Описание
Security update for python39
This update for python39 fixes the following issues:
- CVE-2021-29921: Fixed improper input validation of octal string IP addresses (bsc#1185706).
- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).
- Stop providing 'python' symbol (bsc#1185588), which means python2 currently.
Список пакетов
openSUSE Leap 15.3
python39-3.9.6-4.3.4
python39-32bit-3.9.6-4.3.4
python39-curses-3.9.6-4.3.4
python39-dbm-3.9.6-4.3.4
python39-idle-3.9.6-4.3.4
python39-tk-3.9.6-4.3.4
Ссылки
- E-Mail link for openSUSE-SU-2021:2940-1
- SUSE Security Ratings
- SUSE Bug 1183858
- SUSE Bug 1185588
- SUSE Bug 1185706
- SUSE CVE CVE-2021-29921 page
Описание
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
Затронутые продукты
openSUSE Leap 15.3:python39-3.9.6-4.3.4
openSUSE Leap 15.3:python39-32bit-3.9.6-4.3.4
openSUSE Leap 15.3:python39-curses-3.9.6-4.3.4
openSUSE Leap 15.3:python39-dbm-3.9.6-4.3.4
Ссылки
- CVE-2021-29921
- SUSE Bug 1185706