Oval Definition:	oval:org.opensuse.security:def:60960
Revision Date: 2020-12-01 Version: 1 Title: Security update for python (Moderate) Description: This update for python to version 2.7.17 fixes the following issues: Syncing with lots of upstream bug fixes and security fixes. Bug fixes: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed mismatches between libpython and python-base versions (bsc#1162224). - Fixed segfault in libpython2.7.so.1 (bsc#1073748). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830). - Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401). - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894). Additionally a new 'shared-python-startup' package is provided containing startup files. python-rpm-macros was updated to fix: - Do not write .pyc files for tests (bsc#1171561) Family: unix Class: patch Status: Reference(s): 1016715 1021483 1027282 1041090 1042670 1049607 1056334 1056386 1070162 1073269 1073748 1078326 1078485 1081750 1084604 1084650 1086001 1104826 1110279 1113231 1114957 1116717 1116998 1117275 1119493 1121600 1123156 1123823 1123828 1123832 1129537 1133114 1133145 1139959 1140122 1149792 1153830 1155094 1159035 1162224 1162367 1162610 1162825 1165894 1170411 1170715 1171561 1172265 1172698 1172704 1172745 1174421 1175534 1176343 1176344 1176345 1176346 1176347 1176348 1176349 1176350 945401 CVE-2016-10165 CVE-2016-10169 CVE-2016-10170 CVE-2016-10171 CVE-2016-10172 CVE-2016-4975 CVE-2016-8743 CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10309 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 CVE-2017-11464 CVE-2017-13672 CVE-2017-13673 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 CVE-2018-16872 CVE-2018-18954 CVE-2018-19364 CVE-2018-19489 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4261 CVE-2018-4262 CVE-2018-4263 CVE-2018-4264 CVE-2018-4265 CVE-2018-4266 CVE-2018-4267 CVE-2018-4270 CVE-2018-4272 CVE-2018-4273 CVE-2018-4278 CVE-2018-4284 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 CVE-2018-7858 CVE-2019-11365 CVE-2019-11366 CVE-2019-13012 CVE-2019-18348 CVE-2019-6778 CVE-2019-9628 CVE-2019-9674 CVE-2020-14364 CVE-2020-15705 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 CVE-2020-8023 CVE-2020-8492 CVE-2020-8597 SUSE-SU-2017:2117-1 SUSE-SU-2017:3411-1 SUSE-SU-2018:0608-1 SUSE-SU-2018:2815-1 SUSE-SU-2019:0928-1 SUSE-SU-2019:1830-2 SUSE-SU-2020:0490-1 SUSE-SU-2020:1524-1 SUSE-SU-2020:1859-1 SUSE-SU-2020:2304-1 SUSE-SU-2020:2787-1 Platform(s): openSUSE Leap 15.1 openSUSE Leap 15.2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libsvn_auth_gnome_keyring-1-0-1.10.6-lp151.4.3 is installed OR libsvn_auth_kwallet-1-0-1.10.6-lp151.4.3 is installed OR subversion-1.10.6-lp151.4.3 is installed OR subversion-bash-completion-1.10.6-lp151.4.3 is installed OR subversion-devel-1.10.6-lp151.4.3 is installed OR subversion-perl-1.10.6-lp151.4.3 is installed OR subversion-python-1.10.6-lp151.4.3 is installed OR subversion-python-ctypes-1.10.6-lp151.4.3 is installed OR subversion-ruby-1.10.6-lp151.4.3 is installed OR subversion-server-1.10.6-lp151.4.3 is installed OR subversion-tools-1.10.6-lp151.4.3 is installed Definition Synopsis openSUSE Leap 15.2 is installed AND Package Information MozillaFirefox-78.0.2-lp152.2.9 is installed OR MozillaFirefox-branding-upstream-78.0.2-lp152.2.9 is installed OR MozillaFirefox-buildsymbols-78.0.2-lp152.2.9 is installed OR MozillaFirefox-devel-78.0.2-lp152.2.9 is installed OR MozillaFirefox-translations-common-78.0.2-lp152.2.9 is installed OR MozillaFirefox-translations-other-78.0.2-lp152.2.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information gdk-pixbuf-loader-rsvg-2.40.18-5.3 is installed OR librsvg-2.40.18-5.3 is installed OR librsvg-2-2-2.40.18-5.3 is installed OR librsvg-2-2-32bit-2.40.18-5.3 is installed OR rsvg-view-2.40.18-5.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information glib2-2.48.2-12.15 is installed OR glib2-lang-2.48.2-12.15 is installed OR glib2-tools-2.48.2-12.15 is installed OR libgio-2_0-0-2.48.2-12.15 is installed OR libgio-2_0-0-32bit-2.48.2-12.15 is installed OR libglib-2_0-0-2.48.2-12.15 is installed OR libglib-2_0-0-32bit-2.48.2-12.15 is installed OR libgmodule-2_0-0-2.48.2-12.15 is installed OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed OR libgobject-2_0-0-2.48.2-12.15 is installed OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed OR libgthread-2_0-0-2.48.2-12.15 is installed OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information adns-1.4-103.3 is installed OR libadns1-1.4-103.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND atftp-0.7.0-160.8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information apache-commons-daemon-1.0.15-6 is installed OR apache-commons-daemon-javadoc-1.0.15-6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information ovmf-2017+git1510945757.b2662641d5-3.29 is installed OR ovmf-tools-2017+git1510945757.b2662641d5-3.29 is installed OR qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.29 is installed OR qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.29 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libpython2_7-1_0-2.7.17-28.42 is installed OR libpython2_7-1_0-32bit-2.7.17-28.42 is installed OR python-2.7.17-28.42 is installed OR python-32bit-2.7.17-28.42 is installed OR python-base-2.7.17-28.42 is installed OR python-base-32bit-2.7.17-28.42 is installed OR python-curses-2.7.17-28.42 is installed OR python-demo-2.7.17-28.42 is installed OR python-devel-2.7.17-28.42 is installed OR python-doc-2.7.17-28.42 is installed OR python-doc-pdf-2.7.17-28.42 is installed OR python-gdbm-2.7.17-28.42 is installed OR python-idle-2.7.17-28.42 is installed OR python-rpm-macros-20200207.5feb6c1-3.19 is installed OR python-tk-2.7.17-28.42 is installed OR python-xml-2.7.17-28.42 is installed OR shared-python-startup-0.1-1.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information libzypp-16.21.2-2.45 is installed OR libzypp-devel-16.21.2-2.45 is installed
BACK