openSUSE-SU-2020:0160-1

Опубликовано: 04 фев. 2020

Источник: suse-cvrf

Описание

Security update for python-reportlab

This update for python-reportlab fixes the following issues:

CVE-2019-17626: Fixed a potential remote code execution because of the lack of input sanitization in toColor() (bsc#1154370).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

python2-reportlab-3.4.0-lp151.3.3.1

python3-reportlab-3.4.0-lp151.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P6DNCEK2CMM7NMTN5U5RG4TX5UEQWO23/
E-Mail link for openSUSE-SU-2020:0160-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1154370
SUSE Bug 1154370
https://www.suse.com/security/cve/CVE-2019-17626/
SUSE CVE CVE-2019-17626 page

Описание

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

Затронутые продукты

openSUSE Leap 15.1:python2-reportlab-3.4.0-lp151.3.3.1

openSUSE Leap 15.1:python3-reportlab-3.4.0-lp151.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-17626.html
CVE-2019-17626
https://bugzilla.suse.com/1154370
SUSE Bug 1154370
https://bugzilla.suse.com/1215560
SUSE Bug 1215560

openSUSE-SU-2020:0160-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-17626

Описание

Затронутые продукты

Ссылки