SUSE-SU-2025:0047-1

Опубликовано: 09 янв. 2025

Источник: suse-cvrf

Описание

Security update for python39

This update for python39 fixes the following issue:

Update to 3.9.21

Список пакетов

Container containers/python:3.9

libpython3_9-1_0-3.9.21-150300.4.61.1

python39-3.9.21-150300.4.61.1

python39-base-3.9.21-150300.4.61.1

python39-devel-3.9.21-150300.4.61.1

Image python_15_6

libpython3_9-1_0-3.9.21-150300.4.61.1

python39-3.9.21-150300.4.61.1

python39-base-3.9.21-150300.4.61.1

python39-devel-3.9.21-150300.4.61.1

openSUSE Leap 15.6

libpython3_9-1_0-3.9.21-150300.4.61.1

libpython3_9-1_0-32bit-3.9.21-150300.4.61.1

python39-3.9.21-150300.4.61.1

python39-32bit-3.9.21-150300.4.61.1

python39-base-3.9.21-150300.4.61.1

python39-base-32bit-3.9.21-150300.4.61.1

python39-curses-3.9.21-150300.4.61.1

python39-dbm-3.9.21-150300.4.61.1

python39-devel-3.9.21-150300.4.61.1

python39-doc-3.9.21-150300.4.61.1

python39-doc-devhelp-3.9.21-150300.4.61.1

python39-idle-3.9.21-150300.4.61.1

python39-testsuite-3.9.21-150300.4.61.1

python39-tk-3.9.21-150300.4.61.1

python39-tools-3.9.21-150300.4.61.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250047-1/
Link for SUSE-SU-2025:0047-1
https://lists.suse.com/pipermail/sle-security-updates/2025-January/020075.html
E-Mail link for SUSE-SU-2025:0047-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1232241
SUSE Bug 1232241
https://bugzilla.suse.com/1233307
SUSE Bug 1233307
https://www.suse.com/security/cve/CVE-2024-11168/
SUSE CVE CVE-2024-11168 page
https://www.suse.com/security/cve/CVE-2024-9287/
SUSE CVE CVE-2024-9287 page

Описание

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.

Затронутые продукты

Container containers/python:3.9:libpython3_9-1_0-3.9.21-150300.4.61.1

Container containers/python:3.9:python39-3.9.21-150300.4.61.1

Container containers/python:3.9:python39-base-3.9.21-150300.4.61.1

Container containers/python:3.9:python39-devel-3.9.21-150300.4.61.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-11168.html
CVE-2024-11168
https://bugzilla.suse.com/1233307
SUSE Bug 1233307

Описание

A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.

Затронутые продукты

Container containers/python:3.9:libpython3_9-1_0-3.9.21-150300.4.61.1

Container containers/python:3.9:python39-3.9.21-150300.4.61.1

Container containers/python:3.9:python39-base-3.9.21-150300.4.61.1

Container containers/python:3.9:python39-devel-3.9.21-150300.4.61.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-9287.html
CVE-2024-9287
https://bugzilla.suse.com/1232241
SUSE Bug 1232241

SUSE-SU-2025:0047-1

Описание

Список пакетов

Container containers/python:3.9

Image python_15_6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-11168

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-9287

Описание

Затронутые продукты

Ссылки