Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE Linux 15-SP3: SUSE-SU-2022:2174-1 Important Command Injection

suse
Calendar Grey June 24, 2022
Dist Suse Esm H88
To tackle command injection vulnerabilities in Python 3.9 on SUSE Linux Enterprise 15, apply the latest security updates from the SUSE team to safeguard your system
An update that solves one vulnerability, contains one feature and has one errata is now available

Summary

This update for python39 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). - Update to 3.9.13: - Core and Builtins - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass. - gh-92036: Fix a crash in subinterpreters related to the garbage collector. When a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a crash in deallocator functions expecting objects to be tracked by the GC, leak a strong reference to these objects on purpose, so they are never deleted and their deallocator functions are not called. Patch by Victor Stinner. - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex.

Topics%20covered

Topics Covered

security advisory update important SUSE command injection python39

References

#1192249 #1198511 SLE-21253

Cross- CVE-2015-20107

CVSS scores:

CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Affected Products:

SUSE Linux Enterprise Desktop 15-SP3

SUSE Linux Enterprise High Performance Computing 15-SP3

SUSE Linux Enterprise Module for Basesystem 15-SP3

SUSE Linux Enterprise Module for Development Tools 15-SP3

SUSE Linux Enterprise Server 15-SP3

SUSE Linux Enterprise Server for SAP Applications 15-SP3

SUSE Manager Proxy 4.2

SUSE Manager Server 4.2

openSUSE Leap 15.3

openSUSE Leap 15.4

https://www.suse.com/security/cve/CVE-2015-20107.html

https://bugzilla.suse.com/1192249

https://bugzilla.suse.com/1198511

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2174-1
Rating: important

Topics%20covered

Topics Covered

security advisory update important SUSE command injection python39

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here