SUSE-SU-2024:1843-1

Опубликовано: 29 мая 2024

Источник: suse-cvrf

Описание

Security update for python3

This update for python3 fixes the following issues:

CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).

Список пакетов

Image SLES12-SP5-Azure-BYOS

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

Image SLES12-SP5-Azure-Basic-On-Demand

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

Image SLES12-SP5-Azure-HPC-BYOS

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

Image SLES12-SP5-Azure-HPC-On-Demand

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

Image SLES12-SP5-Azure-SAP-BYOS

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

python3-curses-3.4.10-25.130.1

Image SLES12-SP5-Azure-SAP-On-Demand

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

python3-curses-3.4.10-25.130.1

Image SLES12-SP5-Azure-Standard-On-Demand

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

Image SLES12-SP5-EC2-BYOS

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

Image SLES12-SP5-EC2-ECS-On-Demand

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

Image SLES12-SP5-EC2-On-Demand

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

Image SLES12-SP5-EC2-SAP-BYOS

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

python3-curses-3.4.10-25.130.1

Image SLES12-SP5-EC2-SAP-On-Demand

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

python3-curses-3.4.10-25.130.1

Image SLES12-SP5-GCE-BYOS

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

Image SLES12-SP5-GCE-On-Demand

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

Image SLES12-SP5-GCE-SAP-BYOS

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

python3-curses-3.4.10-25.130.1

Image SLES12-SP5-GCE-SAP-On-Demand

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

python3-curses-3.4.10-25.130.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

python3-curses-3.4.10-25.130.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

python3-curses-3.4.10-25.130.1

SUSE Linux Enterprise Module for Web and Scripting 12

libpython3_4m1_0-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

python3-curses-3.4.10-25.130.1

SUSE Linux Enterprise Server 12 SP5

libpython3_4m1_0-3.4.10-25.130.1

libpython3_4m1_0-32bit-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

python3-curses-3.4.10-25.130.1

python3-devel-3.4.10-25.130.1

python3-tk-3.4.10-25.130.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libpython3_4m1_0-3.4.10-25.130.1

libpython3_4m1_0-32bit-3.4.10-25.130.1

python3-3.4.10-25.130.1

python3-base-3.4.10-25.130.1

python3-curses-3.4.10-25.130.1

python3-devel-3.4.10-25.130.1

python3-tk-3.4.10-25.130.1

SUSE Linux Enterprise Software Development Kit 12 SP5

python3-dbm-3.4.10-25.130.1

python3-devel-3.4.10-25.130.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241843-1/
Link for SUSE-SU-2024:1843-1
https://lists.suse.com/pipermail/sle-updates/2024-May/035419.html
E-Mail link for SUSE-SU-2024:1843-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1221854
SUSE Bug 1221854
https://www.suse.com/security/cve/CVE-2024-0450/
SUSE CVE CVE-2024-0450 page

Описание

An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Затронутые продукты

Image SLES12-SP5-Azure-BYOS:libpython3_4m1_0-3.4.10-25.130.1

Image SLES12-SP5-Azure-BYOS:python3-3.4.10-25.130.1

Image SLES12-SP5-Azure-BYOS:python3-base-3.4.10-25.130.1

Image SLES12-SP5-Azure-Basic-On-Demand:libpython3_4m1_0-3.4.10-25.130.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-0450.html
CVE-2024-0450
https://bugzilla.suse.com/1221854
SUSE Bug 1221854

SUSE-SU-2024:1843-1

Описание

Список пакетов

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Module for Web and Scripting 12

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2024-0450

Описание

Затронутые продукты

Ссылки