SUSE Linux 12-SP5: 2020:3563-1 Important: Python Security Issues

suse

November 30, 2020

An update that fixes 7 vulnerabilities, contains two features is now available

Summary

This update for python36 fixes the following issues: Update to 3.6.12, including the following fixes: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) - Fixed CRLF injection via HTTP request method in httplib/http.client (bsc#1177211 CVE-2020-26116) - Fixed possible infinite loop in specifically crafted tarball (bsc#1174091 CVE-2019-20907) - Fixed a CRLF injection via the host part of the url passed to urlopen() (bsc#1155094 CVE-2019-18348) - Reamed idle icons to idle3 in order to avoid conflicts with python2 (bsc#1165894) - Handful of compatibility changes between SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738, bsc#1179193) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods

Topics Covered

security advisory security issue buffer overflow software update directory traversal important python SUSE Linux python update important update CRLF injection HTTP injection

References

#1149955 #1165894 #1174091 #1176262 #1177211

ECO-2799 SLE-13738

Cross- CVE-2019-16056 CVE-2019-20907 CVE-2019-20916

CVE-2019-5010 CVE-2020-14422 CVE-2020-26116

CVE-2020-8492

Affected Products:

SUSE Linux Enterprise Server 12-SP5

https://www.suse.com/security/cve/CVE-2019-16056.html

https://www.suse.com/security/cve/CVE-2019-20907.html

https://www.suse.com/security/cve/CVE-2019-20916.html

https://www.suse.com/security/cve/CVE-2019-5010.html

https://www.suse.com/security/cve/CVE-2020-14422.html

https://www.suse.com/security/cve/CVE-2020-26116.html

https://www.suse.com/security/cve/CVE-2020-8492.html

https://bugzilla.suse.com/1149955

https://bugzilla.suse.com/1165894

https://bugzilla.suse.com/1174091

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2020:3563-1

Rating: important

Topics Covered

security advisory security issue buffer overflow software update directory traversal important python SUSE Linux python update important update CRLF injection HTTP injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12-SP5: 2020:3563-1 Important: Python Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux 12-SP5: 2020:3563-1 Important: Python Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!