SUSE-SU-2025:0048-1

Опубликовано: 09 янв. 2025

Источник: suse-cvrf

Описание

Security update for python312

This update for python312 fixes the following issues:

Properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287)

Список пакетов

Container bci/python:latest

libpython3_12-1_0-3.12.8-150600.3.15.1

python312-3.12.8-150600.3.15.1

python312-base-3.12.8-150600.3.15.1

python312-devel-3.12.8-150600.3.15.1

SUSE Linux Enterprise Module for Python 3 15 SP6

libpython3_12-1_0-3.12.8-150600.3.15.1

python312-3.12.8-150600.3.15.1

python312-base-3.12.8-150600.3.15.1

python312-curses-3.12.8-150600.3.15.1

python312-dbm-3.12.8-150600.3.15.1

python312-devel-3.12.8-150600.3.15.1

python312-idle-3.12.8-150600.3.15.1

python312-tk-3.12.8-150600.3.15.1

python312-tools-3.12.8-150600.3.15.1

openSUSE Leap 15.6

libpython3_12-1_0-3.12.8-150600.3.15.1

libpython3_12-1_0-32bit-3.12.8-150600.3.15.1

python312-3.12.8-150600.3.15.1

python312-32bit-3.12.8-150600.3.15.1

python312-base-3.12.8-150600.3.15.1

python312-base-32bit-3.12.8-150600.3.15.1

python312-curses-3.12.8-150600.3.15.1

python312-dbm-3.12.8-150600.3.15.1

python312-devel-3.12.8-150600.3.15.1

python312-doc-3.12.8-150600.3.15.1

python312-doc-devhelp-3.12.8-150600.3.15.1

python312-idle-3.12.8-150600.3.15.1

python312-testsuite-3.12.8-150600.3.15.1

python312-tk-3.12.8-150600.3.15.1

python312-tools-3.12.8-150600.3.15.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250048-1/
Link for SUSE-SU-2025:0048-1
https://lists.suse.com/pipermail/sle-security-updates/2025-January/020074.html
E-Mail link for SUSE-SU-2025:0048-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1232241
SUSE Bug 1232241
https://www.suse.com/security/cve/CVE-2024-9287/
SUSE CVE CVE-2024-9287 page

Описание

A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.

Затронутые продукты

Container bci/python:latest:libpython3_12-1_0-3.12.8-150600.3.15.1

Container bci/python:latest:python312-3.12.8-150600.3.15.1

Container bci/python:latest:python312-base-3.12.8-150600.3.15.1

Container bci/python:latest:python312-devel-3.12.8-150600.3.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-9287.html
CVE-2024-9287
https://bugzilla.suse.com/1232241
SUSE Bug 1232241

SUSE-SU-2025:0048-1

Описание

Список пакетов

Container bci/python:latest

SUSE Linux Enterprise Module for Python 3 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-9287

Описание

Затронутые продукты

Ссылки