Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

SUSE: 2021:0529-1 Moderate: Python3 Buffer Overflow Fix

suse
Calendar Grey February 19, 2021
Dist Suse Esm H88
New python3 patch released on SUSE to remedy multiple vulnerabilities, focusing on mitigating security threats and improving overall system reliability.
An update that solves two vulnerabilities and has two fixes is now available

Summary

This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-529=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-529=1 Package List:

References

#1176262 #1179756 #1180686 #1181126

Cross- CVE-2019-20916 CVE-2021-3177

CVSS scores:

CVE-2019-20916 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2019-20916 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CVE-2021-3177 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-3177 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Module for Development Tools 15-SP2

SUSE Linux Enterprise Module for Basesystem 15-SP2

https://www.suse.com/security/cve/CVE-2019-20916.html

https://www.suse.com/security/cve/CVE-2021-3177.html

https://bugzilla.suse.com/1176262

https://bugzilla.suse.com/1179756

https://bugzilla.suse.com/1180686

https://bugzilla.suse.com/1181126

Announcement ID: SUSE-SU-2021:0529-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.