Описание
Security update for python-pyOpenSSL
This update for python-pyOpenSSL fixes the following issues:
- Fixed error caused by a regression in fix for CVE-2018-1000807 (bsc#1231700)
Список пакетов
Image SLES12-SP5-Azure-BYOS
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-Azure-HPC-BYOS
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-Azure-HPC-On-Demand
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-Azure-SAP-BYOS
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-Azure-SAP-On-Demand
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-Azure-Standard-On-Demand
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-EC2-BYOS
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-EC2-ECS-On-Demand
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-EC2-On-Demand
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-EC2-SAP-BYOS
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-EC2-SAP-On-Demand
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-GCE-BYOS
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-GCE-On-Demand
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-GCE-SAP-BYOS
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-GCE-SAP-On-Demand
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
python-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
python-pyOpenSSL-17.1.0-4.29.1
SUSE Linux Enterprise Server 12 SP5-LTSS
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
python-pyOpenSSL-17.1.0-4.29.1
python3-pyOpenSSL-17.1.0-4.29.1
Ссылки
- Link for SUSE-SU-2024:3749-1
- E-Mail link for SUSE-SU-2024:3749-1
- SUSE Security Ratings
- SUSE Bug 1231700
- SUSE CVE CVE-2018-1000807 page
Описание
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:python-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-Azure-BYOS:python3-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-Azure-HPC-BYOS:python-pyOpenSSL-17.1.0-4.29.1
Image SLES12-SP5-Azure-HPC-BYOS:python3-pyOpenSSL-17.1.0-4.29.1
Ссылки
- CVE-2018-1000807
- SUSE Bug 1111634
- SUSE Bug 1111635