Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

openSUSE: 2023:2890-1 Critical Vulnerability Patch for Python311

opensuse
Calendar Grey July 19, 2023
Dist Opensuse Esm H88
A new security patch for Python 3.10 addresses a pair of vulnerabilities and improves set marshalling. Crucial update now accessible.
This update for python310 fixes the following issues: Make marshalling of `set` and `frozenset` deterministic (bsc#1211765)

Description

This update for python310 fixes the following issues:

* Make marshalling of `set` and `frozenset` deterministic (bsc#1211765)

python310 was updated to 3.10.12:

* urllib.parse.urlsplit() now strips leading C0 control and space characters

following the specification for URLs defined by WHATWG in response to

CVE-2023-24329 (bsc#1208471).

* Fixed a security in flaw in uu.decode() that could allow for directory

traversal based on the input if no out_file was specified.

* Do not expose the local on-disk location in directory indexes produced by

http.client.SimpleHTTPRequestHandler.

* trace. **main** now uses io.open_code() for files to be executed instead of

raw open().

* CVE-2007-4559: The extraction methods in tarfile, and

shutil.unpack_archive(), have a new filter argument that allows limiting tar

features than may be surprising or dangerous, such as creating files outside

the destination directory. See Extraction filters for details...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory software update security patch important fix openSUSE python310 marshalling issue

Patch

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation

methods like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5

zypper in -t patch openSUSE-SLE-15.5-2023-2884=1

* Python 3 Module 15-SP4

zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-2884=1

* openSUSE Leap 15.4

zypper in -t patch openSUSE-SLE-15.4-2023-2884=1

Package List

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)

* python310-doc-devhelp-3.10.12-150400.4.30.1

* python310-testsuite-3.10.12-150400.4.30.1

* python310-core-debugsource-3.10.12-150400.4.30.1

* python310-debugsource-3.10.12-150400.4.30.1

* python310-testsuite-debuginfo-3.10.12-150400.4.30.1

* python310-devel-3.10.12-150400.4.30.1

* python310-debuginfo-3.10.12-150400.4.30.1

* python310-dbm-3.10.12-150400.4.30.1

* python310-base-debuginfo-3.10.12-150400.4.30.1

* python310-tools-3.10.12-150400.4.30.1

* libpython3_10-1_0-debuginfo-3.10.12-150400.4.30.1

* python310-curses-debuginfo-3.10.12-150400.4.30.1

* python310-idle-3.10.12-150400.4.30.1

* python310-3.10.12-150400.4.30.1

* python310-base-3.10.12-150400.4.30.1

* libpython3_10-1_0-3.10.12-150400.4.30.1

* python310-doc-3.10.12-150400.4.30.1

* python310-tk-debuginfo-3.10.12-150400.4.30.1

* python310-dbm-debuginfo-3.10.12-150400.4.30.1

* python310-tk-3.10.12-150400.4.30.1

* python310-curses-3.10.12-150400.4.30.1

* openSUSE Leap 15.5 (x86_64)

*...

Read the Full Advisory

References

* #1203750

* #1208471

* #1211765

## References:

* https://www.suse.com/security/cve/CVE-2007-4559.html

* https://www.suse.com/security/cve/CVE-2023-24329.html

* https://bugzilla.suse.com/show_bug.cgi?id=1203750

* https://bugzilla.suse.com/show_bug.cgi?id=1208471

* https://bugzilla.suse.com/show_bug.cgi?id=1211765

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:2884-1
Rating: important

Topics%20covered

Topics Covered

security advisory software update security patch important fix openSUSE python310 marshalling issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here