Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

SUSE CaaS Platform 3.0: 2018:2493-1 Moderate: Python Denial Of Service

suse
Calendar Grey August 24, 2018
Dist Suse Esm H88
SUSE Security Patch for python: addresses CVE-2017-18208 with moderate importance classification. Update accessible now.
An update that fixes one vulnerability is now available

Summary

This update for python fixes the following issues: The following security vulnerabilities were addressed: - Add a check to Lib/wave.py that verifies that at least one channel is provided. Prior to this, attackers could cause a denial of service via a crafted wav format audio file. [bsc#1083507, CVE-2017-18207] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 3.0 (x86_64): libpython2_7-1_0-2.7.13-28.11.2

References

#1083507

Cross- CVE-2017-18207

Affected Products:

SUSE CaaS Platform 3.0

https://www.suse.com/security/cve/CVE-2017-18207.html

https://bugzilla.suse.com/1083507

Announcement ID: SUSE-SU-2018:2493-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.