Описание
Security update for python-docker
This update for python-docker fixes the following issues:
- CVE-2024-35195: Fixed missing certificate verification (bsc#1224788).
Список пакетов
Image SLES15-SP4-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-HPC-BYOS
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-HPC-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-Hardened-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-SAP
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-SAP-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-SAP-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-SAP-Hardened
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-SAP-Hardened-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-SAPCAL
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-SAPCAL-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-Azure-3P
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-Azure-Basic
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-Azure-Standard
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-HPC-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-HPC-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-Hardened-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-SAP-Azure-3P
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-SAP-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-SAP-Hardened-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP5-SAPCAL-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-Azure-Basic
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-Azure-Standard
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-HPC
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-HPC-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-HPC-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-Hardened-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-SAP-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-SAP-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-SAP-Hardened
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-SAP-Hardened-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP6-SAPCAL-Azure
python311-docker-7.0.0-150400.8.7.1
SUSE Linux Enterprise Module for Public Cloud 15 SP6
python311-docker-7.0.0-150400.8.7.1
openSUSE Leap 15.5
python311-docker-7.0.0-150400.8.7.1
openSUSE Leap 15.6
python311-docker-7.0.0-150400.8.7.1
Ссылки
- Link for SUSE-SU-2024:1937-2
- E-Mail link for SUSE-SU-2024:1937-2
- SUSE Security Ratings
- SUSE Bug 1224788
- SUSE CVE CVE-2024-35195 page
Описание
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.
Затронутые продукты
Image SLES15-SP4-BYOS-Azure:python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-HPC-BYOS-Azure:python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-HPC-BYOS:python311-docker-7.0.0-150400.8.7.1
Image SLES15-SP4-Hardened-BYOS-Azure:python311-docker-7.0.0-150400.8.7.1
Ссылки
- CVE-2024-35195
- SUSE Bug 1224788