Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:2274-1

Опубликовано: 02 июл. 2024
Источник: suse-cvrf

Описание

Security update for python39

This update for python39 fixes the following issues:

  • CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
  • CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)

Список пакетов

Image SLES12-SP5-Azure-BYOS
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-Azure-Basic-On-Demand
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-Azure-HPC-BYOS
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-Azure-HPC-On-Demand
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-Azure-SAP-BYOS
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-Azure-SAP-On-Demand
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-Azure-Standard-On-Demand
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-EC2-BYOS
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-EC2-ECS-On-Demand
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-EC2-On-Demand
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-EC2-SAP-BYOS
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-EC2-SAP-On-Demand
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-GCE-BYOS
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-GCE-On-Demand
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-GCE-SAP-BYOS
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-GCE-SAP-On-Demand
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython3_6m1_0-3.6.15-58.1
python36-base-3.6.15-58.1
SUSE Linux Enterprise Server 12 SP5
libpython3_6m1_0-3.6.15-58.1
libpython3_6m1_0-32bit-3.6.15-58.1
python36-3.6.15-58.1
python36-base-3.6.15-58.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython3_6m1_0-3.6.15-58.1
libpython3_6m1_0-32bit-3.6.15-58.1
python36-3.6.15-58.1
python36-base-3.6.15-58.1
SUSE Linux Enterprise Software Development Kit 12 SP5
python36-devel-3.6.15-58.1

Ссылки

Описание

A defect was discovered in the Python "ssl" module where there is a memory race condition with the ssl.SSLContext methods "cert_store_stats()" and "get_ca_certs()". The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython3_6m1_0-3.6.15-58.1
Image SLES12-SP5-Azure-BYOS:python36-base-3.6.15-58.1
Image SLES12-SP5-Azure-Basic-On-Demand:libpython3_6m1_0-3.6.15-58.1
Image SLES12-SP5-Azure-Basic-On-Demand:python36-base-3.6.15-58.1
Ссылки

Описание

The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython3_6m1_0-3.6.15-58.1
Image SLES12-SP5-Azure-BYOS:python36-base-3.6.15-58.1
Image SLES12-SP5-Azure-Basic-On-Demand:libpython3_6m1_0-3.6.15-58.1
Image SLES12-SP5-Azure-Basic-On-Demand:python36-base-3.6.15-58.1
Ссылки