SUSE-SU-2024:1844-1 Security update for python

This update for python fixes the following issues: - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb bsc1221854...

01os (>=0.0.1 <=0.0.14), 170051277-trab-final-gces (>=0.3.0 <=0.5.0) +39972 more potentially affected by CVE-2024-34997 via joblib (>=1.0.0 <=1.5.3)

joblib PYPI version =1.0.0, =0.0.1, =0.3.0, =0.0.3, =0.1.0, =0.5.0a0, =0.2.0rc0, =0.1.0, =0.1.0, =0.1.3, =0.1.4 - 4pace =0.1.0a1 - 5dee =0.1.0 - 5g-ddos-mcp =1.0.0 and more Source cves: CVE-2024-34997 Source advisory: OSV:PYSEC-2024-277...

Python 安全漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in python that stems from Python's lack of support for Unix permissions on Windows...

SUSE-SU-2024:0782-2 Security update for python311

This update for python311 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory bsc1219666. - CVE-2023-27043: Fixed incorrect e-mqil parsing bsc1210638. - CVE-2022-25236: Fixed an expat vulnerability by supporting expat = 2.4.4 bsc1212015...

ape-dasy (=0.1.0), ape-safe (>=0.7.0 <=0.7.1) +9 more potentially affected by CVE-2024-32481 via vyper (>=0.3.9 <=0.4.0)

vyper PYPI version =0.3.9, =0.7.0, =0.5.5.post5, =0.5.5.post4, =0.9.0, =0.0.1, =0.3.4, =0.8.31, =0.0.9, =3.4.7, =4.6.0 Source cves: CVE-2024-32481 Source advisory: OSV:PYSEC-2024-246...

agentic-ai-vass-tools (>=0.1.0 <=0.4.0), altspell (>=0.1.0 <=0.4.0) +62 more potentially affected by CVE-2024-1681 via flask-cors (>=5.0.0 <=5.0.1)

flask-cors PYPI version =5.0.0, =0.1.0, =0.1.0, =0.21.0, =0.1.0, =1.3.3, =0.1.3, =0.1.0, =0.2.0, =1.0.0a0, =0.1.0, =1.0.0, =4.21.0, =4.21.3b1 - demography-datamoo-faceviz =0.1.0 - droidsentinel =1.0.0 and more Source cves: CVE-2024-1681 Source advisory: OSV:PYSEC-2024-271...

MGASA-2024-0084 Updated python python3 packages fix security vulnerabilities

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

abedy-gitlab-client (>=0.0.2.4 <=0.3.0), abilian-devtools (>=0.5.14 <=0.7.3) +1314 more potentially affected by CVE-2024-21503 via black (>=18.3.0a0 <=24.2.0)

black PYPI version =18.3.0a0, =0.0.2.4, =0.5.14, =0.1.0, =0.0.1, =0.1.5, =0.1.0, =0.4.0, =1.0.0, =0.1.2, =0.1.2, =0.1.0, =0.1.2, =1.0.2 - aibs-informatics-test-resources =0.0.4 and more Source cves: CVE-2024-21503 Source advisory: OSV:PYSEC-2024-48...

azure-smtp-relay (>=1.0.0 <=1.0.6), mailrise (>=1.3.0 <=1.4.0) +4 more potentially affected by CVE-2024-27305 via aiosmtpd (>=1.2.0 <=1.4.4.post2)

aiosmtpd PYPI version =1.2.0, =1.0.0, =1.3.0, =0.0.1, =0.2.5, =0.3.3 - yades-smtp =0.1.0 Source cves: CVE-2024-27305 Source advisory: OSV:PYSEC-2024-221...

2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-24564 via vyper (>=0.1.0b12 <=0.3.9)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-24564 Source advisory: OSV:PYSEC-2024-205...

SUSE-SU-2024:0601-1 Security update for python-pycryptodome

This update for python-pycryptodome fixes the following issues: - CVE-2023-52323: Fixed side-channel leakage in RSA decryption by using constant-time faster padding decoding for OAEP bsc1218564...

ayugespidertools (>=3.4.0 <=3.9.5), baotool (=1.0.1) +7 more potentially affected by CVE-2024-3572 via scrapy (>=2.0.1 <=2.11.0)

scrapy PYPI version =2.0.1, =3.4.0, =2.8.3, =0.3.0a0, =0.1.2, =0.2.3, =0.2.1, =0.4.0, =0.8.1 Source cves: CVE-2024-3572 Source advisory: OSV:GHSA-7J7M-V7M3-JQM7...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +130 more potentially affected by CVE-2024-24680 via django (>=3.2.0 <=3.2.23)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =1.0.6, =3.2.17.0, =6.2.0, =0.2.0, =0.1.0, =21.1.1, =21.1.0, =22.0.0.dev13, =22.0.0.dev14 and more Source cves: CVE-2024-24680 Source advisory: OSV:PYSEC-2024-28...

agenticos (>=0.0.1 <=0.0.2.152539), agentx-tools (>=0.2.0 <=0.7.1) +15 more potentially affected by CVE-2024-23731 via embedchain (>=0.0.18 <=0.1.128)

embedchain PYPI version =0.0.18, =0.0.1, =0.2.0, =0.28.9rc1, =0.13.0, =0.1.0, =0.0.6, =0.0.2, =0.1.0.dev7, =0.0.19, =0.1.2, =1.2.0, =1.8.0 and more Source cves: CVE-2024-23731 Source advisory: OSV:PYSEC-2024-7...

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

NewStart CGSL MAIN 6.06 : PyYAML Multiple Vulnerabilities (NS-SA-2023-0139)

The remote NewStart CGSL host, running version MAIN 6.06, has PyYAML packages installed that are affected by multiple vulnerabilities: - In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the...

DLA-3649-1 python-urllib3 - security update

Bulletin has no description...

aolab-aopy (>=0.6.3 <=0.9.3), aolab-bmi3d (>=1.0.0 <=1.2.4) +19 more potentially affected by CVE-2023-41164 via django (>=4.1.0 <=4.1.10)

django PYPI version =4.1.0, =0.6.3, =1.0.0, =0.0.3, =0.0.1, =0.1.0, =0.2.6, =4.0.0, =2022.6.1, =1.0.0, =4.1.0, =4.1.10 and more Source cves: CVE-2023-41164 Source advisory: OSV:PYSEC-2023-225...

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

aldryn-django (=4.1.12.0), aolab-aopy (>=0.6.3 <=0.9.3) +20 more potentially affected by CVE-2023-46695 via django (>=4.1.0 <=4.1.12)

django PYPI version =4.1.0, =0.6.3, =1.0.0, =0.0.3, =0.0.1, =0.1.0, =0.2.6, =4.0.0, =2022.6.1, =1.0.0, =1.1.0 and more Source cves: CVE-2023-46695 Source advisory: OSV:PYSEC-2023-222...