SUSE: 2020:1524-1 Moderate: Python Denial of Service Fix
suse
June 3, 2020
An update that solves three vulnerabilities and has 18 fixes is now available
Summary
This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed mismatches between libpython and python-base versions (bsc#1162224). - Fixed segfault in libpython2.7.so.1 (bsc#1073748). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830).
References
#1027282 #1041090 #1042670 #1073269 #1073748
#1078326 #1078485 #1081750 #1084650 #1086001
#1149792 #1153830 #1155094 #1159035 #1162224
#1162367 #1162825 #1165894 #1170411 #1171561
#945401
Cross- CVE-2019-18348 CVE-2019-9674 CVE-2020-8492
Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 7
SUSE Linux Enterprise Workstation Extension 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP4
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server for SAP 12-SP1
SUS...
Read the Full Advisory
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2020:1524-1
Rating: moderate
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!