SUSE-SU-2025:0553-1

Опубликовано: 14 фев. 2025

Источник: suse-cvrf

Описание

Security update for python

This update for python fixes the following issues:

CVE-2025-0938: functions urllib.parse.urlsplit and urlparse accept domain names including square brackets (bsc#1236705).

Список пакетов

Image SLES12-SP5-EC2-BYOS

libpython2_7-1_0-2.7.18-33.41.1

python-2.7.18-33.41.1

python-base-2.7.18-33.41.1

python-xml-2.7.18-33.41.1

Image SLES12-SP5-EC2-On-Demand

libpython2_7-1_0-2.7.18-33.41.1

python-2.7.18-33.41.1

python-base-2.7.18-33.41.1

python-xml-2.7.18-33.41.1

Image SLES12-SP5-EC2-SAP-BYOS

libpython2_7-1_0-2.7.18-33.41.1

python-2.7.18-33.41.1

python-base-2.7.18-33.41.1

python-xml-2.7.18-33.41.1

Image SLES12-SP5-EC2-SAP-On-Demand

libpython2_7-1_0-2.7.18-33.41.1

python-2.7.18-33.41.1

python-base-2.7.18-33.41.1

python-xml-2.7.18-33.41.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libpython2_7-1_0-2.7.18-33.41.1

python-2.7.18-33.41.1

python-base-2.7.18-33.41.1

python-xml-2.7.18-33.41.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libpython2_7-1_0-2.7.18-33.41.1

python-2.7.18-33.41.1

python-base-2.7.18-33.41.1

python-xml-2.7.18-33.41.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

libpython2_7-1_0-2.7.18-33.41.1

libpython2_7-1_0-32bit-2.7.18-33.41.1

python-2.7.18-33.41.1

python-32bit-2.7.18-33.41.1

python-base-2.7.18-33.41.1

python-base-32bit-2.7.18-33.41.1

python-curses-2.7.18-33.41.1

python-demo-2.7.18-33.41.1

python-devel-2.7.18-33.41.1

python-doc-2.7.18-33.41.1

python-doc-pdf-2.7.18-33.41.1

python-gdbm-2.7.18-33.41.1

python-idle-2.7.18-33.41.1

python-tk-2.7.18-33.41.1

python-xml-2.7.18-33.41.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250553-1/
Link for SUSE-SU-2025:0553-1
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020356.html
E-Mail link for SUSE-SU-2025:0553-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1236705
SUSE Bug 1236705
https://www.suse.com/security/cve/CVE-2025-0938/
SUSE CVE CVE-2025-0938 page

Описание

The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.

Затронутые продукты

Image SLES12-SP5-EC2-BYOS:libpython2_7-1_0-2.7.18-33.41.1

Image SLES12-SP5-EC2-BYOS:python-2.7.18-33.41.1

Image SLES12-SP5-EC2-BYOS:python-base-2.7.18-33.41.1

Image SLES12-SP5-EC2-BYOS:python-xml-2.7.18-33.41.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-0938.html
CVE-2025-0938
https://bugzilla.suse.com/1236705
SUSE Bug 1236705

SUSE-SU-2025:0553-1

Описание

Список пакетов

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Ссылки

Уязвимость: CVE-2025-0938

Описание

Затронутые продукты

Ссылки