Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

SUSE-SU-2024:3411-1

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 24 сСнт. 2024
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: suse-cvrf

ОписаниС

Security update for python39

This update for python39 fixes the following issues:

  • Update to 3.9.20:
  • CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
  • CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596)
  • CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704)

Бписок ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ²

Container containers/python:3.9
libpython3_9-1_0-3.9.20-150300.4.52.1
python39-3.9.20-150300.4.52.1
python39-base-3.9.20-150300.4.52.1
python39-devel-3.9.20-150300.4.52.1
Image python_15_6
libpython3_9-1_0-3.9.20-150300.4.52.1
python39-3.9.20-150300.4.52.1
python39-base-3.9.20-150300.4.52.1
python39-devel-3.9.20-150300.4.52.1
SUSE Enterprise Storage 7.1
libpython3_9-1_0-3.9.20-150300.4.52.1
python39-3.9.20-150300.4.52.1
python39-base-3.9.20-150300.4.52.1
python39-curses-3.9.20-150300.4.52.1
python39-dbm-3.9.20-150300.4.52.1
python39-devel-3.9.20-150300.4.52.1
python39-idle-3.9.20-150300.4.52.1
python39-tk-3.9.20-150300.4.52.1
python39-tools-3.9.20-150300.4.52.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libpython3_9-1_0-3.9.20-150300.4.52.1
python39-3.9.20-150300.4.52.1
python39-base-3.9.20-150300.4.52.1
python39-curses-3.9.20-150300.4.52.1
python39-dbm-3.9.20-150300.4.52.1
python39-devel-3.9.20-150300.4.52.1
python39-idle-3.9.20-150300.4.52.1
python39-tk-3.9.20-150300.4.52.1
python39-tools-3.9.20-150300.4.52.1
SUSE Linux Enterprise Module for Legacy 15 SP5
libpython3_9-1_0-3.9.20-150300.4.52.1
python39-3.9.20-150300.4.52.1
python39-base-3.9.20-150300.4.52.1
python39-curses-3.9.20-150300.4.52.1
python39-dbm-3.9.20-150300.4.52.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libpython3_9-1_0-3.9.20-150300.4.52.1
python39-3.9.20-150300.4.52.1
python39-base-3.9.20-150300.4.52.1
python39-curses-3.9.20-150300.4.52.1
python39-dbm-3.9.20-150300.4.52.1
python39-devel-3.9.20-150300.4.52.1
python39-idle-3.9.20-150300.4.52.1
python39-tk-3.9.20-150300.4.52.1
python39-tools-3.9.20-150300.4.52.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libpython3_9-1_0-3.9.20-150300.4.52.1
python39-3.9.20-150300.4.52.1
python39-base-3.9.20-150300.4.52.1
python39-curses-3.9.20-150300.4.52.1
python39-dbm-3.9.20-150300.4.52.1
python39-devel-3.9.20-150300.4.52.1
python39-idle-3.9.20-150300.4.52.1
python39-tk-3.9.20-150300.4.52.1
python39-tools-3.9.20-150300.4.52.1
openSUSE Leap 15.5
libpython3_9-1_0-3.9.20-150300.4.52.1
libpython3_9-1_0-32bit-3.9.20-150300.4.52.1
python39-3.9.20-150300.4.52.1
python39-32bit-3.9.20-150300.4.52.1
python39-base-3.9.20-150300.4.52.1
python39-base-32bit-3.9.20-150300.4.52.1
python39-curses-3.9.20-150300.4.52.1
python39-dbm-3.9.20-150300.4.52.1
python39-devel-3.9.20-150300.4.52.1
python39-doc-3.9.20-150300.4.52.1
python39-doc-devhelp-3.9.20-150300.4.52.1
python39-idle-3.9.20-150300.4.52.1
python39-testsuite-3.9.20-150300.4.52.1
python39-tk-3.9.20-150300.4.52.1
python39-tools-3.9.20-150300.4.52.1
openSUSE Leap 15.6
libpython3_9-1_0-3.9.20-150300.4.52.1
libpython3_9-1_0-32bit-3.9.20-150300.4.52.1
python39-3.9.20-150300.4.52.1
python39-32bit-3.9.20-150300.4.52.1
python39-base-3.9.20-150300.4.52.1
python39-base-32bit-3.9.20-150300.4.52.1
python39-curses-3.9.20-150300.4.52.1
python39-dbm-3.9.20-150300.4.52.1
python39-devel-3.9.20-150300.4.52.1
python39-doc-3.9.20-150300.4.52.1
python39-doc-devhelp-3.9.20-150300.4.52.1
python39-idle-3.9.20-150300.4.52.1
python39-testsuite-3.9.20-150300.4.52.1
python39-tk-3.9.20-150300.4.52.1
python39-tools-3.9.20-150300.4.52.1

Бсылки

ОписаниС

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚Ρ‹
Container containers/python:3.9:libpython3_9-1_0-3.9.20-150300.4.52.1
Container containers/python:3.9:python39-3.9.20-150300.4.52.1
Container containers/python:3.9:python39-base-3.9.20-150300.4.52.1
Container containers/python:3.9:python39-devel-3.9.20-150300.4.52.1
Бсылки

ОписаниС

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚Ρ‹
Container containers/python:3.9:libpython3_9-1_0-3.9.20-150300.4.52.1
Container containers/python:3.9:python39-3.9.20-150300.4.52.1
Container containers/python:3.9:python39-base-3.9.20-150300.4.52.1
Container containers/python:3.9:python39-devel-3.9.20-150300.4.52.1
Бсылки

ОписаниС

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚Ρ‹
Container containers/python:3.9:libpython3_9-1_0-3.9.20-150300.4.52.1
Container containers/python:3.9:python39-3.9.20-150300.4.52.1
Container containers/python:3.9:python39-base-3.9.20-150300.4.52.1
Container containers/python:3.9:python39-devel-3.9.20-150300.4.52.1
Бсылки
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ SUSE-SU-2024:3411-1