Oval Definition:oval:org.opensuse.security:def:69718
Revision Date:2021-08-23Version:1
Title:Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)
Description:

This patch updates the Python AWS SDK stack in SLE 15:

General:

# aws-cli

- Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-boto3

- Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-botocore

- Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-urllib3

- Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package.

# python-service_identity

- Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0

# python-trustme

- Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0

Security fixes:

# python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)
Family:unixClass:patch
Status:Reference(s):1102408
1138715
1138746
1176389
1177120
1182421
1182422
CVE-2012-6706
CVE-2013-6497
CVE-2014-9328
CVE-2015-1461
CVE-2015-1462
CVE-2015-1463
CVE-2015-2170
CVE-2015-2221
CVE-2015-2222
CVE-2015-2305
CVE-2015-2668
CVE-2015-8803
CVE-2015-8804
CVE-2015-8805
CVE-2016-6489
CVE-2017-11423
CVE-2017-12374
CVE-2017-12375
CVE-2017-12376
CVE-2017-12377
CVE-2017-12378
CVE-2017-12379
CVE-2017-12380
CVE-2017-6418
CVE-2017-6419
CVE-2017-6420
CVE-2018-0202
CVE-2018-0360
CVE-2018-0361
CVE-2018-1000085
CVE-2018-14680
CVE-2018-14681
CVE-2018-14682
CVE-2018-15378
CVE-2018-16869
CVE-2019-12625
CVE-2019-12900
CVE-2019-15961
CVE-2019-1787
CVE-2019-1788
CVE-2019-1789
CVE-2020-26137
SUSE-SU-2021:2817-1
Platform(s):SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP1-BCL
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • clamav-0.100.3-3.20 is installed
  • OR clamav-devel-0.100.3-3.20 is installed
  • OR libclamav7-0.100.3-3.20 is installed
  • OR libclammspack0-0.100.3-3.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15 SP1-BCL is installed
  • AND Package Information
  • python2-asn1crypto-0.24.0-3.2.1 is installed
  • OR python2-pyasn1-0.4.2-3.2.1 is installed
  • OR python2-pycparser-2.17-3.2.1 is installed
  • OR python2-urllib3-1.25.10-9.14.1 is installed
  • OR python3-asn1crypto-0.24.0-3.2.1 is installed
  • OR python3-boto3-1.17.9-19.1 is installed
  • OR python3-botocore-1.20.9-33.1 is installed
  • OR python3-pyasn1-0.4.2-3.2.1 is installed
  • OR python3-pycparser-2.17-3.2.1 is installed
  • OR python3-urllib3-1.25.10-9.14.1 is installed
    • BACK