openSUSE-SU-2020:1257-1

Опубликовано: 24 авг. 2020

Источник: suse-cvrf

Описание

Security update for python

This update for python fixes the following issues:

CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs (bsc#1174091).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

libpython2_7-1_0-2.7.17-lp151.10.21.1

libpython2_7-1_0-32bit-2.7.17-lp151.10.21.1

python-2.7.17-lp151.10.21.1

python-32bit-2.7.17-lp151.10.21.1

python-base-2.7.17-lp151.10.21.1

python-base-32bit-2.7.17-lp151.10.21.1

python-curses-2.7.17-lp151.10.21.1

python-demo-2.7.17-lp151.10.21.1

python-devel-2.7.17-lp151.10.21.1

python-doc-2.7.17-lp151.10.21.1

python-doc-pdf-2.7.17-lp151.10.21.1

python-gdbm-2.7.17-lp151.10.21.1

python-idle-2.7.17-lp151.10.21.1

python-tk-2.7.17-lp151.10.21.1

python-xml-2.7.17-lp151.10.21.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L55Z4K254SOWYSZ2NJQQPAT7PFMYEWIR/
E-Mail link for openSUSE-SU-2020:1257-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1174091
SUSE Bug 1174091
https://www.suse.com/security/cve/CVE-2019-20907/
SUSE CVE CVE-2019-20907 page

Описание

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Затронутые продукты

openSUSE Leap 15.1:libpython2_7-1_0-2.7.17-lp151.10.21.1

openSUSE Leap 15.1:libpython2_7-1_0-32bit-2.7.17-lp151.10.21.1

openSUSE Leap 15.1:python-2.7.17-lp151.10.21.1

openSUSE Leap 15.1:python-32bit-2.7.17-lp151.10.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-20907.html
CVE-2019-20907
https://bugzilla.suse.com/1174091
SUSE Bug 1174091

openSUSE-SU-2020:1257-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-20907

Описание

Затронутые продукты

Ссылки