SUSE-RU-2022:4567-1 Recommended update for python-crcmod, python-cryptography, python-cryptography-vectors

This update for python-crcmod, python-cryptography, python-cryptography-vectors contains the following fixes: python-cryptography: - Update in SLE-15 bsc1177083, jscPM-2730, jscSLE-18312 - Refresh patches for new version Using the Fernet class to symmetrically encrypt multi gigabyte values...

SUSE-SU-2022:4004-1 Security update for python310

This update for python310 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method bsc1204886. - CVE-2022-45061: Fixed a quadratic IDNA decoding time bsc1205244. Other fixes: - allow building of documentation wi...

SUSE-SU-2022:3553-1 Security update for python

This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // bsc1202624...

SUSE-SU-2022:2249-1 Security update for python

This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module bsc1198511...

SUSE-FU-2022:2042-1 Feature update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Make sure SaltCacheLoader use correct fileclient bsc1199149 - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9...

SUSE-SU-2022:1140-1 Security update for python

This update for python rebuilds python against a symbol versioned openssl 1.0.2 to allow usage with openssl 1.1.1. Also the following security issues are fixed: - CVE-2022-0391: Fixed sanitizing URLs containing ASCII newline and tabs in urlparse bsc1195396. - CVE-2021-4189: Make ftplib not trust...

SUSE-SU-2022:1094-1 Security update for python36

This security update for python36 fixes the following issues: - CVE-2021-3572: Update bundled pip wheel - pip incorrectly handled unicode separators in git references bsc1186819...

OPENSUSE-SU-2022:1091-1 Security update for python

This update for python fixes the following issues: - CVE-2022-0391: Fixed URL sanitization containing ASCII newline and tabs in urlparse bsc1195396. - CVE-2021-4189: Fixed ftplib not to trust the PASV response bsc1194146. - CVE-2021-3572: Fixed an improper handling of unicode characters in pip...

SUSE-SU-2022:0882-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-4189: Fixed default access from PASV response in the FTP client bsc1194146. - CVE-2022-0391: Fixed sanitizing of URLs containing ASCII newline and tabs in urlparse bsc1195396...

SUSE-SU-2021:3524-1 Security update for python

This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading DoS after a http 100. bsc1189241 - CVE-2021-3733: Fixed ReDoS in urllib.request. bsc1189287...

OPENSUSE-SU-2021:0435-1 Security update for python

This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. This update was imported from the SUSE:SLE-15:Update updat...

OPENSUSE-SU-2021:0270-1 Security update for python

This update for python fixes the following issues: - buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution bsc1181126, CVE-2021-3177. - Provide the newest setuptools wheel bsc1176262, CVE-2019-20916 in their correct form bsc1180686. This update was imported...

openSUSE Security Update : python3 (openSUSE-2020-2333)

This update for python3 fixes the following issues : - Fixed CVE-2020-27619 bsc1178009, where Lib/test/multibytecodecsupport calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 an...

SUSE-SU-2020:3737-1 Security update for python-pip, python-scripttest

This update for python-pip, python-scripttest fixes the following issues: - Update in SLE-15 bsc1175297, jscECO-3035, jscPM-2318 python-pip was updated to 20.0.2: Fix a regression in generation of compatibility tags Rename an internal module, to avoid ImportErrors due to improper uninstallation...

Vulnerabilities fixed in NetApp products

The makers of NetApp products have incorporated new versions of Eclipse Jetty server and Python into their products. With these, the release of sensitive information, the addition or modification of data or denial of service DoS is prevented. Netapp has released updates to fix the vulnerabilities...

PYSEC-2020-145

Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...

SUSE SLES12 Security Update : python (SUSE-SU-2020:1524-1)

This update for python to version 2.7.17 fixes the following issues : Syncing with lots of upstream bug fixes and security fixes. Bug fixes : CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. CVE-2019-18348: Fixed a CRLF injection via the host part of the u...

Security update for python (moderate)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2020:0696-1 Rating: moderate References: 1155094 1162825 Cross-References: CVE-2019-18348 CVE-2019-9674 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description:...

USN-4333-2 python3.8 vulnerabilities

USN-4333-1 fixed vulnerabilities in Python. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection...

python3 security update

3.6.8-13.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-13 - Security fix for CVE-2019-16056 Resolves: rhbz1750774 3.6.8-12 - Add support for OpenSSL FIPS mode - Fix faulthandler stack size Resolves: rhbz1732908 3.6.8-11 - Security fix for CVE-2018-20852 Resolves:...