Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorymoderatevulnerabilitySUSE: 2024:0581-1 Moderate: Python3 Email Parsing Threat
* bsc#1210638 Cross-References: * CVE-2023-27043 . # Security update for python3 Announcement ID: SUSE-SU-2024:0581-1 Rating: moderate References: * bsc#1210638 Cross-References: * CVE-2023-27043 CVSS scores: * CVE-2023-27043 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-27043 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-581=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-581=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-581=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-581=1 * openSUSE Leap 15.3 zypper in -t patchSUSE-2024-581=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-581=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-581=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-581=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-581=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-581=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-581=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-581=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-581=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-3.6.15-150300.10.54.1 * python3-debuginfo-3.6.15-150300.10.54.1 * python3-devel-3.6.15-150300.10.54.1 * python3-base-3.6.15-150300.10.54.1 * python3-devel-debuginfo-3.6.15-150300.10.54.1 * python3-tk-debuginfo-3.6.15-150300.10.54.1 * python3-curses-debuginfo-3.6.15-150300.10.54.1 * python3-dbm-3.6.15-150300.10.54.1 * python3-dbm-debuginfo-3.6.15-150300.10.54.1 * python3-curses-3.6.15-150300.10.54.1 * python3-tk-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * python3-idle-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-tools-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-3.6.15-150300.10.54.1 *python3-debuginfo-3.6.15-150300.10.54.1 * python3-base-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-3.6.15-150300.10.54.1 * python3-debuginfo-3.6.15-150300.10.54.1 * python3-base-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python3-3.6.15-150300.10.54.1 * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-base-3.6.15-150300.10.54.1 * python3-dbm-3.6.15-150300.10.54.1 * python3-testsuite-debuginfo-3.6.15-150300.10.54.1 * python3-doc-devhelp-3.6.15-150300.10.54.1 * python3-idle-3.6.15-150300.10.54.1 * python3-doc-3.6.15-150300.10.54.1 * python3-debuginfo-3.6.15-150300.10.54.1 * python3-devel-3.6.15-150300.10.54.1 * python3-curses-debuginfo-3.6.15-150300.10.54.1 * python3-dbm-debuginfo-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-devel-debuginfo-3.6.15-150300.10.54.1 * python3-tk-debuginfo-3.6.15-150300.10.54.1 * python3-tools-3.6.15-150300.10.54.1 * python3-tk-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * python3-testsuite-3.6.15-150300.10.54.1 * python3-curses-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * openSUSE Leap 15.3 (x86_64) * libpython3_6m1_0-32bit-3.6.15-150300.10.54.1 * libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.54.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libpython3_6m1_0-64bit-debuginfo-3.6.15-150300.10.54.1 * libpython3_6m1_0-64bit-3.6.15-150300.10.54.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-3.6.15-150300.10.54.1 * python3-debuginfo-3.6.15-150300.10.54.1 * python3-base-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-3.6.15-150300.10.54.1 * python3-debuginfo-3.6.15-150300.10.54.1 * python3-base-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-3.6.15-150300.10.54.1 * python3-base-3.6.15-150300.10.54.1 * python3-dbm-3.6.15-150300.10.54.1 * python3-testsuite-debuginfo-3.6.15-150300.10.54.1 * python3-doc-devhelp-3.6.15-150300.10.54.1 * python3-idle-3.6.15-150300.10.54.1 * python3-doc-3.6.15-150300.10.54.1 * python3-debuginfo-3.6.15-150300.10.54.1 * python3-devel-3.6.15-150300.10.54.1 * python3-curses-debuginfo-3.6.15-150300.10.54.1 * python3-dbm-debuginfo-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-devel-debuginfo-3.6.15-150300.10.54.1 * python3-tk-debuginfo-3.6.15-150300.10.54.1 * python3-tools-3.6.15-150300.10.54.1 * python3-tk-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * python3-testsuite-3.6.15-150300.10.54.1 * python3-curses-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * openSUSE Leap 15.5 (x86_64) * libpython3_6m1_0-32bit-3.6.15-150300.10.54.1 * libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.54.1 * SUSE Linux Enterprise Micro forRancher 5.3 (aarch64 s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-3.6.15-150300.10.54.1 * python3-debuginfo-3.6.15-150300.10.54.1 * python3-base-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-3.6.15-150300.10.54.1 * python3-debuginfo-3.6.15-150300.10.54.1 * python3-base-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-3.6.15-150300.10.54.1 * python3-debuginfo-3.6.15-150300.10.54.1 * python3-base-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-3.6.15-150300.10.54.1 * python3-debuginfo-3.6.15-150300.10.54.1 * python3-base-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.54.1 * python3-base-debuginfo-3.6.15-150300.10.54.1 * libpython3_6m1_0-3.6.15-150300.10.54.1 * python3-3.6.15-150300.10.54.1 * python3-debuginfo-3.6.15-150300.10.54.1 *python3-base-3.6.15-150300.10.54.1 * python3-debugsource-3.6.15-150300.10.54.1 * python3-core-debugsource-3.6.15-150300.10.54.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27043.html * https://bugzilla.suse.com/show_bug.cgi?id=1210638 . Python3 has introduced critical updates for email parsing vulnerabilities. Follow these steps for installation on various SUSE distributions:. SUSE Linux Update, Python3 Security Fix, Email Parsing Update. . Severity: Important. LinuxSecurity.com Team
Feb 21, 2024
•Important
SuSE
98
security advisorysecurity updateRed Hat Enterprise LinuxRed Hat Enterprise Linux: RHSA-2020-2520-01 Moderate: Python Issue
An update for python is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: python security update Advisory ID: RHSA-2020:2520-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2520 Issue date: 2020-06-10 CVE Names: CVE-2019-16056 ==================================================================== 1. Summary: An update for python is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4.Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1749839 - CVE-2019-16056 python: email.utils.parseaddr wrongly parses email addresses 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7): Source: python-2.7.5-87.el7_7.src.rpm x86_64: python-2.7.5-87.el7_7.x86_64.rpm python-debuginfo-2.7.5-87.el7_7.i686.rpm python-debuginfo-2.7.5-87.el7_7.x86_64.rpm python-devel-2.7.5-87.el7_7.x86_64.rpm python-libs-2.7.5-87.el7_7.i686.rpm python-libs-2.7.5-87.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7): x86_64: python-debug-2.7.5-87.el7_7.x86_64.rpm python-debuginfo-2.7.5-87.el7_7.x86_64.rpm python-test-2.7.5-87.el7_7.x86_64.rpm python-tools-2.7.5-87.el7_7.x86_64.rpm tkinter-2.7.5-87.el7_7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.7): Source: python-2.7.5-87.el7_7.src.rpm ppc64: python-2.7.5-87.el7_7.ppc64.rpm python-debuginfo-2.7.5-87.el7_7.ppc.rpm python-debuginfo-2.7.5-87.el7_7.ppc64.rpm python-devel-2.7.5-87.el7_7.ppc64.rpm python-libs-2.7.5-87.el7_7.ppc.rpm python-libs-2.7.5-87.el7_7.ppc64.rpm ppc64le: python-2.7.5-87.el7_7.ppc64le.rpm python-debuginfo-2.7.5-87.el7_7.ppc64le.rpm python-devel-2.7.5-87.el7_7.ppc64le.rpm python-libs-2.7.5-87.el7_7.ppc64le.rpm s390x: python-2.7.5-87.el7_7.s390x.rpm python-debuginfo-2.7.5-87.el7_7.s390.rpm python-debuginfo-2.7.5-87.el7_7.s390x.rpm python-devel-2.7.5-87.el7_7.s390x.rpm python-libs-2.7.5-87.el7_7.s390.rpm python-libs-2.7.5-87.el7_7.s390x.rpm x86_64: python-2.7.5-87.el7_7.x86_64.rpm python-debuginfo-2.7.5-87.el7_7.i686.rpm python-debuginfo-2.7.5-87.el7_7.x86_64.rpm python-devel-2.7.5-87.el7_7.x86_64.rpm python-libs-2.7.5-87.el7_7.i686.rpm python-libs-2.7.5-87.el7_7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v.7.7): ppc64: python-debug-2.7.5-87.el7_7.ppc64.rpm python-debuginfo-2.7.5-87.el7_7.ppc64.rpm python-test-2.7.5-87.el7_7.ppc64.rpm python-tools-2.7.5-87.el7_7.ppc64.rpm tkinter-2.7.5-87.el7_7.ppc64.rpm ppc64le: python-debug-2.7.5-87.el7_7.ppc64le.rpm python-debuginfo-2.7.5-87.el7_7.ppc64le.rpm python-test-2.7.5-87.el7_7.ppc64le.rpm python-tools-2.7.5-87.el7_7.ppc64le.rpm tkinter-2.7.5-87.el7_7.ppc64le.rpm s390x: python-debug-2.7.5-87.el7_7.s390x.rpm python-debuginfo-2.7.5-87.el7_7.s390x.rpm python-test-2.7.5-87.el7_7.s390x.rpm python-tools-2.7.5-87.el7_7.s390x.rpm tkinter-2.7.5-87.el7_7.s390x.rpm x86_64: python-debug-2.7.5-87.el7_7.x86_64.rpm python-debuginfo-2.7.5-87.el7_7.x86_64.rpm python-test-2.7.5-87.el7_7.x86_64.rpm python-tools-2.7.5-87.el7_7.x86_64.rpm tkinter-2.7.5-87.el7_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-16056 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXuGKCtzjgjWX9erEAQiNAg/9FDpMyacNHl9B2YvArrkjUZ9YeeXaBkT7 U3daF+3AcExE7KxhVRHwg2o8w0gLCycPoeOK/VGMSyRdvc/2e8eArkiEbbE+L3zJ U0Qi1Wgq4eTn/c+lt90GUAD9akxTLn/jQTtpSV8C/2sagfE2TCvkMj4AnAhU7rwF G8gaEs9z6+6oklblnDbLP2OkyAdkWj86GyRt+FF9klXNuUH5gX9Q0L2KMDLc6yO/ CL4Vao5i3OFfJB2FyFv/1XwOzeeeOQJQuAfwi25EJyHWAABkv6Y0OD20sLFokqnf Wd8lNja7n1gC5UjLDffsx3gORTTnSnuZdBWounAd7eAA0ObR7XF4+NAaXFIuioqn N0SXWWvEQlT1BHdKvNfCE+eagYb86zBf+Gg2VNKDhSx9ct9bqMEyIHUpWmzOai5l cxxMakNeo182v1gsbmFhEMUyGHDPxN8Ph7Htt+uTXpHaaoGtMOd+ERt0yfeS38Wo S9NYJuW97JmaVs74ntr6ZRr9vMXJuW0EiYVefJ1fjHVlNO3XwF2Icglk9lxddHEH O9yhUvdkzWhsxiljleivDjdbJbM+eFC0LsZYxgqSymwbojqEm7BRJ+wWtq9DfaBu bMD6Xv9ZbwlQ1adNW58/9dHqAzaamfvvHON+H3qpMZq3onICZyoT1CfNJ6/J/sIS VcphMlRbLjs=I0tu -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 10, 2020
Red Hat
98
security advisorysecurity updateRed HatRedHat: RHSA-2020:1132-01 Moderate: Python3 Cookie Domain Check Issue
An update for python3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: python3 security update Advisory ID: RHSA-2020:1132-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1132 Issue date: 2020-03-31 CVE Names: CVE-2018-20852 CVE-2019-16056 ==================================================================== 1. Summary: An update for python3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This package provides the "python3" executable: thereference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3-libs package, which should be installed automatically along with python3. The remaining parts of the Python standard library are broken out into the python3-tkinter and python3-test packages. Security Fix(es): * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1732908 - Python 3.6 lacks FIPS support 1740347 - CVE-2018-20852 python: Cookie domain check returns incorrect results 1749839 - CVE-2019-16056 python: email.utils.parseaddr wrongly parses email addresses 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: python3-3.6.8-13.el7.src.rpm x86_64: python3-3.6.8-13.el7.x86_64.rpm python3-debuginfo-3.6.8-13.el7.i686.rpm python3-debuginfo-3.6.8-13.el7.x86_64.rpm python3-libs-3.6.8-13.el7.i686.rpm python3-libs-3.6.8-13.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v.7): x86_64: python3-3.6.8-13.el7.i686.rpm python3-debug-3.6.8-13.el7.i686.rpm python3-debug-3.6.8-13.el7.x86_64.rpm python3-debuginfo-3.6.8-13.el7.i686.rpm python3-debuginfo-3.6.8-13.el7.x86_64.rpm python3-devel-3.6.8-13.el7.i686.rpm python3-devel-3.6.8-13.el7.x86_64.rpm python3-idle-3.6.8-13.el7.i686.rpm python3-idle-3.6.8-13.el7.x86_64.rpm python3-test-3.6.8-13.el7.i686.rpm python3-test-3.6.8-13.el7.x86_64.rpm python3-tkinter-3.6.8-13.el7.i686.rpm python3-tkinter-3.6.8-13.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: python3-3.6.8-13.el7.src.rpm x86_64: python3-3.6.8-13.el7.x86_64.rpm python3-debuginfo-3.6.8-13.el7.i686.rpm python3-debuginfo-3.6.8-13.el7.x86_64.rpm python3-libs-3.6.8-13.el7.i686.rpm python3-libs-3.6.8-13.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: python3-3.6.8-13.el7.i686.rpm python3-debug-3.6.8-13.el7.i686.rpm python3-debug-3.6.8-13.el7.x86_64.rpm python3-debuginfo-3.6.8-13.el7.i686.rpm python3-debuginfo-3.6.8-13.el7.x86_64.rpm python3-devel-3.6.8-13.el7.i686.rpm python3-devel-3.6.8-13.el7.x86_64.rpm python3-idle-3.6.8-13.el7.i686.rpm python3-idle-3.6.8-13.el7.x86_64.rpm python3-test-3.6.8-13.el7.i686.rpm python3-test-3.6.8-13.el7.x86_64.rpm python3-tkinter-3.6.8-13.el7.i686.rpm python3-tkinter-3.6.8-13.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: python3-3.6.8-13.el7.src.rpm ppc64: python3-3.6.8-13.el7.ppc64.rpm python3-debuginfo-3.6.8-13.el7.ppc.rpm python3-debuginfo-3.6.8-13.el7.ppc64.rpm python3-libs-3.6.8-13.el7.ppc.rpm python3-libs-3.6.8-13.el7.ppc64.rpm ppc64le: python3-3.6.8-13.el7.ppc64le.rpm python3-debuginfo-3.6.8-13.el7.ppc64le.rpm python3-libs-3.6.8-13.el7.ppc64le.rpm s390x: python3-3.6.8-13.el7.s390x.rpm python3-debuginfo-3.6.8-13.el7.s390.rpm python3-debuginfo-3.6.8-13.el7.s390x.rpm python3-libs-3.6.8-13.el7.s390.rpm python3-libs-3.6.8-13.el7.s390x.rpm x86_64: python3-3.6.8-13.el7.x86_64.rpm python3-debuginfo-3.6.8-13.el7.i686.rpm python3-debuginfo-3.6.8-13.el7.x86_64.rpm python3-libs-3.6.8-13.el7.i686.rpm python3-libs-3.6.8-13.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: python3-3.6.8-13.el7.ppc.rpm python3-debug-3.6.8-13.el7.ppc.rpm python3-debug-3.6.8-13.el7.ppc64.rpm python3-debuginfo-3.6.8-13.el7.ppc.rpm python3-debuginfo-3.6.8-13.el7.ppc64.rpm python3-devel-3.6.8-13.el7.ppc.rpm python3-devel-3.6.8-13.el7.ppc64.rpm python3-idle-3.6.8-13.el7.ppc.rpm python3-idle-3.6.8-13.el7.ppc64.rpm python3-test-3.6.8-13.el7.ppc.rpm python3-test-3.6.8-13.el7.ppc64.rpm python3-tkinter-3.6.8-13.el7.ppc.rpm python3-tkinter-3.6.8-13.el7.ppc64.rpm ppc64le: python3-debug-3.6.8-13.el7.ppc64le.rpm python3-debuginfo-3.6.8-13.el7.ppc64le.rpm python3-devel-3.6.8-13.el7.ppc64le.rpm python3-idle-3.6.8-13.el7.ppc64le.rpm python3-test-3.6.8-13.el7.ppc64le.rpm python3-tkinter-3.6.8-13.el7.ppc64le.rpm s390x: python3-3.6.8-13.el7.s390.rpm python3-debug-3.6.8-13.el7.s390.rpm python3-debug-3.6.8-13.el7.s390x.rpm python3-debuginfo-3.6.8-13.el7.s390.rpm python3-debuginfo-3.6.8-13.el7.s390x.rpm python3-devel-3.6.8-13.el7.s390.rpm python3-devel-3.6.8-13.el7.s390x.rpm python3-idle-3.6.8-13.el7.s390.rpm python3-idle-3.6.8-13.el7.s390x.rpm python3-test-3.6.8-13.el7.s390.rpm python3-test-3.6.8-13.el7.s390x.rpm python3-tkinter-3.6.8-13.el7.s390.rpm python3-tkinter-3.6.8-13.el7.s390x.rpm x86_64: python3-3.6.8-13.el7.i686.rpm python3-debug-3.6.8-13.el7.i686.rpm python3-debug-3.6.8-13.el7.x86_64.rpm python3-debuginfo-3.6.8-13.el7.i686.rpm python3-debuginfo-3.6.8-13.el7.x86_64.rpm python3-devel-3.6.8-13.el7.i686.rpm python3-devel-3.6.8-13.el7.x86_64.rpm python3-idle-3.6.8-13.el7.i686.rpm python3-idle-3.6.8-13.el7.x86_64.rpm python3-test-3.6.8-13.el7.i686.rpm python3-test-3.6.8-13.el7.x86_64.rpm python3-tkinter-3.6.8-13.el7.i686.rpm python3-tkinter-3.6.8-13.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: python3-3.6.8-13.el7.src.rpm x86_64: python3-3.6.8-13.el7.x86_64.rpm python3-debuginfo-3.6.8-13.el7.i686.rpm python3-debuginfo-3.6.8-13.el7.x86_64.rpm python3-libs-3.6.8-13.el7.i686.rpm python3-libs-3.6.8-13.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.7): x86_64: python3-3.6.8-13.el7.i686.rpm python3-debug-3.6.8-13.el7.i686.rpm python3-debug-3.6.8-13.el7.x86_64.rpm python3-debuginfo-3.6.8-13.el7.i686.rpm python3-debuginfo-3.6.8-13.el7.x86_64.rpm python3-devel-3.6.8-13.el7.i686.rpm python3-devel-3.6.8-13.el7.x86_64.rpm python3-idle-3.6.8-13.el7.i686.rpm python3-idle-3.6.8-13.el7.x86_64.rpm python3-test-3.6.8-13.el7.i686.rpm python3-test-3.6.8-13.el7.x86_64.rpm python3-tkinter-3.6.8-13.el7.i686.rpm python3-tkinter-3.6.8-13.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-20852 https://access.redhat.com/security/cve/CVE-2019-16056 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoOdMtzjgjWX9erEAQhacA/+JBp8a5gPKjy/BOgfjExltwYudEoJNHu1 L2ivzeTs3GR7KC+r6YR+L+MNaWXGjhxvpA1iclORsJjmLwavkdwT8Kl8FNzCVpVf twaRD8oUQZVNDHURftfdKuaImXvAHEbqt/O4v0ZmlqtiwHcgDOGqCBoUbDqJgMT6 GH+Ws5ueXsNGOaVlF1YQ80he0igrB6RZqOolywn/yA4xNLba8xk0Gf+pU888p+aA nqLofQ2GYLJ0pyvG3TCcQDHf7caVzDIsDx/JyrdR3Vodau+xO/8mdxtkJ9MLOYwY AXDypetLoD91FrvVkHxF40yIdnYWx9BsLtzgdFg9+HMJuMHfYqPNnRrfPDKiwbS/ pm0X4rCLev1viekD4tZuEhYvFWslXjSCKyd42H3/qiwtkELraRNF3hzVklg6YVg6 AcuhITw3ny61KCtjtzNLVdhrs0Xxw5mZ9ZNYygGPrqnu8qQnhbhr/3MAHiMZMJ06 grDKb+L5ufnBiRYO51Vqy7AalJ12HibhvbZl1Mb/Xv6x0e8II0ZeixOJcFMMbBZA ssFvSfkCQl2wpQNXCZccM23KDbQSnK12fX24UIc+8U5NIMYCWXtYDAG2FeYjdC0X QZ1ogaAXSns7Kdu9wnE2kfEXFSmXSD/7sBkT1qJ635E15FgiYGYkVCGdgoZU9Btz E7QbaGDm1U4=LP7l -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 31, 2020
•Important
Red Hat
202
security advisorybuffer overflowDoSopenSUSE Leap 15.1: 2020:0086-1 Important: Python3 DoS Issues
An update that solves 26 vulnerabilities and has 30 fixes is now available.. openSUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0086-1 Rating: important References: #1027282 #1029377 #1029902 #1040164 #1042670 #1070853 #1079761 #1081750 #1083507 #1086001 #1088004 #1088009 #1088573 #1094814 #1107030 #1109663 #1109847 #1120644 #1122191 #1129346 #1130840 #1133452 #1137942 #1138459 #1141853 #1149121 #1149792 #1149955 #1151490 #1153238 #1159035 #1159622 #637176 #658604 #673071 #709442 #743787 #747125 #751718 #754447 #754677 #787526 #809831 #831629 #834601 #871152 #885662 #885882 #917607 #942751 #951166 #983582 #984751 #985177 #985348 #989523 Cross-References: CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-15903 CVE-2019-16056 CVE-2019-16935 CVE-2019-5010 CVE-2019-9636 CVE-2019-9947 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves 26 vulnerabilities and has 30 fixes is now available. Description: This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-86=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): libpython3_6m1_0-3.6.10-lp151.6.7.1 libpython3_6m1_0-debuginfo-3.6.10-lp151.6.7.1 python3-3.6.10-lp151.6.7.1 python3-base-3.6.10-lp151.6.7.1 python3-base-debuginfo-3.6.10-lp151.6.7.1 python3-base-debugsource-3.6.10-lp151.6.7.1 python3-curses-3.6.10-lp151.6.7.1 python3-curses-debuginfo-3.6.10-lp151.6.7.1 python3-dbm-3.6.10-lp151.6.7.1 python3-dbm-debuginfo-3.6.10-lp151.6.7.1 python3-debuginfo-3.6.10-lp151.6.7.1 python3-debugsource-3.6.10-lp151.6.7.1 python3-devel-3.6.10-lp151.6.7.1 python3-devel-debuginfo-3.6.10-lp151.6.7.1 python3-idle-3.6.10-lp151.6.7.1 python3-testsuite-3.6.10-lp151.6.7.1 python3-testsuite-debuginfo-3.6.10-lp151.6.7.1 python3-tk-3.6.10-lp151.6.7.1 python3-tk-debuginfo-3.6.10-lp151.6.7.1 python3-tools-3.6.10-lp151.6.7.1 - openSUSE Leap 15.1 (x86_64): libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1 libpython3_6m1_0-32bit-debuginfo-3.6.10-lp151.6.7.1 python3-32bit-3.6.10-lp151.6.7.1 python3-32bit-debuginfo-3.6.10-lp151.6.7.1 python3-base-32bit-3.6.10-lp151.6.7.1 python3-base-32bit-debuginfo-3.6.10-lp151.6.7.1 References: https://www.suse.com/security/cve/CVE-2011-3389.html https://www.suse.com/security/cve/CVE-2011-4944.html https://www.suse.com/security/cve/CVE-2012-0845.html https://www.suse.com/security/cve/CVE-2012-1150.html https://www.suse.com/security/cve/CVE-2013-1752.html https://www.suse.com/security/cve/CVE-2013-4238.html https://www.suse.com/security/cve/CVE-2014-2667.html https://www.suse.com/security/cve/CVE-2014-4650.html https://www.suse.com/security/cve/CVE-2016-0772.html https://www.suse.com/security/cve/CVE-2016-1000110.html https://www.suse.com/security/cve/CVE-2016-5636.html https://www.suse.com/security/cve/CVE-2016-5699.html https://www.suse.com/security/cve/CVE-2017-18207.html https://https://www.suse.com/security/cve/CVE-2018-1000802.html https://www.suse.com/security/cve/CVE-2018-1060.html https://www.suse.com/security/cve/CVE-2018-1061.html https://www.suse.com/security/cve/CVE-2018-14647.html https://www.suse.com/security/cve/CVE-2018-20406.html https://www.suse.com/security/cve/CVE-2018-20852.html https://www.suse.com/security/cve/CVE-2019-10160.html https://www.suse.com/security/cve/CVE-2019-15903.html https://www.suse.com/security/cve/CVE-2019-16056.html https://www.suse.com/security/cve/CVE-2019-16935.html https://www.suse.com/security/cve/CVE-2019-5010.html https://www.suse.com/security/cve/CVE-2019-9636.html https://www.suse.com/security/cve/CVE-2019-9947.html https://bugzilla.suse.com/1027282 https://bugzilla.suse.com/1029377 https://bugzilla.suse.com/1029902 https://bugzilla.suse.com/1040164 https://bugzilla.suse.com/1042670 https://bugzilla.suse.com/1070853 https://bugzilla.suse.com/1079761 https://bugzilla.suse.com/1081750 https://bugzilla.suse.com/1083507 https://bugzilla.suse.com/1086001 https://bugzilla.suse.com/1088004 https://bugzilla.suse.com/1088009 https://bugzilla.suse.com/1088573 https://bugzilla.suse.com/1094814 https://bugzilla.suse.com/1107030 https://bugzilla.suse.com/1109663 https://bugzilla.suse.com/1109847 https://bugzilla.suse.com/1120644 https://bugzilla.suse.com/1122191 https://bugzilla.suse.com/1129346 https://bugzilla.suse.com/1130840 https://bugzilla.suse.com/1133452 https://bugzilla.suse.com/1137942 https://bugzilla.suse.com/1138459 https://bugzilla.suse.com/1141853 https://bugzilla.suse.com/1149121 https://bugzilla.suse.com/1149792 https://bugzilla.suse.com/1149955 https://bugzilla.suse.com/1151490 https://bugzilla.suse.com/1153238 https://bugzilla.suse.com/1159035 https://bugzilla.suse.com/1159622 https://bugzilla.suse.com/637176 https://bugzilla.suse.com/658604 https://bugzilla.suse.com/673071 https://bugzilla.suse.com/709442 https://bugzilla.suse.com/743787 https://bugzilla.suse.com/747125 https://bugzilla.suse.com/751718 https://bugzilla.suse.com/754447 https://bugzilla.suse.com/754677 https://bugzilla.suse.com/787526 https://bugzilla.suse.com/809831 https://bugzilla.suse.com/831629 https://bugzilla.suse.com/834601 https://bugzilla.suse.com/871152 https://bugzilla.suse.com/885662 https://bugzilla.suse.com/885882 https://bugzilla.suse.com/917607 https://bugzilla.suse.com/942751 https://bugzilla.suse.com/951166 https://bugzilla.suse.com/983582 https://bugzilla.suse.com/984751 https://bugzilla.suse.com/985177 https://bugzilla.suse.com/985348 https://bugzilla.suse.com/989523 -- . A crucial security notice for openSUSE python3, highlighting numerous vulnerabilities and offering essential remedies.. openSUSE Python Update, important security fix, python3 vulnerabilities, security advisory. . Severity: Important. LinuxSecurity.com Team
Jan 21, 2020
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!