Explore top 10 tips to secure your open-source projects now. Read More
×* bsc#1219048 Cross-References: * CVE-2023-50447 . # Security update for python-Pillow Announcement ID: SUSE-SU-2024:0439-1 Rating: important References: * bsc#1219048 Cross-References: * CVE-2023-50447 CVSS scores: * CVE-2023-50447 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-50447 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2023-50447: Fixed arbitrary code execution via the environment parameter. (bsc#1219048) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2024-439=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2024-439=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * python-Pillow-5.2.0-3.23.1 * python-Pillow-debuginfo-5.2.0-3.23.1 * python-Pillow-debugsource-5.2.0-3.23.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * python-Pillow-5.2.0-3.23.1 * python-Pillow-debuginfo-5.2.0-3.23.1 * python-Pillow-debugsource-5.2.0-3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-50447.html * https://bugzilla.suse.com/show_bug.cgi?id=1219048 . SUSE releases security patch for python-Pillow, tackling severe vulnerabilities to safeguard systems. Find out more information here.. SUSE Update, Python-Pillow Security, Code Execution, Important Advisory. . Severity: Important. LinuxSecurity.com Team
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for rubygem-sinatra ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2046-1 Rating: important References: #1199138 Cross-References: CVE-2022-29970 CVSS scores: CVE-2022-29970 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-29970 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-sinatra fixes the following issues: - CVE-2022-29970: Fixed possible path traversal outside of public_dir when serving static files (bsc#1199138). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2046=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-sinatra-1.4.6-3.3.1 References: https://www.suse.com/security/cve/CVE-2022-29970.html https://bugzilla.suse.com/1199138 . SUSE Security Update for gem-sinatra tackles a major vulnerability impacting OpenStack Cloud. Upgrade immediately!. SUSE OpenStack, Rubygem Sinatra, Path Traversal, Important Update. . Severity: Important. LinuxSecurity.com Team
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0286-1 Rating: important References: #1194116 #1195086 #1195088 Cross-References: CVE-2021-45452 CVE-2022-22818 CVE-2022-23833 CVSS scores: CVE-2021-45452 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45452 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-22818 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-23833 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Django fixes the following issues: - CVE-2022-22818: Fixed possible XSS via {% debug %} template tag (bsc#1195086) - CVE-2022-23833: Fixed denial-of-service possibility in file uploads. (bsc#1195088) A regression in the fix for CVE-2021-45452 was fixed (bsc#1194116) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-286=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-286=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-286=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-Django-1.11.29-3.39.1 - SUSE OpenStackCloud 8 (noarch): python-Django-1.11.29-3.39.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.37.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.38.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.35.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.39.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.36.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.33.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.36.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.40.1 venv-openstack-horizon-x86_64-12.0.5~dev6-14.43.2 venv-openstack-ironic-x86_64-9.1.8~dev8-12.38.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.40.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.37.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.42.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.33.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.40.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.33.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.43.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.41.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.38.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.37.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.28.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.37.1 - HPE Helion Openstack 8 (noarch): python-Django-1.11.29-3.39.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.37.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.38.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.35.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.39.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.36.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.33.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.36.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.40.1 venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.43.2 venv-openstack-ironic-x86_64-9.1.8~dev8-12.38.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.40.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.37.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.42.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.33.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.40.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.33.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.43.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.41.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.38.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.37.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.28.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.37.1 References: https://www.suse.com/security/cve/CVE-2021-45452.html https://www.suse.com/security/cve/CVE-2022-22818.html https://www.suse.com/security/cve/CVE-2022-23833.html https://bugzilla.suse.com/1194116 https://bugzilla.suse.com/1195086 https://bugzilla.suse.com/1195088 . SUSE Security Update for python-Django addresses multiple security weaknesses with recommended steps for affected environments.. SUSE Python-Django Security Fix,SUSE OpenStack Security Update,Important Django Update. . Severity: Important. LinuxSecurity.com Team
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0102-1 Rating: important References: #1194115 #1194116 #1194117 Cross-References: CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVSS scores: CVE-2021-45115 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-45116 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-45452 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Django fixes the following issues: - CVE-2021-45115: Fixed denial-of-service possibility in UserAttributeSimilarityValidator (bsc#1194115). - CVE-2021-45116: Fixed potential information disclosure in dictsort template filter (bsc#1194117). - CVE-2021-45452: Fixed potential directory-traversal via Storage.save() (bsc#1194116). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-102=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-102=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-102=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-Django-1.11.29-3.33.1 - SUSE OpenStack Cloud 8 (noarch): python-Django-1.11.29-3.33.1 - HPE Helion Openstack 8 (noarch): python-Django-1.11.29-3.33.1 References: https://www.suse.com/security/cve/CVE-2021-45115.html https://www.suse.com/security/cve/CVE-2021-45116.html https://www.suse.com/security/cve/CVE-2021-45452.html https://bugzilla.suse.com/1194115 https://bugzilla.suse.com/1194116 https://bugzilla.suse.com/1194117 . SUSE Security Announcement regarding python-Django: Addresses three critical vulnerabilities with significant updates.. SUSE Update, Python Django, Security Patch, Important Fixes, OpenStack Security. . Severity: Important. LinuxSecurity.com Team
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for rubygem-addressable ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2928-1 Rating: important References: #1188207 Cross-References: CVE-2021-32740 CVSS scores: CVE-2021-32740 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-addressable fixes the following issues: - CVE-2021-32740: Fixed denial of service via maliciously crafted templates (bsc#1188207). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2928=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-addressable-2.3.6-3.3.3 References: https://www.suse.com/security/cve/CVE-2021-32740.html https://bugzilla.suse.com/1188207 . SUSE Security Advisory: Remedied vulnerability tackling denial of service in rubygem. Apply the fix through suggested procedures.. SUSE Update, OpenStack Security, Addressable Vulnerability, Software Patch, Denial Of Service. . Severity: Important. LinuxSecurity.com Team
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0602-1 Rating: important References: #1181944 Cross-References: CVE-2020-28493 CVSS scores: CVE-2020-28493 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-28493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Improve the speed of the 'urlize' filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. (bsc#1181944) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-602=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-602=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Jinja2-2.10.1-3.6.1 - SUSE OpenStack Cloud 9 (noarch): python-Jinja2-2.10.1-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-28493.html https://bugzilla.suse.com/1181944 . The latest revision of python-Jinja2 improves safety measures, effectively tackling critical vulnerabilities for SUSE customers. Access the detailed patch guidelines.. SUSE OpenStack, Python Jinja2, Security Patch, Cloud Security, Jinja2 Update. .Severity: Important. LinuxSecurity.com Team
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1625-1 Rating: moderate References: #1171550 Cross-References: CVE-2020-2752 CVE-2020-2812 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mariadb fixes the following issues: mariadb was updated to version 10.0.44 (bsc#1171550) - CVE-2020-2752: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. - CVE-2020-2812: Fixed an issue which could have resulted in unauthorized ability to cause denial of service. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1625=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1625=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-1625=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libmysqlclient18-10.0.40.4-29.41.3 libmysqlclient18-debuginfo-10.0.40.4-29.41.3 - SUSE OpenStack Cloud 8 (x86_64): libmysqlclient18-10.0.40.4-29.41.3 libmysqlclient18-debuginfo-10.0.40.4-29.41.3 - HPE Helion Openstack 8 (x86_64): libmysqlclient18-10.0.40.4-29.41.3 libmysqlclient18-debuginfo-10.0.40.4-29.41.3 References: https://www.suse.com/security/cve/CVE-2020-2752.html https://www.suse.com/security/cve/CVE-2020-2812.html https://bugzilla.suse.com/1171550 _______________________________________________ sle-security-updates mailing list
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for rubygem-actionview-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0954-1 Rating: moderate References: #1167240 Cross-References: CVE-2020-5267 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionview-4_2 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView (bsc#1167240). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-954=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-954=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-954=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.6.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-actionview-4_2-4.2.9-9.6.1 References: https://www.suse.com/security/cve/CVE-2020-5267.html https://bugzilla.suse.com/1167240 _______________________________________________ sle-security-updates mailing list
Get the latest Linux and open source security news straight to your inbox.