SUSE-SU-2023:2937-1 Security update for python311

This update for python311 fixes the following issues: python was updated to version 3.11.4: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. - CVE-2007-4559: Fixed python tarfile module directory traversal...

SUSE-SU-2023:2884-1 Security update for python310

This update for python310 fixes the following issues: - Make marshalling of set and frozenset deterministic bsc1211765 python310 was updated to 3.10.12: - urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to...

SUSE-SU-2023:0736-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. The following non-security bugs were fixed: - Fixed a crash in the garbage collection bsc1188607 - Fixed...

SUSE-SU-2023:0616-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names bsc1205244. Bugfixes: - Solve a program error in the Python Garbage Collection. bsc1188607 - Fixed issue where email.generator.py replaces a non-existent header bsc120844...

SUSE-RU-2022:4567-1 Recommended update for python-crcmod, python-cryptography, python-cryptography-vectors

This update for python-crcmod, python-cryptography, python-cryptography-vectors contains the following fixes: python-cryptography: - Update in SLE-15 bsc1177083, jscPM-2730, jscSLE-18312 - Refresh patches for new version Using the Fernet class to symmetrically encrypt multi gigabyte values...

SUSE-SU-2022:4004-1 Security update for python310

This update for python310 fixes the following issues: Security fixes: - CVE-2022-42919: Fixed local privilege escalation via the multiprocessing forkserver start method bsc1204886. - CVE-2022-45061: Fixed a quadratic IDNA decoding time bsc1205244. Other fixes: - allow building of documentation wi...

SUSE-SU-2022:3553-1 Security update for python

This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // bsc1202624...

SUSE-SU-2022:2249-1 Security update for python

This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module bsc1198511...

SUSE-FU-2022:2042-1 Feature update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Make sure SaltCacheLoader use correct fileclient bsc1199149 - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9...

SUSE-SU-2022:1140-1 Security update for python

This update for python rebuilds python against a symbol versioned openssl 1.0.2 to allow usage with openssl 1.1.1. Also the following security issues are fixed: - CVE-2022-0391: Fixed sanitizing URLs containing ASCII newline and tabs in urlparse bsc1195396. - CVE-2021-4189: Make ftplib not trust...

SUSE-SU-2022:1094-1 Security update for python36

This security update for python36 fixes the following issues: - CVE-2021-3572: Update bundled pip wheel - pip incorrectly handled unicode separators in git references bsc1186819...

OPENSUSE-SU-2022:1091-1 Security update for python

This update for python fixes the following issues: - CVE-2022-0391: Fixed URL sanitization containing ASCII newline and tabs in urlparse bsc1195396. - CVE-2021-4189: Fixed ftplib not to trust the PASV response bsc1194146. - CVE-2021-3572: Fixed an improper handling of unicode characters in pip...

SUSE-SU-2022:0882-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-4189: Fixed default access from PASV response in the FTP client bsc1194146. - CVE-2022-0391: Fixed sanitizing of URLs containing ASCII newline and tabs in urlparse bsc1195396...

SUSE-SU-2021:3524-1 Security update for python

This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading DoS after a http 100. bsc1189241 - CVE-2021-3733: Fixed ReDoS in urllib.request. bsc1189287...

OPENSUSE-SU-2021:0435-1 Security update for python

This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator bsc1182379. This update was imported from the SUSE:SLE-15:Update updat...

OPENSUSE-SU-2021:0270-1 Security update for python

This update for python fixes the following issues: - buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution bsc1181126, CVE-2021-3177. - Provide the newest setuptools wheel bsc1176262, CVE-2019-20916 in their correct form bsc1180686. This update was imported...

openSUSE Security Update : python3 (openSUSE-2020-2333)

This update for python3 fixes the following issues : - Fixed CVE-2020-27619 bsc1178009, where Lib/test/multibytecodecsupport calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 an...

SUSE-SU-2020:3737-1 Security update for python-pip, python-scripttest

This update for python-pip, python-scripttest fixes the following issues: - Update in SLE-15 bsc1175297, jscECO-3035, jscPM-2318 python-pip was updated to 20.0.2: Fix a regression in generation of compatibility tags Rename an internal module, to avoid ImportErrors due to improper uninstallation...

Vulnerabilities fixed in NetApp products

The makers of NetApp products have incorporated new versions of Eclipse Jetty server and Python into their products. With these, the release of sensitive information, the addition or modification of data or denial of service DoS is prevented. Netapp has released updates to fix the vulnerabilities...

PYSEC-2020-145

Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...