Oval Definition:oval:org.opensuse.security:def:70468
Revision Date:2021-08-23Version:1
Title:Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)
Description:

This patch updates the Python AWS SDK stack in SLE 15:

General:

# aws-cli

- Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-boto3

- Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-botocore

- Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-urllib3

- Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package.

# python-service_identity

- Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0

# python-trustme

- Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0

Security fixes:

# python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)
Family:unixClass:patch
Status:Reference(s):1010979
1010980
1020451
1020456
1020458
1020460
1045450
1057152
1088278
1102408
1114498
1115637
1117328
1120805
1120807
1138715
1138746
1174117
1174121
1176389
1177120
1182421
1182422
CVE-2016-9398
CVE-2016-9399
CVE-2017-14132
CVE-2017-5499
CVE-2017-5503
CVE-2017-5504
CVE-2017-5505
CVE-2017-9782
CVE-2018-18873
CVE-2018-19139
CVE-2018-19543
CVE-2018-20570
CVE-2018-20622
CVE-2018-9252
CVE-2020-13934
CVE-2020-13935
CVE-2020-26137
SUSE-SU-2020:2689-1
SUSE-SU-2021:2817-1
Platform(s):SUSE Linux Enterprise Module for Desktop Applications 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed
  • AND Package Information
  • jasper-2.0.14-3.16 is installed
  • OR libjasper-devel-2.0.14-3.16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • tomcat-9.0.36-3.6 is installed
  • OR tomcat-docs-webapp-9.0.36-3.6 is installed
  • OR tomcat-embed-9.0.36-3.6 is installed
  • OR tomcat-javadoc-9.0.36-3.6 is installed
  • OR tomcat-jsvc-9.0.36-3.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND Package Information
  • python2-asn1crypto-0.24.0-3.2.1 is installed
  • OR python2-pyasn1-0.4.2-3.2.1 is installed
  • OR python2-pycparser-2.17-3.2.1 is installed
  • OR python2-urllib3-1.25.10-9.14.1 is installed
  • OR python3-asn1crypto-0.24.0-3.2.1 is installed
  • OR python3-boto3-1.17.9-19.1 is installed
  • OR python3-botocore-1.20.9-33.1 is installed
  • OR python3-pyasn1-0.4.2-3.2.1 is installed
  • OR python3-pycparser-2.17-3.2.1 is installed
  • OR python3-urllib3-1.25.10-9.14.1 is installed
    • BACK