Bug 1198511 - (CVE-2015-20107) VUL-0: CVE-2015-20107: python3,python36,python,python310,python39,python27: command injection in the mailcap module
(CVE-2015-20107)
VUL-0: CVE-2015-20107: python3,python36,python,python310,python39,python27: c...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/329033/
CVSSv3.1:SUSE:CVE-2015-20107:7.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-04-15 08:00 UTC by Gabriele Sonnu
Modified: 2022-09-01 14:55 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Sonnu 2022-04-15 08:00:29 UTC
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape
characters into commands discovered in the system mailcap file. This may allow
attackers to inject shell commands into applications that call mailcap.findmatch
with untrusted input (if they lack validation of user-provided filenames or
arguments).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107
https://github.com/python/cpython/issues/68966
https://bugs.python.org/issue24778
Comment 1 Gabriele Sonnu 2022-04-15 08:09:51 UTC
Issue was reported in 2015, all currently supported python versions are affected.
No patch for now, the proposed one [0] does not completely fix the vulnerability [1] and will probably break some use cases [2].
Seems that upstream wants to deprecate/remove the module in python 3.13 [2][3]. 
Full discussion about this can be found here [4].

[0] https://github.com/python/cpython/pull/91542
[1] https://github.com/python/cpython/pull/91542#issuecomment-1099733985
[2] https://github.com/python/cpython/pull/91542#issuecomment-1099740560
[3] https://mail.python.org/archives/list/python-dev@python.org/thread/EB2BS4DBWSTBIOPQL5QTBSIOBORWSCMJ/
[4] https://github.com/python/cpython/pull/91542
Comment 6 OBSbugzilla Bot 2022-06-10 08:41:35 UTC
This is an autogenerated message for OBS integration:
This bug (1198511) was mentioned in
https://build.opensuse.org/request/show/981989 Factory / python
Comment 13 Matej Cepl 2022-06-16 18:18:40 UTC
Builds fixed and patches applied.
Comment 14 OBSbugzilla Bot 2022-06-18 22:40:07 UTC
This is an autogenerated message for OBS integration:
This bug (1198511) was mentioned in
https://build.opensuse.org/request/show/983632 Factory / python39
Comment 15 OBSbugzilla Bot 2022-06-20 12:40:04 UTC
This is an autogenerated message for OBS integration:
This bug (1198511) was mentioned in
https://build.opensuse.org/request/show/983936 Factory / python310
Comment 18 Swamp Workflow Management 2022-06-21 13:16:17 UTC
SUSE-SU-2022:2147-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1198511
CVE References: CVE-2015-20107
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    python36-core-3.6.15-24.1
SUSE Linux Enterprise Server 12-SP5 (src):    python36-3.6.15-24.1, python36-core-3.6.15-24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 19 Swamp Workflow Management 2022-06-23 19:16:58 UTC
SUSE-SU-2022:2166-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (important)
Bug References: 1070738,1198511,1199441
CVE References: CVE-2015-20107
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE OpenStack Cloud Crowbar 8 (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE OpenStack Cloud 9 (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE OpenStack Cloud 8 (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE Linux Enterprise Server 12-SP5 (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1
HPE Helion Openstack 8 (src):    python3-3.4.10-25.93.1, python3-base-3.4.10-25.93.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 20 Swamp Workflow Management 2022-06-24 13:22:09 UTC
SUSE-SU-2022:2174-1: An update that solves one vulnerability, contains one feature and has one errata is now available.

Category: security (important)
Bug References: 1192249,1198511
CVE References: CVE-2015-20107
JIRA References: SLE-21253
Sources used:
openSUSE Leap 15.4 (src):    python39-3.9.13-150300.4.13.1, python39-core-3.9.13-150300.4.13.1, python39-documentation-3.9.13-150300.4.13.1
openSUSE Leap 15.3 (src):    python39-3.9.13-150300.4.13.1, python39-core-3.9.13-150300.4.13.1, python39-documentation-3.9.13-150300.4.13.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    python39-core-3.9.13-150300.4.13.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    python39-3.9.13-150300.4.13.1, python39-core-3.9.13-150300.4.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 21 Swamp Workflow Management 2022-07-04 10:16:39 UTC
SUSE-SU-2022:2248-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1198511
CVE References: CVE-2015-20107
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    python-2.7.18-33.11.1, python-base-2.7.18-33.11.1, python-doc-2.7.18-33.11.1
SUSE OpenStack Cloud 9 (src):    python-2.7.18-33.11.1, python-base-2.7.18-33.11.1, python-doc-2.7.18-33.11.1
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    python-base-2.7.18-33.11.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    python-2.7.18-33.11.1, python-base-2.7.18-33.11.1, python-doc-2.7.18-33.11.1
SUSE Linux Enterprise Server 12-SP5 (src):    python-2.7.18-33.11.1, python-base-2.7.18-33.11.1, python-doc-2.7.18-33.11.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    python-2.7.18-33.11.1, python-base-2.7.18-33.11.1, python-doc-2.7.18-33.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2022-07-04 10:17:13 UTC
SUSE-SU-2022:2249-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1198511
CVE References: CVE-2015-20107
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    python-2.7.18-28.87.1, python-base-2.7.18-28.87.1, python-doc-2.7.18-28.87.1
SUSE OpenStack Cloud 8 (src):    python-2.7.18-28.87.1, python-base-2.7.18-28.87.1, python-doc-2.7.18-28.87.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    python-2.7.18-28.87.1, python-base-2.7.18-28.87.1, python-doc-2.7.18-28.87.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    python-2.7.18-28.87.1, python-base-2.7.18-28.87.1, python-doc-2.7.18-28.87.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    python-2.7.18-28.87.1, python-base-2.7.18-28.87.1, python-doc-2.7.18-28.87.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    python-2.7.18-28.87.1, python-base-2.7.18-28.87.1, python-doc-2.7.18-28.87.1
HPE Helion Openstack 8 (src):    python-2.7.18-28.87.1, python-base-2.7.18-28.87.1, python-doc-2.7.18-28.87.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 Swamp Workflow Management 2022-07-06 16:26:11 UTC
SUSE-SU-2022:2291-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1198511
CVE References: CVE-2015-20107
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    python310-3.10.5-150400.4.7.1, python310-core-3.10.5-150400.4.7.1, python310-documentation-3.10.5-150400.4.7.1
SUSE Linux Enterprise Module for Python3 15-SP4 (src):    python310-3.10.5-150400.4.7.1, python310-core-3.10.5-150400.4.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 24 Swamp Workflow Management 2022-07-08 19:16:29 UTC
SUSE-SU-2022:2344-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1198511
CVE References: CVE-2015-20107
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1, python-doc-2.7.18-150000.41.1
openSUSE Leap 15.3 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1, python-doc-2.7.18-150000.41.1
SUSE Manager Server 4.1 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Manager Retail Branch Server 4.1 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Manager Proxy 4.1 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise Server for SAP 15 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise Server 15-LTSS (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise Module for Python2 15-SP3 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (src):    python-2.7.18-150000.41.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Enterprise Storage 7 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE Enterprise Storage 6 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1
SUSE CaaS Platform 4.0 (src):    python-2.7.18-150000.41.1, python-base-2.7.18-150000.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2022-07-11 13:16:39 UTC
SUSE-SU-2022:2351-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1186819,1190566,1192249,1193179,1198511
CVE References: CVE-2015-20107,CVE-2021-3572
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Manager Retail Branch Server 4.1 (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Manager Proxy 4.1 (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise Server for SAP 15 (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise Server 15-LTSS (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise Micro 5.1 (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Enterprise Storage 7 (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE Enterprise Storage 6 (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1
SUSE CaaS Platform 4.0 (src):    python3-3.6.15-150000.3.106.1, python3-core-3.6.15-150000.3.106.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 26 Swamp Workflow Management 2022-07-11 22:15:49 UTC
SUSE-SU-2022:2357-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1198511
CVE References: CVE-2015-20107
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    python3-3.6.15-150300.10.27.1, python3-core-3.6.15-150300.10.27.1, python3-documentation-3.6.15-150300.10.27.1
openSUSE Leap 15.3 (src):    python3-3.6.15-150300.10.27.1, python3-core-3.6.15-150300.10.27.1, python3-documentation-3.6.15-150300.10.27.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    python3-core-3.6.15-150300.10.27.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    python3-core-3.6.15-150300.10.27.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    python3-3.6.15-150300.10.27.1, python3-core-3.6.15-150300.10.27.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    python3-3.6.15-150300.10.27.1, python3-core-3.6.15-150300.10.27.1
SUSE Linux Enterprise Micro 5.2 (src):    python3-3.6.15-150300.10.27.1, python3-core-3.6.15-150300.10.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 27 Gabriele Sonnu 2022-07-29 15:02:30 UTC
Done.
Comment 28 Swamp Workflow Management 2022-09-01 14:55:44 UTC
SUSE-SU-2022:2357-2: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1198511
CVE References: CVE-2015-20107
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    python3-3.6.15-150300.10.27.1, python3-core-3.6.15-150300.10.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.