Описание
Security update for python3
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libpython3_6m1_0-3.6.15-150000.3.147.1
python3-3.6.15-150000.3.147.1
python3-base-3.6.15-150000.3.147.1
python3-curses-3.6.15-150000.3.147.1
python3-dbm-3.6.15-150000.3.147.1
python3-devel-3.6.15-150000.3.147.1
python3-idle-3.6.15-150000.3.147.1
python3-tk-3.6.15-150000.3.147.1
python3-tools-3.6.15-150000.3.147.1
SUSE Linux Enterprise Micro 5.1
libpython3_6m1_0-3.6.15-150000.3.147.1
python3-3.6.15-150000.3.147.1
python3-base-3.6.15-150000.3.147.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libpython3_6m1_0-3.6.15-150000.3.147.1
python3-3.6.15-150000.3.147.1
python3-base-3.6.15-150000.3.147.1
python3-curses-3.6.15-150000.3.147.1
python3-dbm-3.6.15-150000.3.147.1
python3-devel-3.6.15-150000.3.147.1
python3-idle-3.6.15-150000.3.147.1
python3-tk-3.6.15-150000.3.147.1
python3-tools-3.6.15-150000.3.147.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libpython3_6m1_0-3.6.15-150000.3.147.1
python3-3.6.15-150000.3.147.1
python3-base-3.6.15-150000.3.147.1
python3-curses-3.6.15-150000.3.147.1
python3-dbm-3.6.15-150000.3.147.1
python3-devel-3.6.15-150000.3.147.1
python3-idle-3.6.15-150000.3.147.1
python3-tk-3.6.15-150000.3.147.1
python3-tools-3.6.15-150000.3.147.1
Ссылки
- Link for SUSE-SU-2024:1774-1
- E-Mail link for SUSE-SU-2024:1774-1
- SUSE Security Ratings
- SUSE Bug 1219559
- SUSE Bug 1220664
- SUSE Bug 1221563
- SUSE Bug 1221854
- SUSE Bug 1222075
- SUSE CVE CVE-2023-52425 page
- SUSE CVE CVE-2024-0450 page
Описание
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpython3_6m1_0-3.6.15-150000.3.147.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-3.6.15-150000.3.147.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-base-3.6.15-150000.3.147.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-curses-3.6.15-150000.3.147.1
Ссылки
- CVE-2023-52425
- SUSE Bug 1219559
Описание
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpython3_6m1_0-3.6.15-150000.3.147.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-3.6.15-150000.3.147.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-base-3.6.15-150000.3.147.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-curses-3.6.15-150000.3.147.1
Ссылки
- CVE-2024-0450
- SUSE Bug 1221854