SUSE: 2022:2467-1 Important: bci/python DoS And Security Flaws
suse
October 7, 2022
The container bci/python was updated
Summary
Advisory ID: SUSE-SU-2022:3473-1 Released: Fri Sep 30 10:33:55 2022 Summary: Security update for python310 Type: security Severity: important Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important
Topics Covered
References
References : 1202624 1203125 1203438 CVE-2020-10735 CVE-2021-28861 CVE-2022-40674
1202624,1203125,CVE-2020-10735,CVE-2021-28861
This update for python310 fixes the following issues:
Updated to version 3.10.7:
- CVE-2020-10735: Fixed DoS due to missing limit of amount of digits when converting text to int (bsc#1203125).
- CVE-2021-28861: Fixed an open redirect in the http server when an URI path starts with // (bsc#1202624).
1203438,CVE-2022-40674
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
The following package changes have been done:
- libexpat1-2.4.4-150400.3.9.1 updated
- libpython3_10-1_0-3.10.7-150400.4.10.1 updated
- python310-base-3.10.7-150400.4.10.1 updated
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Container Advisory ID : SUSE-CU-2022:2467-1
Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-5.42 , bci/python:latest
Container Release : 5.42
Severity : important
Type : security
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!