Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:3357-1

Опубликовано: 20 сент. 2024
Источник: suse-cvrf

Описание

Security update for python310

This update for python310 fixes the following issues:

  • Update to version 3.10.15
  • CVE-2024-8088: Fixed denial of service in zipfile. (bsc#1229704)
  • CVE-2024-7592: Fixed uncontrolled CPU resource consumption when in http.cookies module. (bsc#1229596)
  • CVE-2024-6232: Fixed ReDos via excessive backtracking while parsing header values. (bsc#1230227)

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libpython3_10-1_0-3.10.15-150400.4.57.1
python310-3.10.15-150400.4.57.1
python310-base-3.10.15-150400.4.57.1
python310-curses-3.10.15-150400.4.57.1
python310-dbm-3.10.15-150400.4.57.1
python310-devel-3.10.15-150400.4.57.1
python310-idle-3.10.15-150400.4.57.1
python310-tk-3.10.15-150400.4.57.1
python310-tools-3.10.15-150400.4.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libpython3_10-1_0-3.10.15-150400.4.57.1
python310-3.10.15-150400.4.57.1
python310-base-3.10.15-150400.4.57.1
python310-curses-3.10.15-150400.4.57.1
python310-dbm-3.10.15-150400.4.57.1
python310-devel-3.10.15-150400.4.57.1
python310-idle-3.10.15-150400.4.57.1
python310-tk-3.10.15-150400.4.57.1
python310-tools-3.10.15-150400.4.57.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libpython3_10-1_0-3.10.15-150400.4.57.1
python310-3.10.15-150400.4.57.1
python310-base-3.10.15-150400.4.57.1
python310-curses-3.10.15-150400.4.57.1
python310-dbm-3.10.15-150400.4.57.1
python310-devel-3.10.15-150400.4.57.1
python310-idle-3.10.15-150400.4.57.1
python310-tk-3.10.15-150400.4.57.1
python310-tools-3.10.15-150400.4.57.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libpython3_10-1_0-3.10.15-150400.4.57.1
python310-3.10.15-150400.4.57.1
python310-base-3.10.15-150400.4.57.1
python310-curses-3.10.15-150400.4.57.1
python310-dbm-3.10.15-150400.4.57.1
python310-devel-3.10.15-150400.4.57.1
python310-idle-3.10.15-150400.4.57.1
python310-tk-3.10.15-150400.4.57.1
python310-tools-3.10.15-150400.4.57.1
openSUSE Leap 15.5
libpython3_10-1_0-3.10.15-150400.4.57.1
libpython3_10-1_0-32bit-3.10.15-150400.4.57.1
python310-3.10.15-150400.4.57.1
python310-32bit-3.10.15-150400.4.57.1
python310-base-3.10.15-150400.4.57.1
python310-base-32bit-3.10.15-150400.4.57.1
python310-curses-3.10.15-150400.4.57.1
python310-dbm-3.10.15-150400.4.57.1
python310-devel-3.10.15-150400.4.57.1
python310-doc-3.10.15-150400.4.57.1
python310-doc-devhelp-3.10.15-150400.4.57.1
python310-idle-3.10.15-150400.4.57.1
python310-testsuite-3.10.15-150400.4.57.1
python310-tk-3.10.15-150400.4.57.1
python310-tools-3.10.15-150400.4.57.1
openSUSE Leap 15.6
libpython3_10-1_0-3.10.15-150400.4.57.1
libpython3_10-1_0-32bit-3.10.15-150400.4.57.1
python310-3.10.15-150400.4.57.1
python310-32bit-3.10.15-150400.4.57.1
python310-base-3.10.15-150400.4.57.1
python310-base-32bit-3.10.15-150400.4.57.1
python310-curses-3.10.15-150400.4.57.1
python310-dbm-3.10.15-150400.4.57.1
python310-devel-3.10.15-150400.4.57.1
python310-doc-3.10.15-150400.4.57.1
python310-doc-devhelp-3.10.15-150400.4.57.1
python310-idle-3.10.15-150400.4.57.1
python310-testsuite-3.10.15-150400.4.57.1
python310-tk-3.10.15-150400.4.57.1
python310-tools-3.10.15-150400.4.57.1

Ссылки

Описание

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpython3_10-1_0-3.10.15-150400.4.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-3.10.15-150400.4.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-base-3.10.15-150400.4.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-curses-3.10.15-150400.4.57.1
Ссылки

Описание

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpython3_10-1_0-3.10.15-150400.4.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-3.10.15-150400.4.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-base-3.10.15-150400.4.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-curses-3.10.15-150400.4.57.1
Ссылки

Описание

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpython3_10-1_0-3.10.15-150400.4.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-3.10.15-150400.4.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-base-3.10.15-150400.4.57.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-curses-3.10.15-150400.4.57.1
Ссылки
Уязвимость SUSE-SU-2024:3357-1