Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

SUSE Enterprise Storage: 2021:0048-1 Moderate: Python Package Issues

suse
Calendar Grey January 8, 2021
Scroller Suse
Enhance system security by utilizing the recent SUSE update that resolves a significant vulnerability in essential Python libraries.
An update that solves one vulnerability and has two fixes is now available

Summary

This update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec fixes the following issues: - Update to 0.6.0 - Increase test coverage. - Add badges to README. - Test on Python 3.7 stable and 3.8-dev - Drop support for Python 3.4 - No longer pass *html* argument to XMLParse. It has been deprecated and ignored for a long time. The DefusedXMLParser still takes a html argument. A deprecation warning is issued when the argument is False and a TypeError when it's True. - defusedxml now fails early when pyexpat stdlib module is not available or broken. - defusedxml.ElementTree.__all__ now lists ParseError as public attribute. - The defusedxml.ElementTree and defusedxml.cElementTree modules had a typo and used XMLParse instead of XMLParser as an alias for

References

#1019074 #1041090 #1177200

Cross- CVE-2017-11427

Affected Products:

SUSE Enterprise Storage 6

https://www.suse.com/security/cve/CVE-2017-11427.html

https://bugzilla.suse.com/1019074

https://bugzilla.suse.com/1041090

https://bugzilla.suse.com/1177200

Announcement ID: SUSE-SU-2021:0048-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.