Security update for python SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1862-1 Final 1 1 2024-05-30T12:17:41Z current 2024-05-30T12:17:41Z 2024-05-30T12:17:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python This update for python fixes the following issues: - CVE-2023-52425: Fixed using the system libexpat (bsc#1219559). - CVE-2023-27043: Modifed fix for unicode string handling in email.utils.parseaddr() (bsc#1222537). - CVE-2022-48560: Fixed use-after-free in Python via heappushpop in heapq (bsc#1214675). - CVE-2024-0450: Detect the vulnerability of the 'quoted-overlap' zipbomb (bsc#1221854). Bug fixes: - Switch off tests. ONLY FOR FACTORY!!! (bsc#1219306). - Build with -std=gnu89 to build correctly with gcc14 (bsc#1220970). - Switch from %patchN style to the %patch -P N one. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP2-SAP-Azure-LI-BYOS-Production-2024-1862,Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production-2024-1862,Image SLES15-SP3-SAP-Azure-LI-BYOS-Production-2024-1862,Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production-2024-1862,Image SLES15-SP3-SAPCAL-Azure-2024-1862,Image SLES15-SP3-SAPCAL-EC2-HVM-2024-1862,Image SLES15-SP3-SAPCAL-GCE-2024-1862,SUSE-2024-1862,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1862,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1862,openSUSE-SLE-15.5-2024-1862,openSUSE-SLE-15.6-2024-1862 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241862-1/ Link for SUSE-SU-2024:1862-1 https://lists.suse.com/pipermail/sle-security-updates/2024-August/019258.html E-Mail link for SUSE-SU-2024:1862-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1214675 SUSE Bug 1214675 https://bugzilla.suse.com/1219306 SUSE Bug 1219306 https://bugzilla.suse.com/1219559 SUSE Bug 1219559 https://bugzilla.suse.com/1220970 SUSE Bug 1220970 https://bugzilla.suse.com/1221854 SUSE Bug 1221854 https://bugzilla.suse.com/1222537 SUSE Bug 1222537 https://www.suse.com/security/cve/CVE-2022-48560/ SUSE CVE CVE-2022-48560 page https://www.suse.com/security/cve/CVE-2023-27043/ SUSE CVE CVE-2023-27043 page https://www.suse.com/security/cve/CVE-2023-52425/ SUSE CVE CVE-2023-52425 page https://www.suse.com/security/cve/CVE-2024-0450/ SUSE CVE CVE-2024-0450 page Image SLES15-SP2-SAP-Azure-LI-BYOS-Production Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production Image SLES15-SP3-SAP-Azure-LI-BYOS-Production Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production Image SLES15-SP3-SAPCAL-Azure Image SLES15-SP3-SAPCAL-EC2-HVM Image SLES15-SP3-SAPCAL-GCE SUSE Linux Enterprise Module for Package Hub 15 SP5 SUSE Linux Enterprise Module for Package Hub 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 libpython2_7-1_0-2.7.18-150000.65.1 python-base-2.7.18-150000.65.1 python-2.7.18-150000.65.1 python-xml-2.7.18-150000.65.1 libpython2_7-1_0-32bit-2.7.18-150000.65.1 libpython2_7-1_0-64bit-2.7.18-150000.65.1 python-32bit-2.7.18-150000.65.1 python-64bit-2.7.18-150000.65.1 python-base-32bit-2.7.18-150000.65.1 python-base-64bit-2.7.18-150000.65.1 python-curses-2.7.18-150000.65.1 python-demo-2.7.18-150000.65.1 python-devel-2.7.18-150000.65.1 python-doc-2.7.18-150000.65.1 python-doc-pdf-2.7.18-150000.65.1 python-gdbm-2.7.18-150000.65.1 python-idle-2.7.18-150000.65.1 python-tk-2.7.18-150000.65.1 libpython2_7-1_0-2.7.18-150000.65.1 as a component of Image SLES15-SP2-SAP-Azure-LI-BYOS-Production python-base-2.7.18-150000.65.1 as a component of Image SLES15-SP2-SAP-Azure-LI-BYOS-Production libpython2_7-1_0-2.7.18-150000.65.1 as a component of Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production python-base-2.7.18-150000.65.1 as a component of Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production libpython2_7-1_0-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production python-base-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAP-Azure-LI-BYOS-Production libpython2_7-1_0-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production python-base-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production libpython2_7-1_0-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-Azure python-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-Azure python-base-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-Azure python-xml-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-Azure libpython2_7-1_0-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-EC2-HVM python-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-EC2-HVM python-base-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-EC2-HVM python-xml-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-EC2-HVM libpython2_7-1_0-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-GCE python-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-GCE python-base-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-GCE python-xml-2.7.18-150000.65.1 as a component of Image SLES15-SP3-SAPCAL-GCE libpython2_7-1_0-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 python-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 python-base-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 python-curses-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 python-devel-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 python-gdbm-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 python-xml-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 libpython2_7-1_0-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 python-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 python-base-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 python-curses-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 python-gdbm-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 python-xml-2.7.18-150000.65.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libpython2_7-1_0-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 libpython2_7-1_0-32bit-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-32bit-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-base-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-base-32bit-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-curses-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-demo-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-devel-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-doc-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-doc-pdf-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-gdbm-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-idle-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-tk-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 python-xml-2.7.18-150000.65.1 as a component of openSUSE Leap 15.5 libpython2_7-1_0-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 libpython2_7-1_0-32bit-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-32bit-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-base-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-base-32bit-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-curses-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-demo-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-devel-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-doc-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-doc-pdf-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-gdbm-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-idle-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-tk-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 python-xml-2.7.18-150000.65.1 as a component of openSUSE Leap 15.6 A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVE-2022-48560 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-xml-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-xml-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-xml-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:libpython2_7-1_0-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-base-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-curses-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-devel-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-gdbm-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-xml-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.65.1 openSUSE Leap 15.5:libpython2_7-1_0-2.7.18-150000.65.1 openSUSE Leap 15.5:libpython2_7-1_0-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-2.7.18-150000.65.1 openSUSE Leap 15.5:python-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-base-2.7.18-150000.65.1 openSUSE Leap 15.5:python-base-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-curses-2.7.18-150000.65.1 openSUSE Leap 15.5:python-demo-2.7.18-150000.65.1 openSUSE Leap 15.5:python-devel-2.7.18-150000.65.1 openSUSE Leap 15.5:python-doc-2.7.18-150000.65.1 openSUSE Leap 15.5:python-doc-pdf-2.7.18-150000.65.1 openSUSE Leap 15.5:python-gdbm-2.7.18-150000.65.1 openSUSE Leap 15.5:python-idle-2.7.18-150000.65.1 openSUSE Leap 15.5:python-tk-2.7.18-150000.65.1 openSUSE Leap 15.5:python-xml-2.7.18-150000.65.1 openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.65.1 openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-2.7.18-150000.65.1 openSUSE Leap 15.6:python-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-base-2.7.18-150000.65.1 openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-curses-2.7.18-150000.65.1 openSUSE Leap 15.6:python-demo-2.7.18-150000.65.1 openSUSE Leap 15.6:python-devel-2.7.18-150000.65.1 openSUSE Leap 15.6:python-doc-2.7.18-150000.65.1 openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.65.1 openSUSE Leap 15.6:python-gdbm-2.7.18-150000.65.1 openSUSE Leap 15.6:python-idle-2.7.18-150000.65.1 openSUSE Leap 15.6:python-tk-2.7.18-150000.65.1 openSUSE Leap 15.6:python-xml-2.7.18-150000.65.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241862-1/ https://www.suse.com/security/cve/CVE-2022-48560.html CVE-2022-48560 https://bugzilla.suse.com/1214675 SUSE Bug 1214675 The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. CVE-2023-27043 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-xml-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-xml-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-xml-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:libpython2_7-1_0-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-base-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-curses-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-devel-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-gdbm-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-xml-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.65.1 openSUSE Leap 15.5:libpython2_7-1_0-2.7.18-150000.65.1 openSUSE Leap 15.5:libpython2_7-1_0-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-2.7.18-150000.65.1 openSUSE Leap 15.5:python-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-base-2.7.18-150000.65.1 openSUSE Leap 15.5:python-base-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-curses-2.7.18-150000.65.1 openSUSE Leap 15.5:python-demo-2.7.18-150000.65.1 openSUSE Leap 15.5:python-devel-2.7.18-150000.65.1 openSUSE Leap 15.5:python-doc-2.7.18-150000.65.1 openSUSE Leap 15.5:python-doc-pdf-2.7.18-150000.65.1 openSUSE Leap 15.5:python-gdbm-2.7.18-150000.65.1 openSUSE Leap 15.5:python-idle-2.7.18-150000.65.1 openSUSE Leap 15.5:python-tk-2.7.18-150000.65.1 openSUSE Leap 15.5:python-xml-2.7.18-150000.65.1 openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.65.1 openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-2.7.18-150000.65.1 openSUSE Leap 15.6:python-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-base-2.7.18-150000.65.1 openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-curses-2.7.18-150000.65.1 openSUSE Leap 15.6:python-demo-2.7.18-150000.65.1 openSUSE Leap 15.6:python-devel-2.7.18-150000.65.1 openSUSE Leap 15.6:python-doc-2.7.18-150000.65.1 openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.65.1 openSUSE Leap 15.6:python-gdbm-2.7.18-150000.65.1 openSUSE Leap 15.6:python-idle-2.7.18-150000.65.1 openSUSE Leap 15.6:python-tk-2.7.18-150000.65.1 openSUSE Leap 15.6:python-xml-2.7.18-150000.65.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241862-1/ https://www.suse.com/security/cve/CVE-2023-27043.html CVE-2023-27043 https://bugzilla.suse.com/1210638 SUSE Bug 1210638 https://bugzilla.suse.com/1222537 SUSE Bug 1222537 libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. CVE-2023-52425 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-xml-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-xml-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-xml-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:libpython2_7-1_0-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-base-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-curses-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-devel-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-gdbm-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-xml-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.65.1 openSUSE Leap 15.5:libpython2_7-1_0-2.7.18-150000.65.1 openSUSE Leap 15.5:libpython2_7-1_0-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-2.7.18-150000.65.1 openSUSE Leap 15.5:python-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-base-2.7.18-150000.65.1 openSUSE Leap 15.5:python-base-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-curses-2.7.18-150000.65.1 openSUSE Leap 15.5:python-demo-2.7.18-150000.65.1 openSUSE Leap 15.5:python-devel-2.7.18-150000.65.1 openSUSE Leap 15.5:python-doc-2.7.18-150000.65.1 openSUSE Leap 15.5:python-doc-pdf-2.7.18-150000.65.1 openSUSE Leap 15.5:python-gdbm-2.7.18-150000.65.1 openSUSE Leap 15.5:python-idle-2.7.18-150000.65.1 openSUSE Leap 15.5:python-tk-2.7.18-150000.65.1 openSUSE Leap 15.5:python-xml-2.7.18-150000.65.1 openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.65.1 openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-2.7.18-150000.65.1 openSUSE Leap 15.6:python-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-base-2.7.18-150000.65.1 openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-curses-2.7.18-150000.65.1 openSUSE Leap 15.6:python-demo-2.7.18-150000.65.1 openSUSE Leap 15.6:python-devel-2.7.18-150000.65.1 openSUSE Leap 15.6:python-doc-2.7.18-150000.65.1 openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.65.1 openSUSE Leap 15.6:python-gdbm-2.7.18-150000.65.1 openSUSE Leap 15.6:python-idle-2.7.18-150000.65.1 openSUSE Leap 15.6:python-tk-2.7.18-150000.65.1 openSUSE Leap 15.6:python-xml-2.7.18-150000.65.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241862-1/ https://www.suse.com/security/cve/CVE-2023-52425.html CVE-2023-52425 https://bugzilla.suse.com/1219559 SUSE Bug 1219559 An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. CVE-2024-0450 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-Azure:python-xml-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-EC2-HVM:python-xml-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:libpython2_7-1_0-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-base-2.7.18-150000.65.1 Image SLES15-SP3-SAPCAL-GCE:python-xml-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:libpython2_7-1_0-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-base-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-curses-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-devel-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-gdbm-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP5:python-xml-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libpython2_7-1_0-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-base-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-curses-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-gdbm-2.7.18-150000.65.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:python-xml-2.7.18-150000.65.1 openSUSE Leap 15.5:libpython2_7-1_0-2.7.18-150000.65.1 openSUSE Leap 15.5:libpython2_7-1_0-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-2.7.18-150000.65.1 openSUSE Leap 15.5:python-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-base-2.7.18-150000.65.1 openSUSE Leap 15.5:python-base-32bit-2.7.18-150000.65.1 openSUSE Leap 15.5:python-curses-2.7.18-150000.65.1 openSUSE Leap 15.5:python-demo-2.7.18-150000.65.1 openSUSE Leap 15.5:python-devel-2.7.18-150000.65.1 openSUSE Leap 15.5:python-doc-2.7.18-150000.65.1 openSUSE Leap 15.5:python-doc-pdf-2.7.18-150000.65.1 openSUSE Leap 15.5:python-gdbm-2.7.18-150000.65.1 openSUSE Leap 15.5:python-idle-2.7.18-150000.65.1 openSUSE Leap 15.5:python-tk-2.7.18-150000.65.1 openSUSE Leap 15.5:python-xml-2.7.18-150000.65.1 openSUSE Leap 15.6:libpython2_7-1_0-2.7.18-150000.65.1 openSUSE Leap 15.6:libpython2_7-1_0-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-2.7.18-150000.65.1 openSUSE Leap 15.6:python-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-base-2.7.18-150000.65.1 openSUSE Leap 15.6:python-base-32bit-2.7.18-150000.65.1 openSUSE Leap 15.6:python-curses-2.7.18-150000.65.1 openSUSE Leap 15.6:python-demo-2.7.18-150000.65.1 openSUSE Leap 15.6:python-devel-2.7.18-150000.65.1 openSUSE Leap 15.6:python-doc-2.7.18-150000.65.1 openSUSE Leap 15.6:python-doc-pdf-2.7.18-150000.65.1 openSUSE Leap 15.6:python-gdbm-2.7.18-150000.65.1 openSUSE Leap 15.6:python-idle-2.7.18-150000.65.1 openSUSE Leap 15.6:python-tk-2.7.18-150000.65.1 openSUSE Leap 15.6:python-xml-2.7.18-150000.65.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241862-1/ https://www.suse.com/security/cve/CVE-2024-0450.html CVE-2024-0450 https://bugzilla.suse.com/1221854 SUSE Bug 1221854