jupyter-notebook-6.2.0-1.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11242 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z jupyter-notebook-6.2.0-1.4 on GA media These are all security issues fixed in the jupyter-notebook-6.2.0-1.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11242 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11242 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-6524/ SUSE CVE CVE-2016-6524 page https://www.suse.com/security/cve/CVE-2016-9971/ SUSE CVE CVE-2016-9971 page https://www.suse.com/security/cve/CVE-2018-14041/ SUSE CVE CVE-2018-14041 page https://www.suse.com/security/cve/CVE-2018-8768/ SUSE CVE CVE-2018-8768 page https://www.suse.com/security/cve/CVE-2019-10255/ SUSE CVE CVE-2019-10255 page https://www.suse.com/security/cve/CVE-2019-11358/ SUSE CVE CVE-2019-11358 page openSUSE Tumbleweed jupyter-notebook-6.2.0-1.4 jupyter-notebook-lang-6.2.0-1.4 jupyter-notebook-latex-6.2.0-1.4 python36-notebook-6.2.0-1.4 python36-notebook-lang-6.2.0-1.4 python38-notebook-6.2.0-1.4 python38-notebook-lang-6.2.0-1.4 python39-notebook-6.2.0-1.4 python39-notebook-lang-6.2.0-1.4 jupyter-notebook-6.2.0-1.4 as a component of openSUSE Tumbleweed jupyter-notebook-lang-6.2.0-1.4 as a component of openSUSE Tumbleweed jupyter-notebook-latex-6.2.0-1.4 as a component of openSUSE Tumbleweed python36-notebook-6.2.0-1.4 as a component of openSUSE Tumbleweed python36-notebook-lang-6.2.0-1.4 as a component of openSUSE Tumbleweed python38-notebook-6.2.0-1.4 as a component of openSUSE Tumbleweed python38-notebook-lang-6.2.0-1.4 as a component of openSUSE Tumbleweed python39-notebook-6.2.0-1.4 as a component of openSUSE Tumbleweed python39-notebook-lang-6.2.0-1.4 as a component of openSUSE Tumbleweed ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2016-6524 openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-6524.html CVE-2016-6524 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2016-9971 openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9971.html CVE-2016-9971 In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. CVE-2018-14041 openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14041.html CVE-2018-14041 In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous. CVE-2018-8768 openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-8768.html CVE-2018-8768 An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. CVE-2019-10255 openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-10255.html CVE-2019-10255 https://bugzilla.suse.com/1131105 SUSE Bug 1131105 https://bugzilla.suse.com/1131652 SUSE Bug 1131652 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. CVE-2019-11358 openSUSE Tumbleweed:jupyter-notebook-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:jupyter-notebook-latex-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-6.2.0-1.4 openSUSE Tumbleweed:python36-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-6.2.0-1.4 openSUSE Tumbleweed:python38-notebook-lang-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-6.2.0-1.4 openSUSE Tumbleweed:python39-notebook-lang-6.2.0-1.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11358.html CVE-2019-11358