What Are You Looking For?

Sign Up


# Security update for python-reportlab

Announcement ID: SUSE-SU-2023:4048-1  
Rating: important  
References:

  * #1215560

  
Cross-References:

  * CVE-2019-19450

  
CVSS scores:

  * CVE-2019-19450 ( SUSE ):  7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2019-19450 ( NVD ):  9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * SUSE Linux Enterprise High Performance Computing 12 SP5
  * SUSE Linux Enterprise Server 12 SP5
  * SUSE Linux Enterprise Server for SAP Applications 12 SP5
  * SUSE Linux Enterprise Workstation Extension 12 12-SP5

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for python-reportlab fixes the following issues:

  * CVE-2019-19450: Fixed an issue which allowed remote code execution via
    start_unichar in paraparser.py evaluating untrusted user input.
    (bsc#1215560)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Workstation Extension 12 12-SP5  
    zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4048=1

## Package List:

  * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
    * python-reportlab-debuginfo-2.7-3.16.1
    * python-reportlab-debugsource-2.7-3.16.1
    * python-reportlab-2.7-3.16.1

## References:

  * https://www.suse.com/security/cve/CVE-2019-19450.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1215560

SUSE: 2023:4048-1 important: python-reportlab

October 11, 2023
* #1215560 Cross-References: * CVE-2019-19450

Summary

## This update for python-reportlab fixes the following issues: * CVE-2019-19450: Fixed an issue which allowed remote code execution via start_unichar in paraparser.py evaluating untrusted user input. (bsc#1215560) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4048=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * python-reportlab-debuginfo-2.7-3.16.1 * python-reportlab-debugsource-2.7-3.16.1 * python-reportlab-2.7-3.16.1

References

* #1215560

Cross-

* CVE-2019-19450

CVSS scores:

* CVE-2019-19450 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2019-19450 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

* SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2019-19450.html

* https://bugzilla.suse.com/show_bug.cgi?id=1215560

Severity
Announcement ID: SUSE-SU-2023:4048-1
Rating: important

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo