Download
| Alert*
oval:org.secpod.oval:def:89044051
libpython2_7-1_0 is installed oval:org.secpod.oval:def:3301071 SUSE Security Update: Security update for python oval:org.secpod.oval:def:89050352 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation, warning about dangers of zip-bombs . - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP . oval:org.secpod.oval:def:89050327 This update for python fixes the following issues: Security issues fixed: - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen. Now an InvalidURL exception is raised . - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs . oval:org.secpod.oval:def:89050303 This update for python fixes the following issues: - CVE-2019-20907: Avoid a possible infinite loop caused by specifically crafted tarballs . oval:org.secpod.oval:def:89050310 This update for python fixes the following issues: - bsc#1177211 no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. oval:org.secpod.oval:def:89047164 This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading after a http 100. - CVE-2021-3733: Fixed ReDoS in urllib.request oval:org.secpod.oval:def:89047139 This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator . oval:org.secpod.oval:def:89047440 This update for python fixes the following issues: - CVE-2022-0391: Fixed URL sanitization containing ASCII newline and tabs in urlparse . - CVE-2021-4189: Fixed ftplib not to trust the PASV response . - CVE-2021-3572: Fixed an improper handling of unicode characters in pip . oval:org.secpod.oval:def:89050212 This update for python fixes the following issues: * CVE-2022-48566: Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. * CVE-2022-48565: Fixed an XXE in the plistlib module oval:org.secpod.oval:def:89047213 This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution . - Provide the newest setuptools wheel in their correct form . oval:org.secpod.oval:def:89047233 This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url oval:org.secpod.oval:def:3301814 Security update for python oval:org.secpod.oval:def:89049420 This update for python fixes the following issues: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets . oval:org.secpod.oval:def:3302040 Security update for python oval:org.secpod.oval:def:89049812 This update for python fixes the following issues: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets . oval:org.secpod.oval:def:89051448 This update for python fixes the following issues: * CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character . oval:org.secpod.oval:def:3300529 SUSE Security Update: Security update for python oval:org.secpod.oval:def:3300925 SUSE Security Update: Security update for python oval:org.secpod.oval:def:89047542 This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // . oval:org.secpod.oval:def:89049101 This update for python fixes the following issues: * CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters . oval:org.secpod.oval:def:89046723 This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module . oval:org.secpod.oval:def:89046724 This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module . oval:org.secpod.oval:def:89048548 This update for python fixes the following issues: * CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters . * CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names . The following non-security bug was fixed: * ... oval:org.secpod.oval:def:89047499 This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module . oval:org.secpod.oval:def:89048201 This update for python fixes the following issues: - CVE-2022-45061: Fixed an excessive CPU usage when decoding crafted IDNA domain names . Non-security fixes: - Fixed the 2038 bug in the compileall module . oval:org.secpod.oval:def:89050552 This update for python fixes the following issues: Security issue fixed: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 . oval:org.secpod.oval:def:89050772 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a "file:" blacklist bypass in URIs by using the "local-file:" scheme instead . - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization ... oval:org.secpod.oval:def:89050531 This update for python fixes the following issues: Security issue fixed: - CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser oval:org.secpod.oval:def:89050906 This update for python fixes the following issues: Security issues fixed: - CVE-2019-9947: Fixed an insufficient validation of URL paths with embedded whitespace or control characters that could allow HTTP header injections. - CVE-2019-16056: Fixed a parser issue in the email module. - CVE-2019-16 ... oval:org.secpod.oval:def:89050722 This update for python fixes the following issues: - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation . oval:org.secpod.oval:def:89050320 This update for python fixes the following issues: Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions . oval:org.secpod.oval:def:89049715 This update for python fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module via passage of unfiltered user input oval:org.secpod.oval:def:89051915 This update for python fixes the following issues: * CVE-2024-0450: Fixed detecting the vulnerability of "quoted-overlap" zipbomb . oval:org.secpod.oval:def:89051891 This update for python fixes the following issues: * CVE-2023-52425: Fixed using the system libexpat . * CVE-2023-27043: Modifed fix for unicode string handling in email.utils.parseaddr . * CVE-2022-48560: Fixed use-after-free in Python via heappushpop in heapq . Bug fixes: * Switch off tests. ONLY ... |