SUSE-SU-2024:4291-1

Опубликовано: 11 дек. 2024

Источник: suse-cvrf

Описание

Security update for python312

This update for python312 fixes the following issues:

CVE-2024-12254: Fixed unbounded memory buffering in SelectorSocketTransport.writelines() (bsc#1234290)

Other fixes:

Updated to version 3.12.8
Remove -IVendor/ from python-config (bsc#1231795)

Список пакетов

Container bci/python:latest

libpython3_12-1_0-3.12.8-150600.3.12.1

python312-3.12.8-150600.3.12.1

python312-base-3.12.8-150600.3.12.1

python312-devel-3.12.8-150600.3.12.1

SUSE Linux Enterprise Module for Python 3 15 SP6

libpython3_12-1_0-3.12.8-150600.3.12.1

python312-3.12.8-150600.3.12.1

python312-base-3.12.8-150600.3.12.1

python312-curses-3.12.8-150600.3.12.1

python312-dbm-3.12.8-150600.3.12.1

python312-devel-3.12.8-150600.3.12.1

python312-idle-3.12.8-150600.3.12.1

python312-tk-3.12.8-150600.3.12.1

python312-tools-3.12.8-150600.3.12.1

openSUSE Leap 15.6

libpython3_12-1_0-3.12.8-150600.3.12.1

libpython3_12-1_0-32bit-3.12.8-150600.3.12.1

python312-3.12.8-150600.3.12.1

python312-32bit-3.12.8-150600.3.12.1

python312-base-3.12.8-150600.3.12.1

python312-base-32bit-3.12.8-150600.3.12.1

python312-curses-3.12.8-150600.3.12.1

python312-dbm-3.12.8-150600.3.12.1

python312-devel-3.12.8-150600.3.12.1

python312-doc-3.12.8-150600.3.12.1

python312-doc-devhelp-3.12.8-150600.3.12.1

python312-idle-3.12.8-150600.3.12.1

python312-testsuite-3.12.8-150600.3.12.1

python312-tk-3.12.8-150600.3.12.1

python312-tools-3.12.8-150600.3.12.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244291-1/
Link for SUSE-SU-2024:4291-1
https://lists.suse.com/pipermail/sle-security-updates/2024-December/019981.html
E-Mail link for SUSE-SU-2024:4291-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1231795
SUSE Bug 1231795
https://bugzilla.suse.com/1234290
SUSE Bug 1234290
https://www.suse.com/security/cve/CVE-2024-12254/
SUSE CVE CVE-2024-12254 page

Описание

Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected.

Затронутые продукты

Container bci/python:latest:libpython3_12-1_0-3.12.8-150600.3.12.1

Container bci/python:latest:python312-3.12.8-150600.3.12.1

Container bci/python:latest:python312-base-3.12.8-150600.3.12.1

Container bci/python:latest:python312-devel-3.12.8-150600.3.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-12254.html
CVE-2024-12254
https://bugzilla.suse.com/1234290
SUSE Bug 1234290

SUSE-SU-2024:4291-1

Описание

Список пакетов

Container bci/python:latest

SUSE Linux Enterprise Module for Python 3 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-12254

Описание

Затронутые продукты

Ссылки