openSUSE-SU-2020:0274-1

Опубликовано: 01 мар. 2020

Источник: suse-cvrf

Описание

Security update for python3

This update for python3 fixes the following issues:

Security issues fixed:

CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825).
CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367).

Non-security issue fixed:

If the locale is 'C', coerce it to C.UTF-8 (bsc#1162423).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

libpython3_6m1_0-3.6.10-lp151.6.11.1

libpython3_6m1_0-32bit-3.6.10-lp151.6.11.1

python3-3.6.10-lp151.6.11.1

python3-32bit-3.6.10-lp151.6.11.1

python3-base-3.6.10-lp151.6.11.1

python3-base-32bit-3.6.10-lp151.6.11.1

python3-curses-3.6.10-lp151.6.11.1

python3-dbm-3.6.10-lp151.6.11.1

python3-devel-3.6.10-lp151.6.11.1

python3-idle-3.6.10-lp151.6.11.1

python3-testsuite-3.6.10-lp151.6.11.1

python3-tk-3.6.10-lp151.6.11.1

python3-tools-3.6.10-lp151.6.11.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KM6NAXPFOSRYBXLYJ4E6REOSYLCOBSFU/
E-Mail link for openSUSE-SU-2020:0274-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1162224
SUSE Bug 1162224
https://bugzilla.suse.com/1162367
SUSE Bug 1162367
https://bugzilla.suse.com/1162423
SUSE Bug 1162423
https://bugzilla.suse.com/1162825
SUSE Bug 1162825
https://www.suse.com/security/cve/CVE-2019-9674/
SUSE CVE CVE-2019-9674 page
https://www.suse.com/security/cve/CVE-2020-8492/
SUSE CVE CVE-2020-8492 page

Описание

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

Затронутые продукты

openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.11.1

openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.11.1

openSUSE Leap 15.1:python3-3.6.10-lp151.6.11.1

openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-9674.html
CVE-2019-9674
https://bugzilla.suse.com/1162825
SUSE Bug 1162825

Описание

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Затронутые продукты

openSUSE Leap 15.1:libpython3_6m1_0-3.6.10-lp151.6.11.1

openSUSE Leap 15.1:libpython3_6m1_0-32bit-3.6.10-lp151.6.11.1

openSUSE Leap 15.1:python3-3.6.10-lp151.6.11.1

openSUSE Leap 15.1:python3-32bit-3.6.10-lp151.6.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8492.html
CVE-2020-8492
https://bugzilla.suse.com/1162367
SUSE Bug 1162367

openSUSE-SU-2020:0274-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-9674

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-8492

Описание

Затронутые продукты

Ссылки