python-lxml-doc-4.6.5-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11713-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python-lxml-doc-4.6.5-1.1 on GA media These are all security issues fixed in the python-lxml-doc-4.6.5-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11713 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-43818/ SUSE CVE CVE-2021-43818 page openSUSE Tumbleweed python-lxml-doc-4.6.5-1.1 python310-lxml-4.6.5-1.1 python310-lxml-devel-4.6.5-1.1 python38-lxml-4.6.5-1.1 python38-lxml-devel-4.6.5-1.1 python39-lxml-4.6.5-1.1 python39-lxml-devel-4.6.5-1.1 python-lxml-doc-4.6.5-1.1 as a component of openSUSE Tumbleweed python310-lxml-4.6.5-1.1 as a component of openSUSE Tumbleweed python310-lxml-devel-4.6.5-1.1 as a component of openSUSE Tumbleweed python38-lxml-4.6.5-1.1 as a component of openSUSE Tumbleweed python38-lxml-devel-4.6.5-1.1 as a component of openSUSE Tumbleweed python39-lxml-4.6.5-1.1 as a component of openSUSE Tumbleweed python39-lxml-devel-4.6.5-1.1 as a component of openSUSE Tumbleweed lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. CVE-2021-43818 openSUSE Tumbleweed:python-lxml-doc-4.6.5-1.1 openSUSE Tumbleweed:python310-lxml-4.6.5-1.1 openSUSE Tumbleweed:python310-lxml-devel-4.6.5-1.1 openSUSE Tumbleweed:python38-lxml-4.6.5-1.1 openSUSE Tumbleweed:python38-lxml-devel-4.6.5-1.1 openSUSE Tumbleweed:python39-lxml-4.6.5-1.1 openSUSE Tumbleweed:python39-lxml-devel-4.6.5-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-43818.html CVE-2021-43818 https://bugzilla.suse.com/1193752 SUSE Bug 1193752