Oval Definition:oval:org.opensuse.security:def:81936
Revision Date:2020-06-03Version:1
Title:Security update for python (Moderate)
Description:





This update for python to version 2.7.17 fixes the following issues:

Syncing with lots of upstream bug fixes and security fixes.

Bug fixes:

- CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs (bsc#1162825). - CVE-2019-18348: Fixed a CRLF injection via the host part of the url passed to urlopen(). Now an InvalidURL exception is raised (bsc#1155094). - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). - Fixed mismatches between libpython and python-base versions (bsc#1162224). - Fixed segfault in libpython2.7.so.1 (bsc#1073748). - Unified packages among openSUSE:Factory and SLE versions (bsc#1159035). - Added idle.desktop and idle.appdata.xml to provide IDLE in menus (bsc#1153830). - Excluded tsl_check files from python-base to prevent file conflict with python-strict-tls-checks package (bsc#945401). - Changed the name of idle3 icons to idle3.png to avoid collision with Python 2 version (bsc#1165894).

Additionally a new 'shared-python-startup' package is provided containing startup files.

python-rpm-macros was updated to fix:

- Do not write .pyc files for tests (bsc#1171561)

Family:unixClass:patch
Status:Reference(s):1027282
1041090
1042670
1073269
1073748
1078326
1078485
1081750
1084650
1086001
1149792
1153830
1155094
1159035
1162224
1162367
1162825
1165894
1170411
1171561
945401
CVE-2019-18348
CVE-2019-9674
CVE-2020-8492
SUSE-SU-2020:1524-1
Platform(s):SUSE Linux Enterprise Server 12 SP2-LTSS
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • libpython2_7-1_0-2.7.17-28.42.1 is installed
  • OR libpython2_7-1_0-32bit-2.7.17-28.42.1 is installed
  • OR python-2.7.17-28.42.1 is installed
  • OR python-32bit-2.7.17-28.42.1 is installed
  • OR python-base-2.7.17-28.42.1 is installed
  • OR python-base-32bit-2.7.17-28.42.1 is installed
  • OR python-curses-2.7.17-28.42.1 is installed
  • OR python-demo-2.7.17-28.42.1 is installed
  • OR python-devel-2.7.17-28.42.1 is installed
  • OR python-doc-2.7.17-28.42.1 is installed
  • OR python-doc-pdf-2.7.17-28.42.1 is installed
  • OR python-gdbm-2.7.17-28.42.1 is installed
  • OR python-idle-2.7.17-28.42.1 is installed
  • OR python-rpm-macros-20200207.5feb6c1-3.19.1 is installed
  • OR python-tk-2.7.17-28.42.1 is installed
  • OR python-xml-2.7.17-28.42.1 is installed
  • OR shared-python-startup-0.1-1.3.1 is installed
    • BACK