Security update for python-dnspython SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:2605-1 Final 1 1 2024-07-25T09:43:52Z current 2024-07-25T09:43:52Z 2024-07-25T09:43:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-dnspython This update for python-dnspython fixes the following issues: - CVE-2023-29483: Fixed an issue that allowed remote attackers to interfere with DNS name resolution (bsc#1222693). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-BYOS-2024-2605,Image SLES12-SP5-Azure-Basic-On-Demand-2024-2605,Image SLES12-SP5-Azure-HPC-BYOS-2024-2605,Image SLES12-SP5-Azure-HPC-On-Demand-2024-2605,Image SLES12-SP5-Azure-SAP-BYOS-2024-2605,Image SLES12-SP5-Azure-SAP-On-Demand-2024-2605,Image SLES12-SP5-Azure-Standard-On-Demand-2024-2605,SUSE-2024-2605,SUSE-SLE-Module-Public-Cloud-12-2024-2605 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20242605-1/ Link for SUSE-SU-2024:2605-1 https://lists.suse.com/pipermail/sle-updates/2024-July/036118.html E-Mail link for SUSE-SU-2024:2605-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1222693 SUSE Bug 1222693 https://www.suse.com/security/cve/CVE-2023-29483/ SUSE CVE CVE-2023-29483 page Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-Basic-On-Demand Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand SUSE Linux Enterprise Module for Public Cloud 12 python3-dnspython-1.12.0-9.13.1 python-dnspython-1.12.0-9.13.1 python3-dnspython-1.12.0-9.13.1 as a component of Image SLES12-SP5-Azure-BYOS python3-dnspython-1.12.0-9.13.1 as a component of Image SLES12-SP5-Azure-Basic-On-Demand python3-dnspython-1.12.0-9.13.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS python3-dnspython-1.12.0-9.13.1 as a component of Image SLES12-SP5-Azure-HPC-On-Demand python3-dnspython-1.12.0-9.13.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS python3-dnspython-1.12.0-9.13.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand python3-dnspython-1.12.0-9.13.1 as a component of Image SLES12-SP5-Azure-Standard-On-Demand python-dnspython-1.12.0-9.13.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 python3-dnspython-1.12.0-9.13.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. CVE-2023-29483 Image SLES12-SP5-Azure-BYOS:python3-dnspython-1.12.0-9.13.1 Image SLES12-SP5-Azure-Basic-On-Demand:python3-dnspython-1.12.0-9.13.1 Image SLES12-SP5-Azure-HPC-BYOS:python3-dnspython-1.12.0-9.13.1 Image SLES12-SP5-Azure-HPC-On-Demand:python3-dnspython-1.12.0-9.13.1 Image SLES12-SP5-Azure-SAP-BYOS:python3-dnspython-1.12.0-9.13.1 Image SLES12-SP5-Azure-SAP-On-Demand:python3-dnspython-1.12.0-9.13.1 Image SLES12-SP5-Azure-Standard-On-Demand:python3-dnspython-1.12.0-9.13.1 SUSE Linux Enterprise Module for Public Cloud 12:python-dnspython-1.12.0-9.13.1 SUSE Linux Enterprise Module for Public Cloud 12:python3-dnspython-1.12.0-9.13.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20242605-1/ https://www.suse.com/security/cve/CVE-2023-29483.html CVE-2023-29483 https://bugzilla.suse.com/1222693 SUSE Bug 1222693