Описание
Security update for python3
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
Список пакетов
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libpython3_6m1_0-3.6.15-150000.3.147.1
python3-3.6.15-150000.3.147.1
python3-base-3.6.15-150000.3.147.1
python3-curses-3.6.15-150000.3.147.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libpython3_6m1_0-3.6.15-150000.3.147.1
python3-3.6.15-150000.3.147.1
python3-base-3.6.15-150000.3.147.1
python3-curses-3.6.15-150000.3.147.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libpython3_6m1_0-3.6.15-150000.3.147.1
python3-3.6.15-150000.3.147.1
python3-base-3.6.15-150000.3.147.1
python3-curses-3.6.15-150000.3.147.1
python3-dbm-3.6.15-150000.3.147.1
python3-devel-3.6.15-150000.3.147.1
python3-idle-3.6.15-150000.3.147.1
python3-tk-3.6.15-150000.3.147.1
python3-tools-3.6.15-150000.3.147.1
SUSE Linux Enterprise Micro 5.1
libpython3_6m1_0-3.6.15-150000.3.147.1
python3-3.6.15-150000.3.147.1
python3-base-3.6.15-150000.3.147.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libpython3_6m1_0-3.6.15-150000.3.147.1
python3-3.6.15-150000.3.147.1
python3-base-3.6.15-150000.3.147.1
python3-curses-3.6.15-150000.3.147.1
python3-dbm-3.6.15-150000.3.147.1
python3-devel-3.6.15-150000.3.147.1
python3-idle-3.6.15-150000.3.147.1
python3-tk-3.6.15-150000.3.147.1
python3-tools-3.6.15-150000.3.147.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libpython3_6m1_0-3.6.15-150000.3.147.1
python3-3.6.15-150000.3.147.1
python3-base-3.6.15-150000.3.147.1
python3-curses-3.6.15-150000.3.147.1
python3-dbm-3.6.15-150000.3.147.1
python3-devel-3.6.15-150000.3.147.1
python3-idle-3.6.15-150000.3.147.1
python3-tk-3.6.15-150000.3.147.1
python3-tools-3.6.15-150000.3.147.1
Ссылки
- Link for SUSE-SU-2024:1774-1
- E-Mail link for SUSE-SU-2024:1774-1
- SUSE Security Ratings
- SUSE Bug 1219559
- SUSE Bug 1220664
- SUSE Bug 1221563
- SUSE Bug 1221854
- SUSE Bug 1222075
- SUSE CVE CVE-2023-52425 page
- SUSE CVE CVE-2024-0450 page
Описание
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libpython3_6m1_0-3.6.15-150000.3.147.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python3-3.6.15-150000.3.147.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python3-base-3.6.15-150000.3.147.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python3-curses-3.6.15-150000.3.147.1
Ссылки
- CVE-2023-52425
- SUSE Bug 1219559
Описание
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libpython3_6m1_0-3.6.15-150000.3.147.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python3-3.6.15-150000.3.147.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python3-base-3.6.15-150000.3.147.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python3-curses-3.6.15-150000.3.147.1
Ссылки
- CVE-2024-0450
- SUSE Bug 1221854