Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceSUSE-SU-2020:0114-1

SUSE-SU-2020:0114-1

CRITICAL9.8

Security update for python3

Published Jan 16, 2020

Modified 6 years ago

Fix available

Details

Description of the patch:

This update for python3 to version 3.6.10 fixes the following issues:

CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).
CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955).
CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).

Affected Packages

libpython3_6m1_0

SUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1

Fixed in:

3.6.10-3.42.2

python3

SUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1

Fixed in:

3.6.10-3.42.2

python3-base

SUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1

Fixed in:

3.6.10-3.42.2

python3-curses

SUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1

Fixed in:

3.6.10-3.42.2

python3-dbm

SUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1

Fixed in:

3.6.10-3.42.2

python3-devel

SUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1

Fixed in:

3.6.10-3.42.2

python3-idle

SUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1

Fixed in:

3.6.10-3.42.2

python3-tk

SUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1

Fixed in:

3.6.10-3.42.2

python3-tools

SUSE Linux Enterprise Module for Development Tools 15SUSE Linux Enterprise Module for Development Tools 15 SP1

Fixed in:

3.6.10-3.42.2

References(85)

https://bugzilla.suse.com/1027282

https://bugzilla.suse.com/1029377

https://bugzilla.suse.com/1029902

https://bugzilla.suse.com/1040164

https://bugzilla.suse.com/1042670

https://bugzilla.suse.com/1070853

https://bugzilla.suse.com/1079761

https://bugzilla.suse.com/1081750

https://bugzilla.suse.com/1083507

https://bugzilla.suse.com/1086001

https://bugzilla.suse.com/1088004

https://bugzilla.suse.com/1088009

https://bugzilla.suse.com/1088573

https://bugzilla.suse.com/1094814

https://bugzilla.suse.com/1107030

https://bugzilla.suse.com/1109663

https://bugzilla.suse.com/1109847

https://bugzilla.suse.com/1120644

https://bugzilla.suse.com/1122191

https://bugzilla.suse.com/1129346

https://bugzilla.suse.com/1130840

https://bugzilla.suse.com/1133452

https://bugzilla.suse.com/1137942

https://bugzilla.suse.com/1138459

https://bugzilla.suse.com/1141853

CVSS Analysis

CVSS v3.0

9.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Upstream(26)

CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-15903 CVE-2019-16056 CVE-2019-16935 CVE-2019-5010 CVE-2019-9636

Ecosystems

SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SP1

Timeline

PublishedJan 16, 2020

ModifiedJan 16, 2020

SUSE-SU-2020:0114-1 | Mondoo Vulnerability Intelligence