SUSE-SU-2023:2639-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2023:2639-1

HIGH7.3

Security update for python

Published Jun 26, 2023

Modified 2 years ago

Fix available

Details

Description of the patch:

This update for python fixes the following issues:

CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters (bsc#1208471).

Affected Packages(15 packages)

libpython2_7-1_0

SUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP5

Fixed in:

2.7.18-33.20.2

libpython2_7-1_0-32bit

Fixed in:

2.7.18-33.20.2

python

Fixed in:

2.7.18-33.20.2

python-32bit

Fixed in:

2.7.18-33.20.2

python-base

Fixed in:

2.7.18-33.20.2

python-base-32bit

Fixed in:

2.7.18-33.20.2

python-curses

Fixed in:

2.7.18-33.20.2

python-demo

Fixed in:

2.7.18-33.20.2

python-devel

Fixed in:

2.7.18-33.20.2

python-doc

Fixed in:

2.7.18-33.20.2

References

ADVISORY

https://bugzilla.suse.com/1208471

ADVISORY

https://lists.suse.com/pipermail/sle-updates/2023-July/030301.html

ADVISORY

https://www.suse.com/security/cve/CVE-2023-24329/

WEB

https://www.suse.com/support/security/rating/

ADVISORY

https://www.suse.com/support/update/announcement/2023/suse-su-20232639-1/

CVSS Analysis

CVSS v3.1

7.3

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

LowI:L

Availability

LowA:L

7.3/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Upstream

CVE-2023-24329

Ecosystems(8)

SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5

Timeline

PublishedJun 26, 2023

ModifiedJun 26, 2023