Bugzilla – Bug 1214685
VUL-0: CVE-2022-48565: python3,python,python3: Avoid plistlib XML vulnerabilities by rejecting entity directives
Last modified: 2024-03-09 10:10:03 UTC
CVE-2022-48565 An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48565 https://www.cve.org/CVERecord?id=CVE-2022-48565 https://bugs.python.org/issue42051
Affected: - SUSE:SLE-11-SP1:Update/python 2.6.9 - SUSE:SLE-11-SP1:Update/python-base 2.6.9 - SUSE:SLE-12-SP1:Update/python 2.7.18 - SUSE:SLE-12-SP1:Update/python-base 2.7.18 - SUSE:SLE-12-SP4:Update/python 2.7.18 - SUSE:SLE-12-SP4:Update/python-base 2.7.18 - SUSE:SLE-15:Update/python 2.7.18 - SUSE:SLE-15:Update/python-base 2.7.18 - openSUSE:Factory/python 2.7.18 - SUSE:SLE-12:Update/python3 3.4.10 Not affected: - SUSE:SLE-12-SP3:Update:Products:Teradata:Update/python36 3.6.15 - SUSE:SLE-12-SP5:Update/python36 3.6.15 - SUSE:SLE-15-SP3:Update/python39 3.9.17 - openSUSE:Factory/python39 3.9.17 - SUSE:ALP:Source:Standard:1.0/python310 3.10.10 - SUSE:SLE-15-SP4:Update/python310 3.10.12 - openSUSE:Factory/python310 3.10.12 - SUSE:ALP:Source:Standard:1.0/python311 3.11.2 - SUSE:SLE-15-SP4:Update/python311 3.11.4 - openSUSE:Factory/python311 3.11.4
> - SUSE:SLE-11-SP1:Update/python 2.6.9 > - SUSE:SLE-11-SP1:Update/python-base 2.6.9 Shouldn’t these be truly wholly completely dead? https://smelt.suse.de/maintained/?q=python
yes you are right, sorry, they dont need a submission - SUSE:SLE-11-SP1:Update/python 2.6.9 - SUSE:SLE-11-SP1:Update/python-base 2.6.9
This is an autogenerated message for OBS integration: This bug (1214685) was mentioned in https://build.opensuse.org/request/show/1111680 Factory / python
Remaining SRs submitted.
SUSE-SU-2023:4001-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1214685, 1214691 CVE References: CVE-2022-48565, CVE-2022-48566 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): python-base-2.7.18-33.26.1, python-doc-2.7.18-33.26.1, python-2.7.18-33.26.1 SUSE Linux Enterprise Server 12 SP5 (src): python-base-2.7.18-33.26.1, python-doc-2.7.18-33.26.1, python-2.7.18-33.26.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): python-base-2.7.18-33.26.1, python-doc-2.7.18-33.26.1, python-2.7.18-33.26.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): python-base-2.7.18-33.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4220-1: An update that solves three vulnerabilities can now be installed. Category: security (moderate) Bug References: 1210638, 1214685, 1214691 CVE References: CVE-2022-48565, CVE-2022-48566, CVE-2023-27043 Sources used: openSUSE Leap 15.4 (src): python-base-2.7.18-150000.57.1, python-2.7.18-150000.57.1, python-doc-2.7.18-150000.57.1 openSUSE Leap 15.5 (src): python-base-2.7.18-150000.57.1, python-2.7.18-150000.57.1, python-doc-2.7.18-150000.57.1 SUSE Package Hub 15 15-SP4 (src): python-base-2.7.18-150000.57.1 SUSE Package Hub 15 15-SP5 (src): python-base-2.7.18-150000.57.1, python-2.7.18-150000.57.1 SUSE Manager Proxy 4.2 (src): python-base-2.7.18-150000.57.1, python-2.7.18-150000.57.1 SUSE Manager Retail Branch Server 4.2 (src): python-base-2.7.18-150000.57.1, python-2.7.18-150000.57.1 SUSE Manager Server 4.2 (src): python-base-2.7.18-150000.57.1, python-2.7.18-150000.57.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.