python38-3.8.12-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11285 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python38-3.8.12-1.2 on GA media These are all security issues fixed in the python38-3.8.12-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11285 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11285 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-3389/ SUSE CVE CVE-2011-3389 page https://www.suse.com/security/cve/CVE-2011-4944/ SUSE CVE CVE-2011-4944 page https://www.suse.com/security/cve/CVE-2012-0845/ SUSE CVE CVE-2012-0845 page https://www.suse.com/security/cve/CVE-2012-1150/ SUSE CVE CVE-2012-1150 page https://www.suse.com/security/cve/CVE-2013-0340/ SUSE CVE CVE-2013-0340 page https://www.suse.com/security/cve/CVE-2013-1752/ SUSE CVE CVE-2013-1752 page https://www.suse.com/security/cve/CVE-2013-4238/ SUSE CVE CVE-2013-4238 page https://www.suse.com/security/cve/CVE-2014-2667/ SUSE CVE CVE-2014-2667 page https://www.suse.com/security/cve/CVE-2014-4650/ SUSE CVE CVE-2014-4650 page https://www.suse.com/security/cve/CVE-2019-20907/ SUSE CVE CVE-2019-20907 page https://www.suse.com/security/cve/CVE-2019-20916/ SUSE CVE CVE-2019-20916 page https://www.suse.com/security/cve/CVE-2019-5010/ SUSE CVE CVE-2019-5010 page https://www.suse.com/security/cve/CVE-2019-9947/ SUSE CVE CVE-2019-9947 page https://www.suse.com/security/cve/CVE-2020-26116/ SUSE CVE CVE-2020-26116 page https://www.suse.com/security/cve/CVE-2020-8492/ SUSE CVE CVE-2020-8492 page https://www.suse.com/security/cve/CVE-2021-23336/ SUSE CVE CVE-2021-23336 page https://www.suse.com/security/cve/CVE-2021-3177/ SUSE CVE CVE-2021-3177 page https://www.suse.com/security/cve/CVE-2021-3426/ SUSE CVE CVE-2021-3426 page openSUSE Tumbleweed python38-3.8.12-1.2 python38-32bit-3.8.12-1.2 python38-curses-3.8.12-1.2 python38-dbm-3.8.12-1.2 python38-idle-3.8.12-1.2 python38-tk-3.8.12-1.2 python38-3.8.12-1.2 as a component of openSUSE Tumbleweed python38-32bit-3.8.12-1.2 as a component of openSUSE Tumbleweed python38-curses-3.8.12-1.2 as a component of openSUSE Tumbleweed python38-dbm-3.8.12-1.2 as a component of openSUSE Tumbleweed python38-idle-3.8.12-1.2 as a component of openSUSE Tumbleweed python38-tk-3.8.12-1.2 as a component of openSUSE Tumbleweed The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. CVE-2011-3389 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3389.html CVE-2011-3389 https://bugzilla.suse.com/716002 SUSE Bug 716002 https://bugzilla.suse.com/719047 SUSE Bug 719047 https://bugzilla.suse.com/725167 SUSE Bug 725167 https://bugzilla.suse.com/726096 SUSE Bug 726096 https://bugzilla.suse.com/739248 SUSE Bug 739248 https://bugzilla.suse.com/739256 SUSE Bug 739256 https://bugzilla.suse.com/742306 SUSE Bug 742306 https://bugzilla.suse.com/751718 SUSE Bug 751718 https://bugzilla.suse.com/759666 SUSE Bug 759666 https://bugzilla.suse.com/763598 SUSE Bug 763598 https://bugzilla.suse.com/814655 SUSE Bug 814655 Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. CVE-2011-4944 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-4944.html CVE-2011-4944 https://bugzilla.suse.com/754447 SUSE Bug 754447 SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. CVE-2012-0845 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0845.html CVE-2012-0845 https://bugzilla.suse.com/747125 SUSE Bug 747125 Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. CVE-2012-1150 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-1150.html CVE-2012-1150 https://bugzilla.suse.com/751718 SUSE Bug 751718 https://bugzilla.suse.com/755383 SUSE Bug 755383 https://bugzilla.suse.com/826682 SUSE Bug 826682 expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. CVE-2013-0340 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-0340.html CVE-2013-0340 https://bugzilla.suse.com/805236 SUSE Bug 805236 ** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions. CVE-2013-1752 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1752.html CVE-2013-1752 https://bugzilla.suse.com/856835 SUSE Bug 856835 https://bugzilla.suse.com/856836 SUSE Bug 856836 https://bugzilla.suse.com/863741 SUSE Bug 863741 https://bugzilla.suse.com/885882 SUSE Bug 885882 https://bugzilla.suse.com/898572 SUSE Bug 898572 https://bugzilla.suse.com/912739 SUSE Bug 912739 The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVE-2013-4238 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4238.html CVE-2013-4238 https://bugzilla.suse.com/834601 SUSE Bug 834601 https://bugzilla.suse.com/839107 SUSE Bug 839107 https://bugzilla.suse.com/882915 SUSE Bug 882915 https://bugzilla.suse.com/912739 SUSE Bug 912739 Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. CVE-2014-2667 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2667.html CVE-2014-2667 https://bugzilla.suse.com/871152 SUSE Bug 871152 The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. CVE-2014-4650 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4650.html CVE-2014-4650 https://bugzilla.suse.com/856835 SUSE Bug 856835 https://bugzilla.suse.com/856836 SUSE Bug 856836 https://bugzilla.suse.com/863741 SUSE Bug 863741 https://bugzilla.suse.com/885882 SUSE Bug 885882 https://bugzilla.suse.com/898572 SUSE Bug 898572 https://bugzilla.suse.com/912739 SUSE Bug 912739 In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. CVE-2019-20907 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-20907.html CVE-2019-20907 https://bugzilla.suse.com/1174091 SUSE Bug 1174091 The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. CVE-2019-20916 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-20916.html CVE-2019-20916 https://bugzilla.suse.com/1176262 SUSE Bug 1176262 An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. CVE-2019-5010 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-5010.html CVE-2019-5010 https://bugzilla.suse.com/1122191 SUSE Bug 1122191 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVE-2019-9947 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9947.html CVE-2019-9947 https://bugzilla.suse.com/1130840 SUSE Bug 1130840 https://bugzilla.suse.com/1136184 SUSE Bug 1136184 https://bugzilla.suse.com/1155094 SUSE Bug 1155094 https://bugzilla.suse.com/1201559 SUSE Bug 1201559 http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. CVE-2020-26116 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-26116.html CVE-2020-26116 https://bugzilla.suse.com/1177120 SUSE Bug 1177120 https://bugzilla.suse.com/1177211 SUSE Bug 1177211 https://bugzilla.suse.com/1192361 SUSE Bug 1192361 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVE-2020-8492 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-8492.html CVE-2020-8492 https://bugzilla.suse.com/1162367 SUSE Bug 1162367 The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. CVE-2021-23336 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-23336.html CVE-2021-23336 https://bugzilla.suse.com/1182179 SUSE Bug 1182179 https://bugzilla.suse.com/1182379 SUSE Bug 1182379 https://bugzilla.suse.com/1182433 SUSE Bug 1182433 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. CVE-2021-3177 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3177.html CVE-2021-3177 https://bugzilla.suse.com/1181126 SUSE Bug 1181126 There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. CVE-2021-3426 openSUSE Tumbleweed:python38-3.8.12-1.2 openSUSE Tumbleweed:python38-32bit-3.8.12-1.2 openSUSE Tumbleweed:python38-curses-3.8.12-1.2 openSUSE Tumbleweed:python38-dbm-3.8.12-1.2 openSUSE Tumbleweed:python38-idle-3.8.12-1.2 openSUSE Tumbleweed:python38-tk-3.8.12-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3426.html CVE-2021-3426 https://bugzilla.suse.com/1183374 SUSE Bug 1183374