Oval Definition:oval:org.opensuse.security:def:66905
Revision Date:2021-08-23Version:1
Title:Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)
Description:

This patch updates the Python AWS SDK stack in SLE 15:

General:

# aws-cli

- Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-boto3

- Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-botocore

- Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-urllib3

- Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package.

# python-service_identity

- Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0

# python-trustme

- Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0

Security fixes:

# python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)
Family:unixClass:patch
Status:Reference(s):1102408
1138715
1138746
1168994
1173812
1174463
1174570
1176389
1177120
1182421
1182422
CVE-2017-15098
CVE-2017-15099
CVE-2018-1052
CVE-2018-1053
CVE-2018-1058
CVE-2018-10915
CVE-2018-10925
CVE-2018-1115
CVE-2018-16850
CVE-2019-10130
CVE-2019-10164
CVE-2019-10208
CVE-2020-10713
CVE-2020-14308
CVE-2020-14309
CVE-2020-14310
CVE-2020-14311
CVE-2020-15706
CVE-2020-15707
CVE-2020-1720
CVE-2020-26137
SUSE-SU-2020:2074-1
Platform(s):SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Server Applications 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • grub2-2.04-9.7 is installed
  • OR grub2-arm64-efi-2.04-9.7 is installed
  • OR grub2-i386-pc-2.04-9.7 is installed
  • OR grub2-powerpc-ieee1275-2.04-9.7 is installed
  • OR grub2-s390x-emu-2.04-9.7 is installed
  • OR grub2-snapper-plugin-2.04-9.7 is installed
  • OR grub2-systemd-sleep-plugin-2.04-9.7 is installed
  • OR grub2-x86_64-efi-2.04-9.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
  • AND Package Information
  • postgresql10-contrib-10.12-8.13 is installed
  • OR postgresql10-devel-10.12-8.13 is installed
  • OR postgresql10-docs-10.12-8.13 is installed
  • OR postgresql10-plperl-10.12-8.13 is installed
  • OR postgresql10-plpython-10.12-8.13 is installed
  • OR postgresql10-pltcl-10.12-8.13 is installed
  • OR postgresql10-server-10.12-8.13 is installed
    • BACK