Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

SUSE: 2020:0557-1 moderate: Fix for HTTP DoS in python36 security issue

suse
Calendar Grey March 2, 2020
Dist Suse Esm H88
SUSE has issued a security update for python36 addressing two vulnerabilities. Discover the details of the fixes and guidance for patching.
An update that solves two vulnerabilities and has one errata is now available

Summary

This update for python36 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP (bsc#1162367). Non-security issue fixed: - If the locale is "C", coerce it to C.UTF-8 (bsc#1162423). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-557=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.10-4.6.1

Topics%20covered

Topics Covered

security advisory moderate SUSE HTTP DoS python36

References

#1162367 #1162423 #1162825

Cross- CVE-2019-9674 CVE-2020-8492

Affected Products:

SUSE Linux Enterprise Server 12-SP5

https://www.suse.com/security/cve/CVE-2019-9674.html

https://www.suse.com/security/cve/CVE-2020-8492.html

https://bugzilla.suse.com/1162367

https://bugzilla.suse.com/1162423

https://bugzilla.suse.com/1162825

Announcement ID: SUSE-SU-2020:0557-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate SUSE HTTP DoS python36

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here