jupyter-lsp-2.2.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13601-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z jupyter-lsp-2.2.2-1.1 on GA media These are all security issues fixed in the jupyter-lsp-2.2.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13601 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-22415/ SUSE CVE CVE-2024-22415 page openSUSE Tumbleweed jupyter-lsp-2.2.2-1.1 python310-jupyter-lsp-2.2.2-1.1 python311-jupyter-lsp-2.2.2-1.1 python39-jupyter-lsp-2.2.2-1.1 jupyter-lsp-2.2.2-1.1 as a component of openSUSE Tumbleweed python310-jupyter-lsp-2.2.2-1.1 as a component of openSUSE Tumbleweed python311-jupyter-lsp-2.2.2-1.1 as a component of openSUSE Tumbleweed python39-jupyter-lsp-2.2.2-1.1 as a component of openSUSE Tumbleweed jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp. CVE-2024-22415 openSUSE Tumbleweed:jupyter-lsp-2.2.2-1.1 openSUSE Tumbleweed:python310-jupyter-lsp-2.2.2-1.1 openSUSE Tumbleweed:python311-jupyter-lsp-2.2.2-1.1 openSUSE Tumbleweed:python39-jupyter-lsp-2.2.2-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-22415.html CVE-2024-22415 https://bugzilla.suse.com/1218976 SUSE Bug 1218976