Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 553
Alerts This Week
Warning Icon 1 553

openSUSE: 2023:0040-3 Moderate: Ruby-Vulnerability Exploit

opensuse
Calendar Grey January 23, 2023
Dist Opensuse Esm H88
An update for openSUSE has been released to tackle a medium severity denial of service issue found in python-mechanize for users.
An update that solves one vulnerability and has one errata is now available

Description

This update for python-mechanize fixes the following issues:

Update to version 0.4.8:

- CVE-2021-32837: Fixed a denial of service via regular expression

(boo#1207242).

- Fixed mechanize not found during build (boo#1202003).

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2023-30=1

Package List

- openSUSE Backports SLE-15-SP4 (noarch):

python3-mechanize-0.4.8-bp154.2.3.1

References

https://www.suse.com/security/cve/CVE-2021-32837.html

https://bugzilla.suse.com/1202003

https://bugzilla.suse.com/1207242

Announcement ID: openSUSE-SU-2023:0030-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP4 ble.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.