Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:1162-1

Опубликовано: 08 апр. 2024
Источник: suse-cvrf

Описание

Security update for python310

This update for python310 fixes the following issues:

  • CVE-2024-0450: Fixed 'quoted-overlap' in zipfile module is python310 (bsc#1221854)

  • CVE-2023-52425: Fixed denial of service caused by processing large tokens in expat module in python310 (bsc#1219559)

  • CVE-2023-6597: Fixed tempfile.TemporaryDirectory fails on removing dir in some edge cases related to symlinks in python310 (bsc#1219666)

    Other changes:

  • Revert %autopatch due to missing parameter support (bsc#1189495)

  • Extended crypto-policies support (bsc#1211301)

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libpython3_10-1_0-3.10.14-150400.4.45.1
python310-3.10.14-150400.4.45.1
python310-base-3.10.14-150400.4.45.1
python310-curses-3.10.14-150400.4.45.1
python310-dbm-3.10.14-150400.4.45.1
python310-devel-3.10.14-150400.4.45.1
python310-idle-3.10.14-150400.4.45.1
python310-tk-3.10.14-150400.4.45.1
python310-tools-3.10.14-150400.4.45.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libpython3_10-1_0-3.10.14-150400.4.45.1
python310-3.10.14-150400.4.45.1
python310-base-3.10.14-150400.4.45.1
python310-curses-3.10.14-150400.4.45.1
python310-dbm-3.10.14-150400.4.45.1
python310-devel-3.10.14-150400.4.45.1
python310-idle-3.10.14-150400.4.45.1
python310-tk-3.10.14-150400.4.45.1
python310-tools-3.10.14-150400.4.45.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libpython3_10-1_0-3.10.14-150400.4.45.1
python310-3.10.14-150400.4.45.1
python310-base-3.10.14-150400.4.45.1
python310-curses-3.10.14-150400.4.45.1
python310-dbm-3.10.14-150400.4.45.1
python310-devel-3.10.14-150400.4.45.1
python310-idle-3.10.14-150400.4.45.1
python310-tk-3.10.14-150400.4.45.1
python310-tools-3.10.14-150400.4.45.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libpython3_10-1_0-3.10.14-150400.4.45.1
python310-3.10.14-150400.4.45.1
python310-base-3.10.14-150400.4.45.1
python310-curses-3.10.14-150400.4.45.1
python310-dbm-3.10.14-150400.4.45.1
python310-devel-3.10.14-150400.4.45.1
python310-idle-3.10.14-150400.4.45.1
python310-tk-3.10.14-150400.4.45.1
python310-tools-3.10.14-150400.4.45.1
openSUSE Leap 15.5
libpython3_10-1_0-3.10.14-150400.4.45.1
libpython3_10-1_0-32bit-3.10.14-150400.4.45.1
python310-3.10.14-150400.4.45.1
python310-32bit-3.10.14-150400.4.45.1
python310-base-3.10.14-150400.4.45.1
python310-base-32bit-3.10.14-150400.4.45.1
python310-curses-3.10.14-150400.4.45.1
python310-dbm-3.10.14-150400.4.45.1
python310-devel-3.10.14-150400.4.45.1
python310-doc-3.10.14-150400.4.45.1
python310-doc-devhelp-3.10.14-150400.4.45.1
python310-idle-3.10.14-150400.4.45.1
python310-testsuite-3.10.14-150400.4.45.1
python310-tk-3.10.14-150400.4.45.1
python310-tools-3.10.14-150400.4.45.1

Ссылки

Описание

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpython3_10-1_0-3.10.14-150400.4.45.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-3.10.14-150400.4.45.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-base-3.10.14-150400.4.45.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-curses-3.10.14-150400.4.45.1
Ссылки

Описание

An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpython3_10-1_0-3.10.14-150400.4.45.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-3.10.14-150400.4.45.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-base-3.10.14-150400.4.45.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-curses-3.10.14-150400.4.45.1
Ссылки

Описание

An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpython3_10-1_0-3.10.14-150400.4.45.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-3.10.14-150400.4.45.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-base-3.10.14-150400.4.45.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-curses-3.10.14-150400.4.45.1
Ссылки
Уязвимость SUSE-SU-2024:1162-1