SUSE-SU-2024:1670-1 Security update for python-azure-core, python-azure-storage-blob, python-azure-storage-queue, python-typing, python-typing_extensions

This update for python-azure-core, python-azure-storage-blob, python-azure-storage-queue, python-typing, python-typingextensions fixes the following issues: - CVE-2022-30187: Fixed an information disclosure issue that an attacker could exploit to leak sensitive information on the client side...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict (SUSE-SU-2024:1639-1)

"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1639-1 advisory. - redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an...

a2grunnerp (>=0.1.0 <=0.1.8), a4t-sale-discount (=5.0.2) +2405 more potentially affected by CVE-2024-34069 via werkzeug (>=0.10.1 <=3.0.2)

werkzeug PYPI version =0.10.1, =0.1.0, =1.0.2, =0.10.3, =1.8.8, =0.8.44.4, =4.2.0, =0.4.0, =0.9.2, =0.1.0, =0.0.1, =0.0.4 - adfotg =0.4.0 and more Source cves: CVE-2024-34069 Source advisory: OSV:GHSA-2G68-C3QC-8985...

3di-cmd-client (>=0.0.1a0 <=0.0.3), a-api-server (=1.3.0) +4152 more potentially affected by CVE-2024-34064 via jinja2 (>=2.10.0 <=3.1.3)

jinja2 PYPI version =2.10.0, =0.0.1a0, =0.1.22, =1.0.2, =0.0.2, =3.0.0, =0.0.0, =0.0.1, =0.8.44.4, =0.9.2.1rc2 - actinia-core =4.2.0 and more Source cves: CVE-2024-34064 Source advisory: OSV:GHSA-H75V-3VVJ-5MFJ...

Setuptools: Denial of Service

Background Setuptools is a manager for Python packages. Description A vulnerability has been discovered in Setuptools. See the impact field. Impact An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom...

afs-file-validator (>=1.0.0 <=1.0.1), aitune (=0.3.0) +125 more potentially affected by CVE-2024-31636 via lief (>=0.10.1 <=0.17.6)

lief PYPI version =0.10.1, =1.0.0, =0.1.0, =1.0.2, =0.0.3, =1.0.0, =0.1.0, =0.8.16, =1.0.0, =1.0.0, =1.3.4, =0.0.0, =0.2.0, =0.2.4 and more Source cves: CVE-2024-31636 Source advisory: OSV:PYSEC-2024-280...

2vyper (=0.3.0), ape-dasy (=0.1.0) +28 more potentially affected by CVE-2024-32647 via vyper (>=0.1.0b12 <=0.3.9)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.6 and more Source cves: CVE-2024-32647 Source advisory: OSV:GHSA-3WHQ-64Q2-QFJ6...

a2 (>=0.1.0 <=0.3.17), a62-emotion (>=0.10.0 <=0.11.4) +884 more potentially affected by CVE-2024-1135 via gunicorn (>=0.17.2 <=21.2.0)

gunicorn PYPI version =0.17.2, =0.1.0, =0.10.0, =2022.0.0rc1, =0.1.0, =1.5.2, =0.1.0rc3, =0.1.0, =2022.9.19, =0.5.0, =2.5.0, =2.5.0, =0.0.1, =0.0.2 and more Source cves: CVE-2024-1135 Source advisory: OSV:GHSA-W3H3-4RJ7-4PH4...

3m (=0.1.0), academic-emotion (=0.1.2) +924 more potentially affected by CVE-2024-3568 via transformers (>=2.10.0 <=4.37.2)

transformers PYPI version =2.10.0, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.3.0, =0.1.0, =0.2.5, =0.1.0, =0.0.1, =0.0.4, =0.0.4, =0.0.11, =0.0.13, =0.0.20 and more Source cves: CVE-2024-3568 Source advisory: OSV:GHSA-37Q5-V5QM-C9V8...

MGASA-2024-0096 Updated python3, python packages fix security vulnerabilities

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. CVE-2023-6597 The zipfile module is...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +155 more potentially affected by CVE-2024-1455 via langchain-core (>=0.0.1 <=0.1.33)

langchain-core PYPI version =0.0.1, =0.0.1, =0.8.0, =0.1.0, =0.0.1, =0.0.1, =0.2.0, =0.1.0, =0.1.5, =0.0.13, =0.3.5, =0.4.12 and more Source cves: CVE-2024-1455 Source advisory: OSV:GHSA-Q84M-RMW3-4382...

agent-actors (=0.1.0), agent-lab-sdk (>=0.1.7 <=0.1.16) +309 more potentially affected by CVE-2024-28088 via langchain (>=0.0.100 <=0.0.338)

langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.0, =0.1.5, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.5, =0.0.14, =0.0.18 and more Source cves: CVE-2024-28088 Source advisory: OSV:GHSA-H59X-P739-982C...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +400 more potentially affected by CVE-2024-28088 via langchain (>=0.0.100 <=0.1.10)

langchain PYPI version =0.0.100, =0.1.7, =0.2.1, =0.1.0, =0.1.0, =0.1.5, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.8 - airda =0.0.3 and more Source cves: CVE-2024-28088 Source advisory: OSV:PYSEC-2024-43...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +2000 more potentially affected by CVE-2024-2057 via langchain-community (>=0.0.1 <=0.4.1)

langchain-community PYPI version =0.0.1, =0.1.0, =0.1.0b1, =0.1.0, =0.1.0, =0.1.0, =4.8.2, =0.1.3, =0.1.0, =0.1.0, =0.1.0, =3.2.0, =4.2.0 and more Source cves: CVE-2024-2057 Source advisory: OSV:PYSEC-2024-278...

a2grunnerp (>=0.1.0 <=0.1.8), aad-fastapi (>=1.0.0 <=1.1.2) +2282 more potentially affected by CVE-2024-26130 via cryptography (>=38.0.0 <=42.0.3)

cryptography PYPI version =38.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.1.1, =2.3.36, =0.1.17, =0.3.4, =0.4.7, =0.0.1, =0.1.1, =0.1.1, =0.1.5 and more Source cves: CVE-2024-26130 Source advisory: OSV:PYSEC-2024-225...

abilian-devtools (>=0.5.15 <=0.7.3), aiden-ai (=0.2.0) +281 more potentially affected by CVE-2024-21503 via black (>=24.10.0 <=24.2.0)

black PYPI version =24.10.0, =0.5.15, =1.1.0, =1.1.20, =0.0.6, =0.2.0, =0.7.0, =0.1.0, =0.1.2, =0.1.9, =0.1.0, =0.3.7.dev0, =0.9.5 - aus-council-scrapers =0.1.0 and more Source cves: CVE-2024-21503 Source advisory: SNYK:PYTHON-BLACK-6256273...

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

Cybersecurity researchers have discovered two malicious packages on the Python Package Index PyPI repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttpe...

ayugespidertools (>=3.4.0 <=3.9.5), baotool (=1.0.1) +7 more potentially affected by CVE-2024-1892 via scrapy (>=2.0.1 <=2.11.0)

scrapy PYPI version =2.0.1, =3.4.0, =2.8.3, =0.3.0a0, =0.1.2, =0.2.3, =0.2.1, =0.4.0, =0.8.1 Source cves: CVE-2024-1892 Source advisory: OSV:GHSA-CC65-XXVF-F7R9...

0lever-utils (>=0.0.2 <=0.0.7), 0x-web3 (=5.0.0a5) +3030 more potentially affected by CVE-2023-50782 via cryptography (>=0.6.1 <=41.0.7)

cryptography PYPI version =0.6.1, =0.0.2, =0.1.0, =0.5.0rc5, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.1.1, =1.0.0, =2.6.3, =2.3.36, =1.0.4, =2.0.0rc0 and more Source cves: CVE-2023-50782 Source advisory: OSV:GHSA-3WW4-GG4F-JR7F...

2vyper (=0.3.0), ape-dasy (=0.1.0) +30 more potentially affected by CVE-2024-24559 via vyper (>=0.1.0b12 <=0.4.0)

vyper PYPI version =0.1.0b12, =0.6.0, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =1.20.7 and more Source cves: CVE-2024-24559 Source advisory: OSV:PYSEC-2024-147...