Описание
Security update for python-typed-ast
This update for python-typed-ast fixes the following issues:
python-typed-ast was reverted to version 1.3.1 because it broke another package (bsc#1163532).
Security issues fixed:
- CVE-2019-19274: Fixed an out-of-bounds read (bsc#1161562).
- CVE-2019-19275: Fixed an out-of-bounds read (bsc#1161563).
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0567-1
- SUSE Security Ratings
- SUSE Bug 1161562
- SUSE Bug 1161563
- SUSE Bug 1163532
- SUSE CVE CVE-2019-19274 page
- SUSE CVE CVE-2019-19275 page
Описание
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
Затронутые продукты
Ссылки
- CVE-2019-19274
- SUSE Bug 1161562
Описание
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
Затронутые продукты
Ссылки
- CVE-2019-19275
- SUSE Bug 1161563