python-2.7.18-16.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11839-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python-2.7.18-16.1 on GA media These are all security issues fixed in the python-2.7.18-16.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11839 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-0391/ SUSE CVE CVE-2022-0391 page openSUSE Tumbleweed python-2.7.18-16.1 python-32bit-2.7.18-16.1 python-curses-2.7.18-16.1 python-demo-2.7.18-16.1 python-gdbm-2.7.18-16.1 python-idle-2.7.18-16.1 python-tk-2.7.18-16.1 python-2.7.18-16.1 as a component of openSUSE Tumbleweed python-32bit-2.7.18-16.1 as a component of openSUSE Tumbleweed python-curses-2.7.18-16.1 as a component of openSUSE Tumbleweed python-demo-2.7.18-16.1 as a component of openSUSE Tumbleweed python-gdbm-2.7.18-16.1 as a component of openSUSE Tumbleweed python-idle-2.7.18-16.1 as a component of openSUSE Tumbleweed python-tk-2.7.18-16.1 as a component of openSUSE Tumbleweed A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. CVE-2022-0391 openSUSE Tumbleweed:python-2.7.18-16.1 openSUSE Tumbleweed:python-32bit-2.7.18-16.1 openSUSE Tumbleweed:python-curses-2.7.18-16.1 openSUSE Tumbleweed:python-demo-2.7.18-16.1 openSUSE Tumbleweed:python-gdbm-2.7.18-16.1 openSUSE Tumbleweed:python-idle-2.7.18-16.1 openSUSE Tumbleweed:python-tk-2.7.18-16.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0391.html CVE-2022-0391 https://bugzilla.suse.com/1195396 SUSE Bug 1195396 https://bugzilla.suse.com/1225672 SUSE Bug 1225672