openSUSE-SU-2021:1553-1

Опубликовано: 10 дек. 2021

Источник: suse-cvrf

Описание

Security update for python-Babel

This update for python-Babel fixes the following issues:

CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2

python-Babel-doc-2.8.0-lp152.2.3.1

python2-Babel-2.8.0-lp152.2.3.1

python3-Babel-2.8.0-lp152.2.3.1

python3-Babel-doc-2.8.0-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WAKYSLN4RPESEDQ7LN7KPRMYQUFA4SYU/
E-Mail link for openSUSE-SU-2021:1553-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1185768
SUSE Bug 1185768
https://www.suse.com/security/cve/CVE-2021-42771/
SUSE CVE CVE-2021-42771 page

Описание

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.

Затронутые продукты

openSUSE Leap 15.2:python-Babel-doc-2.8.0-lp152.2.3.1

openSUSE Leap 15.2:python2-Babel-2.8.0-lp152.2.3.1

openSUSE Leap 15.2:python3-Babel-2.8.0-lp152.2.3.1

openSUSE Leap 15.2:python3-Babel-doc-2.8.0-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-42771.html
CVE-2021-42771
https://bugzilla.suse.com/1185768
SUSE Bug 1185768

openSUSE-SU-2021:1553-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-42771

Описание

Затронутые продукты

Ссылки