SUSE-SU-2024:1861-1

Опубликовано: 30 мая 2024

Источник: suse-cvrf

Описание

Security update for python3-sqlparse

This update for python3-sqlparse fixes the following issues:

CVE-2024-4340: Fixed RecursionError catch to avoid a denial-of-service issue (bsc#1223603).

Список пакетов

SUSE Enterprise Storage 7.1

python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise Module for Basesystem 15 SP5

python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise Server 15 SP3-LTSS

python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise Server 15 SP4-LTSS

python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

python3-sqlparse-0.4.2-150300.12.1

SUSE Manager Proxy 4.3

python3-sqlparse-0.4.2-150300.12.1

SUSE Manager Server 4.3

python3-sqlparse-0.4.2-150300.12.1

openSUSE Leap 15.5

python3-sqlparse-0.4.2-150300.12.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241861-1/
Link for SUSE-SU-2024:1861-1
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019255.html
E-Mail link for SUSE-SU-2024:1861-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1223603
SUSE Bug 1223603
https://www.suse.com/security/cve/CVE-2024-4340/
SUSE CVE CVE-2024-4340 page

Описание

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

Затронутые продукты

SUSE Enterprise Storage 7.1:python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-sqlparse-0.4.2-150300.12.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-sqlparse-0.4.2-150300.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-4340.html
CVE-2024-4340
https://bugzilla.suse.com/1223603
SUSE Bug 1223603

SUSE-SU-2024:1861-1

Описание

Список пакетов

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise Module for Basesystem 15 SP5

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Linux Enterprise Server for SAP Applications 15 SP4

SUSE Manager Proxy 4.3

SUSE Manager Server 4.3

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-4340

Описание

Затронутые продукты

Ссылки