SUSE-SU-2023:0213-1 Security update for python

This update for python fixes the following issues: - CVE-2022-45061: Fixed an excessive CPU usage when decoding crafted IDNA domain names bsc1205244. Non-security fixes: - Fixed the 2038 bug in the compileall module bsc1202666...

SUSE-SU-2023:0161-1 Security update for python-py

This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data bsc1204364...

aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +453 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)

gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: OSV:PYSEC-2022-42992...

SUSE-SU-2022:3932-1 Security update for python-rsa

This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption bsc1178676...

Moderate: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

DLA-3177-1 python-django - security update

Bulletin has no description...

SUSE-SU-2022:3512-2 Security update for python

This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // bsc1202624...

SUSE-SU-2022:3512-1 Security update for python

This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // bsc1202624...

Two more malicious Python packages in the PyPI

On August 8, CheckPoint published a report on ten malicious Python packages in the Python Package Index PyPI, the most popular Python repository among software developers. The malicious packages were intended to steal developers personal data and credentials. Following this research, we used our...

SUSE-SU-2022:2248-1 Security update for python

This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module bsc1198511...

JetBrains PyCharm has an unspecified vulnerability

JetBrains PyCharm is an integrated development environment IDE for the Python language from Czech company Jetbrains. security vulnerability exists in versions prior to JetBrains PyCharm 2022.1, which stems from exposing the debugger port to the internal network, no details of the vulnerability ar...

SUSE-SU-2022:1485-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip bsc1186819. - Update to 3.9.10 jscSLE-23849 - Remove shebangs from from python-base libraries in libdir. bsc1193179 - Update to 3.9.9: Core and Builtins + bpo-30570: Fixed...

adyanutils (>=0.4.0 <=0.8.6), ayugespidertools (>=3.4.1 <=3.9.5) +130 more potentially affected by CVE-2022-24801 via twisted (>=16.0.0 <=22.2.0)

twisted PYPI version =16.0.0, =0.4.0, =3.4.1, =1.5.0, =1.5.0, =0.2.0, =0.0.2, =3.9.2, =0.1.0.dev2, =0.3.4, =0.1.0, =18.4.0, =21.1.0 and more Source cves: CVE-2022-24801 Source advisory: OSV:PYSEC-2022-195...

Twisted has unspecified vulnerabilities

Twisted is an event-driven open source network engine written in Python. Twisted has security vulnerabilities, and no details of the vulnerabilities are currently available...

adyanutils (>=0.4.0 <=0.8.6), ayugespidertools (>=3.4.1 <=3.9.5) +53 more potentially affected by CVE-2022-21716 via twisted (>=21.7.0 <=22.1.0)

twisted PYPI version =21.7.0, =0.4.0, =3.4.1, =1.6.0, =0.2.0, =3.9.2, =0.1.0.dev2, =21.0.0, =1.1.2.post3, =0.1.0, =0.4.0, =0.7.2, =1.0.0, =1.0.0, =2.0.5 and more Source cves: CVE-2022-21716 Source advisory: OSV:PYSEC-2022-160...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23577 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23577 Source advisory: OSV:PYSEC-2022-141...

Malicious PyPI Code Packages Rack Up Thousands of Downloads

Three malicious packages hosted in the Python Package Index PyPI code repository have been uncovered, which collectively have more than 12,000 downloads – and presumably slithered into installations in various applications. Independent researcher Andrew Scott found the packages during a nearly...

DLA-2808-1 python3.5 - security update

Bulletin has no description...

OPENSUSE-SU-2021:1418-1 Security update for python

This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading DoS after a http 100. bsc1189241 - CVE-2021-3733: Fixed ReDoS in urllib.request. bsc1189287 This update was imported from the SUSE:SLE-15:Update update project...

chellow (=2531.0.0), cyclonefw (>=0.0.1 <=1.0.18) +16 more potentially affected by CVE-2021-32838 via flask-restx (>=0.1.0 <=0.5.0)

flask-restx PYPI version =0.1.0, =0.0.1, =0.5.3, =0.0.2, =0.16.0, =3.1.60, =1.1.4, =1.0.2, =0.3.0, =0.0.2.3, =1.0.3, =0.0.8, =0.0.12 and more Source cves: CVE-2021-32838 Source advisory: OSV:PYSEC-2021-325...