Security update for python3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:3302-1 Final 1 1 2024-09-18T12:52:07Z current 2024-09-18T12:52:07Z 2024-09-18T12:52:07Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python3 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-3302,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3302,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3302,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3302,SUSE-SUSE-MicroOS-5.1-2024-3302 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20243302-1/ Link for SUSE-SU-2024:3302-1 https://lists.suse.com/pipermail/sle-updates/2024-September/036953.html E-Mail link for SUSE-SU-2024:3302-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1227378 SUSE Bug 1227378 https://bugzilla.suse.com/1227999 SUSE Bug 1227999 https://bugzilla.suse.com/1228780 SUSE Bug 1228780 https://bugzilla.suse.com/1229596 SUSE Bug 1229596 https://www.suse.com/security/cve/CVE-2024-6923/ SUSE CVE CVE-2024-6923 page https://www.suse.com/security/cve/CVE-2024-7592/ SUSE CVE CVE-2024-7592 page SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 libpython3_6m1_0-3.6.15-150000.3.155.2 libpython3_6m1_0-32bit-3.6.15-150000.3.155.2 libpython3_6m1_0-64bit-3.6.15-150000.3.155.2 python3-3.6.15-150000.3.155.2 python3-base-3.6.15-150000.3.155.2 python3-curses-3.6.15-150000.3.155.2 python3-dbm-3.6.15-150000.3.155.2 python3-devel-3.6.15-150000.3.155.2 python3-doc-3.6.15-150000.3.155.2 python3-doc-devhelp-3.6.15-150000.3.155.2 python3-idle-3.6.15-150000.3.155.2 python3-testsuite-3.6.15-150000.3.155.2 python3-tk-3.6.15-150000.3.155.2 python3-tools-3.6.15-150000.3.155.2 libpython3_6m1_0-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python3-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python3-base-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python3-curses-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python3-dbm-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python3-devel-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python3-idle-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python3-tk-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS python3-tools-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS libpython3_6m1_0-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Micro 5.1 python3-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Micro 5.1 python3-base-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Micro 5.1 libpython3_6m1_0-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-base-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-curses-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-dbm-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-devel-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-idle-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-tk-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS python3-tools-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS libpython3_6m1_0-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python3-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python3-base-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python3-curses-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python3-dbm-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python3-devel-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python3-idle-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python3-tk-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 python3-tools-3.6.15-150000.3.155.2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 There is a MEDIUM severity vulnerability affecting CPython. The email module didn't properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. CVE-2024-6923 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpython3_6m1_0-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-base-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-curses-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-dbm-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-devel-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-idle-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-tk-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-tools-3.6.15-150000.3.155.2 SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.155.2 SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.155.2 SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:libpython3_6m1_0-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-base-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-curses-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-dbm-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-devel-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-idle-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-tk-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-tools-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libpython3_6m1_0-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-base-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-curses-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-dbm-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-devel-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-idle-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-tk-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-tools-3.6.15-150000.3.155.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243302-1/ https://www.suse.com/security/cve/CVE-2024-6923.html CVE-2024-6923 https://bugzilla.suse.com/1228780 SUSE Bug 1228780 There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. CVE-2024-7592 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libpython3_6m1_0-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-base-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-curses-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-dbm-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-devel-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-idle-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-tk-3.6.15-150000.3.155.2 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-tools-3.6.15-150000.3.155.2 SUSE Linux Enterprise Micro 5.1:libpython3_6m1_0-3.6.15-150000.3.155.2 SUSE Linux Enterprise Micro 5.1:python3-3.6.15-150000.3.155.2 SUSE Linux Enterprise Micro 5.1:python3-base-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:libpython3_6m1_0-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-base-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-curses-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-dbm-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-devel-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-idle-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-tk-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server 15 SP2-LTSS:python3-tools-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:libpython3_6m1_0-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-base-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-curses-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-dbm-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-devel-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-idle-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-tk-3.6.15-150000.3.155.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-tools-3.6.15-150000.3.155.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20243302-1/ https://www.suse.com/security/cve/CVE-2024-7592.html CVE-2024-7592 https://bugzilla.suse.com/1229596 SUSE Bug 1229596