/python:3.9
libpython3_9-1_0-3.9.19-150300.4.41.2
python39-3.9.19-150300.4.41.1
python39-base-3.9.19-150300.4.41.2
python39-devel-3.9.19-150300.4.41.2
Image python_15_6
libpython3_9-1_0-3.9.19-150300.4.41.2
python39-3.9.19-150300.4.41.1
python39-base-3.9.19-150300.4.41.2
python39-devel-3.9.19-150300.4.41.2
SUSE Enterprise Storage 7.1
libpython3_9-1_0-3.9.19-150300.4.41.2
python39-3.9.19-150300.4.41.1
python39-base-3.9.19-150300.4.41.2
python39-curses-3.9.19-150300.4.41.1
python39-dbm-3.9.19-150300.4.41.1
python39-devel-3.9.19-150300.4.41.2
python39-idle-3.9.19-150300.4.41.1
python39-tk-3.9.19-150300.4.41.1
python39-tools-3.9.19-150300.4.41.2
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libpython3_9-1_0-3.9.19-150300.4.41.2
python39-3.9.19-150300.4.41.1
python39-base-3.9.19-150300.4.41.2
python39-curses-3.9.19-150300.4.41.1
python39-dbm-3.9.19-150300.4.41.1
python39-devel-3.9.19-150300.4.41.2
python39-idle-3.9.19-150300.4.41.1
python39-tk-3.9.19-150300.4.41.1
python39-tools-3.9.19-150300.4.41.2
SUSE Linux Enterprise Server 15 SP3-LTSS
libpython3_9-1_0-3.9.19-150300.4.41.2
python39-3.9.19-150300.4.41.1
python39-base-3.9.19-150300.4.41.2
python39-curses-3.9.19-150300.4.41.1
python39-dbm-3.9.19-150300.4.41.1
python39-devel-3.9.19-150300.4.41.2
python39-idle-3.9.19-150300.4.41.1
python39-tk-3.9.19-150300.4.41.1
python39-tools-3.9.19-150300.4.41.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libpython3_9-1_0-3.9.19-150300.4.41.2
python39-3.9.19-150300.4.41.1
python39-base-3.9.19-150300.4.41.2
python39-curses-3.9.19-150300.4.41.1
python39-dbm-3.9.19-150300.4.41.1
python39-devel-3.9.19-150300.4.41.2
python39-idle-3.9.19-150300.4.41.1
python39-tk-3.9.19-150300.4.41.1
python39-tools-3.9.19-150300.4.41.2
openSUSE Leap 15.5
libpython3_9-1_0-3.9.19-150300.4.41.2
libpython3_9-1_0-32bit-3.9.19-150300.4.41.2
python39-3.9.19-150300.4.41.1
python39-32bit-3.9.19-150300.4.41.1
python39-base-3.9.19-150300.4.41.2
python39-base-32bit-3.9.19-150300.4.41.2
python39-curses-3.9.19-150300.4.41.1
python39-dbm-3.9.19-150300.4.41.1
python39-devel-3.9.19-150300.4.41.2
python39-doc-3.9.19-150300.4.41.1
python39-doc-devhelp-3.9.19-150300.4.41.1
python39-idle-3.9.19-150300.4.41.1
python39-testsuite-3.9.19-150300.4.41.2
python39-tk-3.9.19-150300.4.41.1
python39-tools-3.9.19-150300.4.41.2

Ссылки

Описание

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

Затронутые продукты
Container containers/python:3.9:libpython3_9-1_0-3.9.19-150300.4.41.2
Container containers/python:3.9:python39-3.9.19-150300.4.41.1
Container containers/python:3.9:python39-base-3.9.19-150300.4.41.2
Container containers/python:3.9:python39-devel-3.9.19-150300.4.41.2
Ссылки

Описание

An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Затронутые продукты
Container containers/python:3.9:libpython3_9-1_0-3.9.19-150300.4.41.2
Container containers/python:3.9:python39-3.9.19-150300.4.41.1
Container containers/python:3.9:python39-base-3.9.19-150300.4.41.2
Container containers/python:3.9:python39-devel-3.9.19-150300.4.41.2
Ссылки

Описание

An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Затронутые продукты
Container containers/python:3.9:libpython3_9-1_0-3.9.19-150300.4.41.2
Container containers/python:3.9:python39-3.9.19-150300.4.41.1
Container containers/python:3.9:python39-base-3.9.19-150300.4.41.2
Container containers/python:3.9:python39-devel-3.9.19-150300.4.41.2
Ссылки
Уязвимость SUSE-SU-2024:1009-1