Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

SUSE: 2024:3411-1 important: python39 ReDoS and resource issues

suse
Calendar Grey September 24, 2024
Dist Suse Esm H88
Bolster your platform's protection using SUSE's Python39 security patch that tackles urgent vulnerabilities throughout multiple components.
* bsc#1229596 * bsc#1229704 * bsc#1230227 Cross-References:

Summary

## This update for python39 fixes the following issues: * Update to 3.9.20: * CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) * CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596) * CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3411=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3411=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3411=1

Topics%20covered

Topics Covered

security advisory important suse python redos resource issues

References

* bsc#1229596

* bsc#1229704

* bsc#1230227

Cross-

* CVE-2024-6232

* CVE-2024-7592

* CVE-2024-8088

CVSS scores:

* CVE-2024-6232 ( SUSE ): 8.9

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

* CVE-2024-6232 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-6232 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-7592 ( SUSE ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

* CVE-2024-7592 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-8088 ( SUSE ): 5.9

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-8088 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* Legacy Module 15-SP5

* openSUSE Leap 15.3

* openSUSE Leap 15.5

* openSUSE Leap 15.6

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3411-1
Rating: important

Topics%20covered

Topics Covered

security advisory important suse python redos resource issues

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here