Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:3427-1

Опубликовано: 24 сент. 2024
Источник: suse-cvrf

Описание

Security update for python311

This update for python311 fixes the following issues:

Update python311 to version 3.11.10.

  • CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
  • CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596)
  • CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704)

Список пакетов

Container containers/apache-pulsar:3.3
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Container containers/open-webui:0
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Container containers/python:3.11
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
python311-devel-3.11.10-150600.3.6.1
Container containers/pytorch:2-nvidia
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Container containers/pytorch:2.5.0
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-Azure-Basic
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-Azure-Standard
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-BYOS-Azure
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-BYOS-EC2
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-EC2
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-EC2-ECS-HVM
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-HPC
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-HPC-Azure
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-HPC-BYOS
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-HPC-BYOS-Azure
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-HPC-BYOS-EC2
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-HPC-EC2
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-Hardened-BYOS-Azure
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-Hardened-BYOS-EC2
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAP
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAP-Azure
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAP-BYOS-Azure
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAP-BYOS-EC2
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAP-EC2
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAP-Hardened
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAP-Hardened-Azure
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAP-Hardened-BYOS
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAP-Hardened-EC2
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAPCAL
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAPCAL-Azure
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image SLES15-SP6-SAPCAL-EC2
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
Image ai_15_6
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libpython3_11-1_0-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
SUSE Linux Enterprise Module for Python 3 15 SP6
python311-3.11.10-150600.3.6.1
python311-curses-3.11.10-150600.3.6.1
python311-dbm-3.11.10-150600.3.6.1
python311-devel-3.11.10-150600.3.6.1
python311-idle-3.11.10-150600.3.6.1
python311-tk-3.11.10-150600.3.6.1
python311-tools-3.11.10-150600.3.6.1
openSUSE Leap 15.6
libpython3_11-1_0-3.11.10-150600.3.6.1
libpython3_11-1_0-32bit-3.11.10-150600.3.6.1
python311-3.11.10-150600.3.6.1
python311-32bit-3.11.10-150600.3.6.1
python311-base-3.11.10-150600.3.6.1
python311-base-32bit-3.11.10-150600.3.6.1
python311-curses-3.11.10-150600.3.6.1
python311-dbm-3.11.10-150600.3.6.1
python311-devel-3.11.10-150600.3.6.1
python311-doc-3.11.10-150600.3.6.1
python311-doc-devhelp-3.11.10-150600.3.6.1
python311-idle-3.11.10-150600.3.6.1
python311-testsuite-3.11.10-150600.3.6.1
python311-tk-3.11.10-150600.3.6.1
python311-tools-3.11.10-150600.3.6.1

Ссылки

Описание

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Затронутые продукты
Container containers/apache-pulsar:3.3:libpython3_11-1_0-3.11.10-150600.3.6.1
Container containers/apache-pulsar:3.3:python311-base-3.11.10-150600.3.6.1
Container containers/open-webui:0:libpython3_11-1_0-3.11.10-150600.3.6.1
Container containers/open-webui:0:python311-3.11.10-150600.3.6.1
Ссылки

Описание

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

Затронутые продукты
Container containers/apache-pulsar:3.3:libpython3_11-1_0-3.11.10-150600.3.6.1
Container containers/apache-pulsar:3.3:python311-base-3.11.10-150600.3.6.1
Container containers/open-webui:0:libpython3_11-1_0-3.11.10-150600.3.6.1
Container containers/open-webui:0:python311-3.11.10-150600.3.6.1
Ссылки

Описание

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

Затронутые продукты
Container containers/apache-pulsar:3.3:libpython3_11-1_0-3.11.10-150600.3.6.1
Container containers/apache-pulsar:3.3:python311-base-3.11.10-150600.3.6.1
Container containers/open-webui:0:libpython3_11-1_0-3.11.10-150600.3.6.1
Container containers/open-webui:0:python311-3.11.10-150600.3.6.1
Ссылки
Уязвимость SUSE-SU-2024:3427-1