Описание
Security update for python36
This update for python36 fixes the following issues:
- CVE-2024-7592: quadratic complexity when parsing cookies with backslashes. (bsc#1229596)
- CVE-2024-6923: email header injection due to unquoted newlines. (bsc#1228780)
Bug fixes:
- Set variable %{profileopt} according to the variable %{do_profiling}. (bsc#1227999)
- Stop using %%defattr, as it seems to be breaking proper executable attributes on /usr/bin/ scripts. (bsc#1227378)
- Remove %suse_update_desktop_file macro, as it is not useful any more.
Список пакетов
Image SLES12-SP5-Azure-BYOS
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-Azure-HPC-BYOS
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-Azure-HPC-On-Demand
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-Azure-SAP-BYOS
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-Azure-SAP-On-Demand
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-Azure-Standard-On-Demand
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-EC2-BYOS
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-EC2-ECS-On-Demand
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-EC2-On-Demand
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-EC2-SAP-BYOS
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-EC2-SAP-On-Demand
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-GCE-BYOS
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-GCE-On-Demand
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-GCE-SAP-BYOS
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-GCE-SAP-On-Demand
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libpython3_6m1_0-3.6.15-61.1
python36-base-3.6.15-61.1
SUSE Linux Enterprise Server 12 SP5
libpython3_6m1_0-3.6.15-61.1
libpython3_6m1_0-32bit-3.6.15-61.1
python36-3.6.15-61.1
python36-base-3.6.15-61.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpython3_6m1_0-3.6.15-61.1
libpython3_6m1_0-32bit-3.6.15-61.1
python36-3.6.15-61.1
python36-base-3.6.15-61.1
SUSE Linux Enterprise Software Development Kit 12 SP5
python36-devel-3.6.15-61.1
Ссылки
- Link for SUSE-SU-2024:3293-1
- E-Mail link for SUSE-SU-2024:3293-1
- SUSE Security Ratings
- SUSE Bug 1227378
- SUSE Bug 1227999
- SUSE Bug 1228780
- SUSE Bug 1229596
- SUSE CVE CVE-2024-6923 page
- SUSE CVE CVE-2024-7592 page
Описание
There is a MEDIUM severity vulnerability affecting CPython. The email module didn't properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython3_6m1_0-3.6.15-61.1
Image SLES12-SP5-Azure-BYOS:python36-base-3.6.15-61.1
Image SLES12-SP5-Azure-HPC-BYOS:libpython3_6m1_0-3.6.15-61.1
Image SLES12-SP5-Azure-HPC-BYOS:python36-base-3.6.15-61.1
Ссылки
- CVE-2024-6923
- SUSE Bug 1228780
Описание
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libpython3_6m1_0-3.6.15-61.1
Image SLES12-SP5-Azure-BYOS:python36-base-3.6.15-61.1
Image SLES12-SP5-Azure-HPC-BYOS:libpython3_6m1_0-3.6.15-61.1
Image SLES12-SP5-Azure-HPC-BYOS:python36-base-3.6.15-61.1
Ссылки
- CVE-2024-7592
- SUSE Bug 1229596