Описание
Security update for python3
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999)
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libpython3_6m1_0-3.6.15-150000.3.155.2
python3-3.6.15-150000.3.155.2
python3-base-3.6.15-150000.3.155.2
python3-curses-3.6.15-150000.3.155.2
python3-dbm-3.6.15-150000.3.155.2
python3-devel-3.6.15-150000.3.155.2
python3-idle-3.6.15-150000.3.155.2
python3-tk-3.6.15-150000.3.155.2
python3-tools-3.6.15-150000.3.155.2
SUSE Linux Enterprise Micro 5.1
libpython3_6m1_0-3.6.15-150000.3.155.2
python3-3.6.15-150000.3.155.2
python3-base-3.6.15-150000.3.155.2
SUSE Linux Enterprise Server 15 SP2-LTSS
libpython3_6m1_0-3.6.15-150000.3.155.2
python3-3.6.15-150000.3.155.2
python3-base-3.6.15-150000.3.155.2
python3-curses-3.6.15-150000.3.155.2
python3-dbm-3.6.15-150000.3.155.2
python3-devel-3.6.15-150000.3.155.2
python3-idle-3.6.15-150000.3.155.2
python3-tk-3.6.15-150000.3.155.2
python3-tools-3.6.15-150000.3.155.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libpython3_6m1_0-3.6.15-150000.3.155.2
python3-3.6.15-150000.3.155.2
python3-base-3.6.15-150000.3.155.2
python3-curses-3.6.15-150000.3.155.2
python3-dbm-3.6.15-150000.3.155.2
python3-devel-3.6.15-150000.3.155.2
python3-idle-3.6.15-150000.3.155.2
python3-tk-3.6.15-150000.3.155.2
python3-tools-3.6.15-150000.3.155.2
Ссылки
- Link for SUSE-SU-2024:3302-1
- E-Mail link for SUSE-SU-2024:3302-1
- SUSE Security Ratings
- SUSE Bug 1227378
- SUSE Bug 1227999
- SUSE Bug 1228780
- SUSE Bug 1229596
- SUSE CVE CVE-2024-6923 page
- SUSE CVE CVE-2024-7592 page
Описание
There is a MEDIUM severity vulnerability affecting CPython. The email module didn't properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpython3_6m1_0-3.6.15-150000.3.155.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-3.6.15-150000.3.155.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-base-3.6.15-150000.3.155.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-curses-3.6.15-150000.3.155.2
Ссылки
- CVE-2024-6923
- SUSE Bug 1228780
Описание
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpython3_6m1_0-3.6.15-150000.3.155.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-3.6.15-150000.3.155.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-base-3.6.15-150000.3.155.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-curses-3.6.15-150000.3.155.2
Ссылки
- CVE-2024-7592
- SUSE Bug 1229596