Bug 1138459 – VUL-0: CVE-2019-10160: python,python3,python27: python: regression of due to functional fix to allow port numbers in netloc

Bug 1138459 - (CVE-2019-10160) VUL-0: CVE-2019-10160: python,python3,python27: python: regression of due to functional fix to allow port numbers in netloc

(CVE-2019-10160)
Summary:	VUL-0: CVE-2019-10160: python,python3,python27: python: regression of due to...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P1 - Urgent Severity: Critical
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/234549/
Whiteboard:	CVSSv3:SUSE:CVE-2019-10160:9.8:(AV:N/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-06-17 14:26 UTC by Marcus Meissner
Modified:	2022-06-10 08:40 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2019-06-17 14:26:45 UTC

rh#1718388

A security regression for CVE-2019-9636 was discovered in python's functions urllib.parse.urlsplit and urllib.parse.urlparse, introduced with commit d537ab0ff9767ef024f26246899728f0116b1ec3. No upstream python version is affected by this regression but the vulnerable commit may already have been included downstream as part of the original fix for CVE-2019-9636.

Affected python versions ignore the user/password part before `@` in the netloc component of a URL, thus it still allows an attacker to exploit the vulnerability as in CVE-2019-9636. Those functions do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications (IDNA), which may result in a wrong domain name (specifically the netloc component of URL - user@domain:port) being returned by those functions. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.

External Reference
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html

Vulnerable commit
https://github.com/python/cpython/commit/d537ab0ff9767ef024f26246899728f0116b1ec3

Upstream patch
https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e

References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160
https://bugzilla.redhat.com/show_bug.cgi?id=1718388
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10160
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10160.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160
https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09
https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e
https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de
https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html

Comment 4 Matej Cepl 2019-07-03 18:32:19 UTC

Only Python 3 packages have patch equivalent of the commit d537ab0ff9767ef024f26246899728f0116b1ec3 applied, so other packages are not affected by this issue.

Comment 12 Matej Cepl 2019-07-17 16:47:31 UTC

All relevant channels were I hope fixed and given proper patches. urlparse code should be now functionally identical to what’s in the standard Python 3.7, so both this and bug 1129346 should be covered.

Comment 22 Swamp Workflow Management 2019-08-06 16:17:22 UTC

SUSE-SU-2019:2053-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1109663,1109847,1138459
CVE References: CVE-2018-1000802,CVE-2018-14647,CVE-2019-10160
Sources used:
SUSE OpenStack Cloud 8 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE OpenStack Cloud 7 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Server 12-SP5 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Server 12-SP4 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Desktop 12-SP5 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Enterprise Storage 5 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Enterprise Storage 4 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2019-08-06 16:20:26 UTC

SUSE-SU-2019:2050-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1094814,1138459,1141853
CVE References: CVE-2018-20852,CVE-2019-10160
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    python3-3.6.8-3.23.1, python3-base-3.6.8-3.23.1, python3-doc-3.6.8-3.23.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python3-base-3.6.8-3.23.1, python3-doc-3.6.8-3.23.2
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    python3-base-3.6.8-3.23.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    python3-base-3.6.8-3.23.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    python3-3.6.8-3.23.1, python3-base-3.6.8-3.23.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    python3-3.6.8-3.23.1, python3-base-3.6.8-3.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2019-08-08 16:11:39 UTC

SUSE-SU-2019:2091-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1138459,1141853
CVE References: CVE-2018-20852,CVE-2019-10160
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE OpenStack Cloud 8 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE OpenStack Cloud 7 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    python-base-2.7.13-28.31.1
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    python-base-2.7.13-28.31.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    python-base-2.7.13-28.31.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    python-base-2.7.13-28.31.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Linux Enterprise Server 12-SP5 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Linux Enterprise Server 12-SP4 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Linux Enterprise Server 12-SP2-BCL (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Linux Enterprise Desktop 12-SP5 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1
SUSE Enterprise Storage 5 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE Enterprise Storage 4 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2
SUSE CaaS Platform 3.0 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1
HPE Helion Openstack 8 (src):    python-2.7.13-28.31.1, python-base-2.7.13-28.31.1, python-doc-2.7.13-28.31.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2019-08-08 16:12:28 UTC

SUSE-SU-2019:14142-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1138459,1141853
CVE References: CVE-2018-20852,CVE-2019-10160
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    python-2.6.9-40.29.1, python-base-2.6.9-40.29.1, python-doc-2.6-8.40.29.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    python-2.6.9-40.29.1, python-base-2.6.9-40.29.1, python-doc-2.6-8.40.29.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    python-2.6.9-40.29.1, python-base-2.6.9-40.29.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    python-2.6.9-40.29.1, python-base-2.6.9-40.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2019-08-15 13:21:51 UTC

openSUSE-SU-2019:1906-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1138459
CVE References: CVE-2019-10160
Sources used:
openSUSE Leap 15.1 (src):    python-2.7.14-lp151.10.3.1, python-base-2.7.14-lp151.10.3.1, python-doc-2.7.14-lp151.10.3.1
openSUSE Leap 15.0 (src):    python-2.7.14-lp150.6.13.1

Comment 27 Swamp Workflow Management 2019-08-17 01:12:12 UTC

SUSE-SU-2019:2053-2: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1109663,1109847,1138459
CVE References: CVE-2018-1000802,CVE-2018-14647,CVE-2019-10160
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
SUSE Enterprise Storage 5 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1
HPE Helion Openstack 8 (src):    python3-3.4.6-25.29.1, python3-base-3.4.6-25.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 35 Swamp Workflow Management 2019-12-03 13:00:21 UTC

This is an autogenerated message for OBS integration:
This bug (1138459) was mentioned in
https://build.opensuse.org/request/show/753190 Factory / python

Comment 36 Swamp Workflow Management 2019-12-11 20:28:05 UTC

SUSE-SU-2019:14246-1: An update that fixes 118 vulnerabilities is now available.

Category: security (important)
Bug References: 1000036,1001652,1025108,1029377,1029902,1040164,104105,1042670,1043008,1044946,1047925,1047936,1048299,1049186,1050653,1056058,1058013,1066242,1066953,1070738,1070853,1072320,1072322,1073796,1073798,1073799,1073803,1073808,1073818,1073823,1073829,1073830,1073832,1073846,1074235,1077230,1079761,1081750,1082318,1087453,1087459,1087463,1088573,1091764,1094814,1097158,1097375,1097401,1097404,1097748,1104841,1105019,1107030,1109465,1117473,1117626,1117627,1117629,1117630,1120644,1122191,1123482,1124525,1127532,1129346,1130694,1130840,1133452,1133810,1134209,1138459,1140290,1140868,1141853,1144919,1145665,1146090,1146091,1146093,1146094,1146095,1146097,1146099,1146100,1149323,1153423,1154738,1447070,1447409,744625,744629,845955,865853,905528,917607,935856,937414,947747,948045,948602,955142,957814,957815,961254,962297,966076,966077,985201,986541,991344,998743
CVE References: CVE-2013-2882,CVE-2013-6639,CVE-2013-6640,CVE-2013-6668,CVE-2014-0224,CVE-2015-3193,CVE-2015-3194,CVE-2015-5380,CVE-2015-7384,CVE-2016-2086,CVE-2016-2178,CVE-2016-2183,CVE-2016-2216,CVE-2016-5172,CVE-2016-5325,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7099,CVE-2017-1000381,CVE-2017-10686,CVE-2017-11111,CVE-2017-11499,CVE-2017-14228,CVE-2017-14849,CVE-2017-14919,CVE-2017-15896,CVE-2017-15897,CVE-2017-17810,CVE-2017-17811,CVE-2017-17812,CVE-2017-17813,CVE-2017-17814,CVE-2017-17815,CVE-2017-17816,CVE-2017-17817,CVE-2017-17818,CVE-2017-17819,CVE-2017-17820,CVE-2017-18207,CVE-2017-3735,CVE-2017-3736,CVE-2017-3738,CVE-2018-0732,CVE-2018-1000168,CVE-2018-12115,CVE-2018-12116,CVE-2018-12121,CVE-2018-12122,CVE-2018-12123,CVE-2018-20406,CVE-2018-20852,CVE-2018-7158,CVE-2018-7159,CVE-2018-7160,CVE-2018-7161,CVE-2018-7167,CVE-2019-10160,CVE-2019-11709,CVE-2019-11710,CVE-2019-11711,CVE-2019-11712,CVE-2019-11713,CVE-2019-11714,CVE-2019-11715,CVE-2019-11716,CVE-2019-11717,CVE-2019-11718,CVE-2019-11719,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11729,CVE-2019-11730,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-11757,CVE-2019-11758,CVE-2019-11759,CVE-2019-11760,CVE-2019-11761,CVE-2019-11762,CVE-2019-11763,CVE-2019-11764,CVE-2019-13173,CVE-2019-15903,CVE-2019-5010,CVE-2019-5737,CVE-2019-9511,CVE-2019-9512,CVE-2019-9513,CVE-2019-9514,CVE-2019-9515,CVE-2019-9516,CVE-2019-9517,CVE-2019-9518,CVE-2019-9636,CVE-2019-9811,CVE-2019-9812,CVE-2019-9947
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    MozillaFirefox-68.2.0-78.51.4, MozillaFirefox-branding-SLED-68-21.9.8, firefox-atk-2.26.1-2.8.4, firefox-cairo-1.15.10-2.13.4, firefox-gcc5-5.3.1+r233831-14.1, firefox-gcc8-8.2.1+r264010-2.5.1, firefox-gdk-pixbuf-2.36.11-2.8.4, firefox-glib2-2.54.3-2.14.7, firefox-gtk3-3.10.9-2.15.3, firefox-harfbuzz-1.7.5-2.7.4, firefox-libffi-3.2.1.git259-2.3.3, firefox-libffi-gcc5-5.3.1+r233831-14.1, firefox-pango-1.40.14-2.7.4, mozilla-nspr-4.21-29.6.1, mozilla-nss-3.45-38.9.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 39 Swamp Workflow Management 2020-01-16 14:14:59 UTC

SUSE-SU-2020:0114-1: An update that solves 26 vulnerabilities and has 30 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Development Tools 15 (src):    python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 40 Swamp Workflow Management 2020-01-21 20:17:33 UTC

openSUSE-SU-2020:0086-1: An update that solves 26 vulnerabilities and has 30 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
openSUSE Leap 15.1 (src):    python3-3.6.10-lp151.6.7.1, python3-base-3.6.10-lp151.6.7.1

Comment 41 Swamp Workflow Management 2020-01-24 20:13:59 UTC

SUSE-SU-2020:0234-1: An update that solves 37 vulnerabilities and has 50 fixes is now available.

Category: security (important)
Bug References: 1027282,1041090,1042670,1068664,1073269,1073748,1078326,1078485,1079300,1081750,1083507,1084650,1086001,1088004,1088009,1109847,1111793,1113755,1122191,1129346,1130840,1130847,1138459,1141853,1149792,1149955,1153238,1153830,1159035,214983,298378,346490,367853,379534,380942,399190,406051,425138,426563,430761,432677,436966,437293,441088,462375,525295,534721,551715,572673,577032,581765,603255,617751,637176,638233,658604,673071,682554,697251,707667,718009,747125,747794,751718,754447,766778,794139,804978,827982,831442,834601,836739,856835,856836,857470,863741,885882,898572,901715,935856,945401,964182,984751,985177,985348,989523,997436
CVE References: CVE-2007-2052,CVE-2008-1721,CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144,CVE-2011-1521,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-1753,CVE-2013-4238,CVE-2014-1912,CVE-2014-4650,CVE-2014-7185,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-1000158,CVE-2017-18207,CVE-2018-1000030,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20852,CVE-2019-10160,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947,CVE-2019-9948
Sources used:
SUSE Linux Enterprise Module for Python2 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1, python-doc-2.7.17-7.32.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python-2.7.17-7.32.2, python-doc-2.7.17-7.32.2
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    python-2.7.17-7.32.2
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    python-2.7.17-7.32.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 42 Swamp Workflow Management 2020-02-03 17:13:27 UTC

SUSE-SU-2020:0302-1: An update that solves 10 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1081750,1083507,1086001,1088009,1094814,1109663,1137942,1138459,1141853,1149121,1149429,1149792,1149955,1151490,1159035,1159622,709442,951166,983582
CVE References: CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    python36-3.6.10-4.3.5, python36-base-3.6.10-4.3.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 43 Marcus Meissner 2020-02-05 07:37:14 UTC

released

Comment 50 OBSbugzilla Bot 2020-11-27 16:42:16 UTC

This is an autogenerated message for OBS integration:
This bug (1138459) was mentioned in
https://build.opensuse.org/request/show/851367 Factory / python36

Comment 52 OBSbugzilla Bot 2020-12-01 18:22:12 UTC

This is an autogenerated message for OBS integration:
This bug (1138459) was mentioned in
https://build.opensuse.org/request/show/852415 Factory / python36

Comment 54 OBSbugzilla Bot 2020-12-05 17:32:09 UTC

This is an autogenerated message for OBS integration:
This bug (1138459) was mentioned in
https://build.opensuse.org/request/show/853277 Factory / python36

Comment 55 OBSbugzilla Bot 2020-12-05 19:12:14 UTC

This is an autogenerated message for OBS integration:
This bug (1138459) was mentioned in
https://build.opensuse.org/request/show/853314 Factory / python36

Comment 58 OBSbugzilla Bot 2020-12-17 18:12:16 UTC

This is an autogenerated message for OBS integration:
This bug (1138459) was mentioned in
https://build.opensuse.org/request/show/856737 Factory / python36

Comment 59 OBSbugzilla Bot 2021-10-06 14:42:25 UTC

This is an autogenerated message for OBS integration:
This bug (1138459) was mentioned in
https://build.opensuse.org/request/show/923499 Factory / python36

Comment 60 OBSbugzilla Bot 2021-10-22 08:42:28 UTC

This is an autogenerated message for OBS integration:
This bug (1138459) was mentioned in
https://build.opensuse.org/request/show/926876 Factory / python36

Comment 61 OBSbugzilla Bot 2022-02-06 22:30:44 UTC

This is an autogenerated message for OBS integration:
This bug (1138459) was mentioned in
https://build.opensuse.org/request/show/951983 Factory / python

Comment 62 OBSbugzilla Bot 2022-02-09 19:10:51 UTC

This is an autogenerated message for OBS integration:
This bug (1138459) was mentioned in
https://build.opensuse.org/request/show/953031 Factory / python

Comment 63 OBSbugzilla Bot 2022-06-10 08:40:46 UTC

This is an autogenerated message for OBS integration:
This bug (1138459) was mentioned in
https://build.opensuse.org/request/show/981989 Factory / python