python-2.7.18-37.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13135 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python-2.7.18-37.1 on GA media These are all security issues fixed in the python-2.7.18-37.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13135 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13135 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-27043/ SUSE CVE CVE-2023-27043 page openSUSE Tumbleweed python-2.7.18-37.1 python-32bit-2.7.18-37.1 python-curses-2.7.18-37.1 python-demo-2.7.18-37.1 python-gdbm-2.7.18-37.1 python-idle-2.7.18-37.1 python-tk-2.7.18-37.1 python-2.7.18-37.1 as a component of openSUSE Tumbleweed python-32bit-2.7.18-37.1 as a component of openSUSE Tumbleweed python-curses-2.7.18-37.1 as a component of openSUSE Tumbleweed python-demo-2.7.18-37.1 as a component of openSUSE Tumbleweed python-gdbm-2.7.18-37.1 as a component of openSUSE Tumbleweed python-idle-2.7.18-37.1 as a component of openSUSE Tumbleweed python-tk-2.7.18-37.1 as a component of openSUSE Tumbleweed The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. CVE-2023-27043 openSUSE Tumbleweed:python-2.7.18-37.1 openSUSE Tumbleweed:python-32bit-2.7.18-37.1 openSUSE Tumbleweed:python-curses-2.7.18-37.1 openSUSE Tumbleweed:python-demo-2.7.18-37.1 openSUSE Tumbleweed:python-gdbm-2.7.18-37.1 openSUSE Tumbleweed:python-idle-2.7.18-37.1 openSUSE Tumbleweed:python-tk-2.7.18-37.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-27043.html CVE-2023-27043 https://bugzilla.suse.com/1210638 SUSE Bug 1210638 https://bugzilla.suse.com/1222537 SUSE Bug 1222537