SUSE-SU-2025:0419-1

Опубликовано: 11 фев. 2025

Источник: suse-cvrf

Описание

Security update for python311

This update for python311 fixes the following issues:

CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)

Список пакетов

Image SLES15-SP4-SAP-Hardened-BYOS

libpython3_11-1_0-3.11.11-150400.9.44.1

python311-3.11.11-150400.9.44.1

python311-base-3.11.11-150400.9.44.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

libpython3_11-1_0-3.11.11-150400.9.44.1

python311-3.11.11-150400.9.44.1

python311-base-3.11.11-150400.9.44.1

Image SLES15-SP5-Azure-3P

libpython3_11-1_0-3.11.11-150400.9.44.1

python311-3.11.11-150400.9.44.1

python311-base-3.11.11-150400.9.44.1

Image SLES15-SP5-Manager-Server-5-0

libpython3_11-1_0-3.11.11-150400.9.44.1

python311-base-3.11.11-150400.9.44.1

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

libpython3_11-1_0-3.11.11-150400.9.44.1

python311-base-3.11.11-150400.9.44.1

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

libpython3_11-1_0-3.11.11-150400.9.44.1

python311-base-3.11.11-150400.9.44.1

Image SLES15-SP5-SAP-Azure-3P

libpython3_11-1_0-3.11.11-150400.9.44.1

python311-3.11.11-150400.9.44.1

python311-base-3.11.11-150400.9.44.1

SUSE Linux Enterprise Module for Public Cloud 15 SP4

libpython3_11-1_0-3.11.11-150400.9.44.1

python311-3.11.11-150400.9.44.1

python311-base-3.11.11-150400.9.44.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250419-1/
Link for SUSE-SU-2025:0419-1
https://lists.suse.com/pipermail/sle-updates/2025-February/038350.html
E-Mail link for SUSE-SU-2025:0419-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1228165
SUSE Bug 1228165
https://bugzilla.suse.com/1236705
SUSE Bug 1236705
https://www.suse.com/security/cve/CVE-2025-0938/
SUSE CVE CVE-2025-0938 page

Описание

The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.

Затронутые продукты

Image SLES15-SP4-SAP-Hardened-BYOS-EC2:libpython3_11-1_0-3.11.11-150400.9.44.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2:python311-3.11.11-150400.9.44.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2:python311-base-3.11.11-150400.9.44.1

Image SLES15-SP4-SAP-Hardened-BYOS:libpython3_11-1_0-3.11.11-150400.9.44.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-0938.html
CVE-2025-0938
https://bugzilla.suse.com/1236705
SUSE Bug 1236705

SUSE-SU-2025:0419-1

Описание

Список пакетов

Image SLES15-SP4-SAP-Hardened-BYOS

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

Image SLES15-SP5-Azure-3P

Image SLES15-SP5-Manager-Server-5-0

Image SLES15-SP5-Manager-Server-5-0-Azure-llc

Image SLES15-SP5-Manager-Server-5-0-Azure-ltd

Image SLES15-SP5-SAP-Azure-3P

SUSE Linux Enterprise Module for Public Cloud 15 SP4

Ссылки

Уязвимость: CVE-2025-0938

Описание

Затронутые продукты

Ссылки