Описание
Security update for python310
This update for python310 fixes the following issues:
- Update to 3.10.16
Список пакетов
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:0049-1
- E-Mail link for SUSE-SU-2025:0049-1
- SUSE Security Ratings
- SUSE Bug 1232241
- SUSE Bug 1233307
- SUSE CVE CVE-2024-11168 page
- SUSE CVE CVE-2024-9287 page
Описание
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
Затронутые продукты
Ссылки
- CVE-2024-11168
- SUSE Bug 1233307
Описание
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
Затронутые продукты
Ссылки
- CVE-2024-9287
- SUSE Bug 1232241