python38-distributed-2022.1.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11766-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python38-distributed-2022.1.0-1.1 on GA media These are all security issues fixed in the python38-distributed-2022.1.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11766 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-42343/ SUSE CVE CVE-2021-42343 page openSUSE Tumbleweed python38-distributed-2022.1.0-1.1 python39-distributed-2022.1.0-1.1 python38-distributed-2022.1.0-1.1 as a component of openSUSE Tumbleweed python39-distributed-2022.1.0-1.1 as a component of openSUSE Tumbleweed An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution. CVE-2021-42343 openSUSE Tumbleweed:python38-distributed-2022.1.0-1.1 openSUSE Tumbleweed:python39-distributed-2022.1.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-42343.html CVE-2021-42343 https://bugzilla.suse.com/1192072 SUSE Bug 1192072