Bugzilla – Bug 1160790
VUL-0: CVE-2019-16789: python-waitress: HTTP Request Smuggling through Invalid whitespace characters
Last modified: 2020-12-09 16:11:32 UTC
CVE-2019-16789 In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation. Upstream patch: https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017 References: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 References: https://bugzilla.redhat.com/show_bug.cgi?id=1789807 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16789 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-16789.html https://github.com/github/advisory-review/pull/14604 https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16789 https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
Tracked all cloud and ses5 codestreams as affected
SUSE-SU-2020:1901-1: An update that solves 23 vulnerabilities and has 12 fixes is now available. Category: security (important) Bug References: 1068612,1092420,1107190,1108719,1123872,1126503,1141968,11483483,1148383,1153191,1156525,1159046,1160152,1160153,1160192,1160790,1160851,1161088,1161089,1161670,1164322,1167244,1168593,1169770,1170657,1171273,1171560,1171594,1171661,1171909,1172166,1172167,1172175,1172176,1172409 CVE References: CVE-2017-1000246,CVE-2019-1010083,CVE-2019-15043,CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792,CVE-2019-16865,CVE-2019-18874,CVE-2019-19911,CVE-2019-3828,CVE-2020-10663,CVE-2020-10743,CVE-2020-11076,CVE-2020-11077,CVE-2020-12052,CVE-2020-13254,CVE-2020-13379,CVE-2020-13596,CVE-2020-5312,CVE-2020-5313,CVE-2020-5390,CVE-2020-8151 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): ansible-2.4.6.0-3.9.1, caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1, crowbar-core-5.0+git.1593156248.55bbdb26d-3.41.2, crowbar-openstack-5.0+git.1593085772.64c4ab43c-4.40.2, documentation-suse-openstack-cloud-deployment-8.20200527-1.26.1, documentation-suse-openstack-cloud-supplement-8.20200527-1.26.1, documentation-suse-openstack-cloud-upstream-admin-8.20200527-1.26.1, documentation-suse-openstack-cloud-upstream-user-8.20200527-1.26.1, grafana-4.6.5-4.9.1, kibana-4.6.3-3.3.1, openstack-dashboard-12.0.5~dev3-3.26.1, openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1, openstack-keystone-12.0.4~dev11-5.33.2, openstack-keystone-doc-12.0.4~dev11-5.33.2, openstack-monasca-agent-2.2.6~dev4-3.18.1, openstack-monasca-installer-20190923_16.32-3.12.1, openstack-neutron-11.0.9~dev65-3.33.2, openstack-neutron-doc-11.0.9~dev65-3.33.2, openstack-octavia-amphora-image-0.1.4-3.12.2, python-Django-1.11.23-3.15.1, python-Flask-0.12.1-3.3.1, python-Pillow-4.2.1-3.5.1, python-amqp-2.4.2-3.12.1, python-apicapi-1.6.0-3.6.1, python-keystoneauth1-3.1.2~dev2-3.3.1, python-oslo.messaging-5.30.8-3.11.1, python-psutil-5.2.2-3.3.1, python-pyroute2-0.4.21-3.3.1, python-pysaml2-4.0.2-5.6.1, python-tooz-1.58.1-3.3.1, python-waitress-1.4.3-3.3.1, rubygem-activeresource-4.0.0-3.3.1, rubygem-crowbar-client-3.9.2-3.12.1, rubygem-json-1_7-1.7.7-3.3.1, rubygem-puma-2.16.0-3.9.1, storm-1.1.3-3.3.1 SUSE OpenStack Cloud 8 (src): ansible-2.4.6.0-3.9.1, ansible1-1.9.6-7.3.1, ardana-ansible-8.0+git.1589740980.6c3bcdc-3.73.1, ardana-cluster-8.0+git.1585685203.3e71e49-3.36.1, ardana-freezer-8.0+git.1586539529.b7d295f-3.21.1, ardana-input-model-8.0+git.1589740934.0e0ad61-3.39.1, ardana-logging-8.0+git.1591194866.b7375d0-3.24.1, ardana-mq-8.0+git.1589715269.62ad6df-3.22.1, ardana-neutron-8.0+git.1590756744.ba84abc-3.42.1, ardana-octavia-8.0+git.1590100427.cf4cc8f-3.29.1, ardana-osconfig-8.0+git.1587034587.eac37b8-3.45.1, caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1, documentation-suse-openstack-cloud-installation-8.20200527-1.26.1, documentation-suse-openstack-cloud-operations-8.20200527-1.26.1, documentation-suse-openstack-cloud-opsconsole-8.20200527-1.26.1, documentation-suse-openstack-cloud-planning-8.20200527-1.26.1, documentation-suse-openstack-cloud-security-8.20200527-1.26.1, documentation-suse-openstack-cloud-supplement-8.20200527-1.26.1, documentation-suse-openstack-cloud-upstream-admin-8.20200527-1.26.1, documentation-suse-openstack-cloud-upstream-user-8.20200527-1.26.1, documentation-suse-openstack-cloud-user-8.20200527-1.26.1, grafana-4.6.5-4.9.1, kibana-4.6.3-3.3.1, openstack-dashboard-12.0.5~dev3-3.26.1, openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1, openstack-keystone-12.0.4~dev11-5.33.2, openstack-keystone-doc-12.0.4~dev11-5.33.2, openstack-monasca-agent-2.2.6~dev4-3.18.1, openstack-monasca-installer-20190923_16.32-3.12.1, openstack-neutron-11.0.9~dev65-3.33.2, openstack-neutron-doc-11.0.9~dev65-3.33.2, openstack-octavia-amphora-image-0.1.4-3.12.2, python-Django-1.11.23-3.15.1, python-Flask-0.12.1-3.3.1, python-GitPython-2.1.8-3.3.1, python-Pillow-4.2.1-3.5.1, python-amqp-2.4.2-3.12.1, python-apicapi-1.6.0-3.6.1, python-keystoneauth1-3.1.2~dev2-3.3.1, python-oslo.messaging-5.30.8-3.11.1, python-psutil-5.2.2-3.3.1, python-pyroute2-0.4.21-3.3.1, python-pysaml2-4.0.2-5.6.1, python-tooz-1.58.1-3.3.1, python-waitress-1.4.3-3.3.1, storm-1.1.3-3.3.1, venv-openstack-aodh-5.1.1~dev7-12.26.2, venv-openstack-barbican-5.0.2~dev3-12.27.2, venv-openstack-ceilometer-9.0.8~dev7-12.24.2, venv-openstack-cinder-11.2.3~dev23-14.27.2, venv-openstack-designate-5.0.3~dev7-12.25.2, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.22.1, venv-openstack-glance-15.0.3~dev3-12.25.1, venv-openstack-heat-9.0.8~dev22-12.27.1, venv-openstack-horizon-12.0.5~dev3-14.30.1, venv-openstack-ironic-9.1.8~dev8-12.27.2, venv-openstack-keystone-12.0.4~dev11-11.28.2, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.26.2, venv-openstack-manila-5.1.1~dev5-12.31.2, venv-openstack-monasca-2.2.2~dev1-11.22.3, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.22.2, venv-openstack-murano-4.0.2~dev2-12.22.1, venv-openstack-neutron-11.0.9~dev65-13.30.2, venv-openstack-nova-16.1.9~dev61-11.28.2, venv-openstack-octavia-1.0.6~dev3-12.27.2, venv-openstack-sahara-7.0.5~dev4-11.26.2, venv-openstack-swift-2.15.2_2.15.2_2.15.2~dev32-11.18.1, venv-openstack-trove-8.0.2~dev2-11.26.1 HPE Helion Openstack 8 (src): ansible-2.4.6.0-3.9.1, ansible1-1.9.6-7.3.1, ardana-ansible-8.0+git.1589740980.6c3bcdc-3.73.1, ardana-cluster-8.0+git.1585685203.3e71e49-3.36.1, ardana-freezer-8.0+git.1586539529.b7d295f-3.21.1, ardana-input-model-8.0+git.1589740934.0e0ad61-3.39.1, ardana-logging-8.0+git.1591194866.b7375d0-3.24.1, ardana-mq-8.0+git.1589715269.62ad6df-3.22.1, ardana-neutron-8.0+git.1590756744.ba84abc-3.42.1, ardana-octavia-8.0+git.1590100427.cf4cc8f-3.29.1, ardana-osconfig-8.0+git.1587034587.eac37b8-3.45.1, caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1, documentation-hpe-helion-openstack-installation-8.20200527-1.26.1, documentation-hpe-helion-openstack-operations-8.20200527-1.26.1, documentation-hpe-helion-openstack-opsconsole-8.20200527-1.26.1, documentation-hpe-helion-openstack-planning-8.20200527-1.26.1, documentation-hpe-helion-openstack-security-8.20200527-1.26.1, documentation-hpe-helion-openstack-user-8.20200527-1.26.1, grafana-4.6.5-4.9.1, kibana-4.6.3-3.3.1, openstack-dashboard-12.0.5~dev3-3.26.1, openstack-dashboard-theme-HPE-8+git.1523473653.6599ec8-3.3.1, openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1, openstack-keystone-12.0.4~dev11-5.33.2, openstack-keystone-doc-12.0.4~dev11-5.33.2, openstack-monasca-agent-2.2.6~dev4-3.18.1, openstack-monasca-installer-20190923_16.32-3.12.1, openstack-neutron-11.0.9~dev65-3.33.2, openstack-neutron-doc-11.0.9~dev65-3.33.2, openstack-octavia-amphora-image-0.1.4-3.12.2, python-Django-1.11.23-3.15.1, python-Flask-0.12.1-3.3.1, python-GitPython-2.1.8-3.3.1, python-Pillow-4.2.1-3.5.1, python-amqp-2.4.2-3.12.1, python-apicapi-1.6.0-3.6.1, python-keystoneauth1-3.1.2~dev2-3.3.1, python-oslo.messaging-5.30.8-3.11.1, python-psutil-5.2.2-3.3.1, python-pyroute2-0.4.21-3.3.1, python-pysaml2-4.0.2-5.6.1, python-tooz-1.58.1-3.3.1, python-waitress-1.4.3-3.3.1, storm-1.1.3-3.3.1, venv-openstack-aodh-5.1.1~dev7-12.26.2, venv-openstack-barbican-5.0.2~dev3-12.27.2, venv-openstack-ceilometer-9.0.8~dev7-12.24.2, venv-openstack-cinder-11.2.3~dev23-14.27.2, venv-openstack-designate-5.0.3~dev7-12.25.2, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.22.1, venv-openstack-glance-15.0.3~dev3-12.25.1, venv-openstack-heat-9.0.8~dev22-12.27.1, venv-openstack-horizon-hpe-12.0.5~dev3-14.30.1, venv-openstack-ironic-9.1.8~dev8-12.27.2, venv-openstack-keystone-12.0.4~dev11-11.28.2, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.26.2, venv-openstack-manila-5.1.1~dev5-12.31.2, venv-openstack-monasca-2.2.2~dev1-11.22.3, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.22.2, venv-openstack-murano-4.0.2~dev2-12.22.1, venv-openstack-neutron-11.0.9~dev65-13.30.2, venv-openstack-nova-16.1.9~dev61-11.28.2, venv-openstack-octavia-1.0.6~dev3-12.27.2, venv-openstack-sahara-7.0.5~dev4-11.26.2, venv-openstack-swift-2.15.2_2.15.2_2.15.2~dev32-11.18.1, venv-openstack-trove-8.0.2~dev2-11.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2020:2072-1: An update that solves 31 vulnerabilities and has 8 fixes is now available. Category: recommended (low) Bug References: 1037777,1068612,1069468,1070737,1077718,1083903,1111657,1126503,1133817,1135773,1138748,1148383,1149110,1149535,1153191,1156525,1159447,1160152,1160153,1160192,1160790,1160851,1161088,1161089,1161349,1161670,1164316,1165402,1167244,1170657,1171560,1171909,1172166,1172167,1172175,1172176,1172409,948198,981848 CVE References: CVE-2017-1000246,CVE-2017-4965,CVE-2017-4967,CVE-2018-1000115,CVE-2019-0201,CVE-2019-11596,CVE-2019-15026,CVE-2019-15043,CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792,CVE-2019-16865,CVE-2019-18874,CVE-2019-19844,CVE-2019-19911,CVE-2019-3498,CVE-2019-3828,CVE-2020-10663,CVE-2020-10743,CVE-2020-11076,CVE-2020-11077,CVE-2020-12052,CVE-2020-13254,CVE-2020-13379,CVE-2020-13596,CVE-2020-5247,CVE-2020-5312,CVE-2020-5313,CVE-2020-5390,CVE-2020-8151 JIRA References: ECO-1256,SOC-10357,SOC-11067,SOC-11077,SOC-11079,SOC-11082,SOC-11122,SOC-11174,SOC-11187,SOC-11224,SOC-11238,SOC-11243,SOC-11248,SOC-11251,SOC-11286,SOC-9298,SOC-9801 Sources used: SUSE OpenStack Cloud 7 (src): ansible-2.2.3.0-12.2, crowbar-core-4.0+git.1580209654.1d112d31f-9.66.5, crowbar-ha-4.0+git.1585316203.d6ad2c8-4.52.4, crowbar-openstack-4.0+git.1589804581.9972163f0-9.71.4, grafana-4.6.5-1.14.1, keepalived-2.0.19-1.8.1, kibana-4.6.3-5.1, memcached-1.5.17-3.6.1, monasca-installer-20180608_12.47-12.1, openstack-dashboard-theme-SUSE-2016.2-5.12.4, openstack-manila-3.0.1~dev30-4.12.2, openstack-manila-doc-3.0.1~dev30-4.12.3, openstack-neutron-fwaas-9.0.2~dev5-4.9.3, openstack-neutron-fwaas-doc-9.0.2~dev5-4.9.4, openstack-nova-14.0.11~dev13-4.40.2, openstack-nova-doc-14.0.11~dev13-4.40.2, openstack-tempest-12.2.1~a0~dev177-4.9.1, python-Django-1.8.19-3.23.1, python-Pillow-2.8.1-4.12.1, python-psql2mysql-0.5.0+git.1589351878.4ef877c-1.12.1, python-psutil-1.2.1-21.1, python-py-1.8.1-11.12.1, python-pysaml2-4.0.2-3.17.1, python-waitress-1.4.3-3.3.1, rabbitmq-server-3.4.4-3.16.1, release-notes-suse-openstack-cloud-7.20180803-3.18.3, rubygem-activeresource-4.0.0-3.3.1, rubygem-crowbar-client-3.9.2-7.20.1, rubygem-json-1_7-1.7.7-3.3.1, rubygem-puma-2.16.0-4.6.1, zookeeper-3.4.10-6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2020:2161-1: An update that solves 24 vulnerabilities and has 10 fixes is now available. Category: recommended (moderate) Bug References: 1019111,1107190,1126503,1136928,1153191,1159046,1159447,1160151,1160152,1160153,1160192,1160790,1161088,1161089,1161670,1161919,1163446,1165022,1170657,1171070,1171071,1171072,1171273,1171594,1171909,1172166,1172167,1172409,1172522,1173413,1173416,1173418,1173420,1174006 CVE References: CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792,CVE-2019-16865,CVE-2019-19844,CVE-2019-19911,CVE-2019-3828,CVE-2020-10177,CVE-2020-10378,CVE-2020-10743,CVE-2020-10755,CVE-2020-10994,CVE-2020-11538,CVE-2020-12052,CVE-2020-13254,CVE-2020-13379,CVE-2020-13596,CVE-2020-5311,CVE-2020-5312,CVE-2020-5313,CVE-2020-7471,CVE-2020-8184,CVE-2020-9402 JIRA References: SOC-10029,SOC-10106,SOC-10124,SOC-10317,SOC-10357,SOC-11077,SOC-11082,SOC-11126,SOC-11176,SOC-11203,SOC-11209,SOC-11241,SOC-11243,SOC-11248,SOC-11249,SOC-11274,SOC-11279,SOC-11286,SOC-11289,SOC-11294,SOC-11297,SOC-11298,SOC-11299,SOC-11306,SOC-11314,SOC-11330,SOC-11341,SOC-11342,SOC-6780,SOC-9235,SOC-9775 Sources used: SUSE OpenStack Cloud Crowbar 9 (src): crowbar-core-6.0+git.1594619891.b75a61d0d-3.25.5, crowbar-openstack-6.0+git.1591795073.49cb6400e-3.25.3, grafana-6.2.5-3.12.2, kibana-4.6.3-4.3.2, openstack-barbican-7.0.1~dev24-3.9.5, openstack-ceilometer-11.1.1~dev7-3.16.3, openstack-cinder-13.0.10~dev12-3.22.4, openstack-dashboard-14.1.1~dev6-3.15.5, openstack-designate-7.0.2~dev2-3.19.3, openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.6.2, openstack-ironic-11.1.5~dev6-3.19.3, openstack-keystone-14.2.1~dev4-3.22.3, openstack-magnum-7.2.1~dev1-3.13.3, openstack-manila-7.4.2~dev31-4.24.3, openstack-monasca-agent-2.8.2~dev5-3.9.3, openstack-neutron-13.0.8~dev68-3.25.3, openstack-neutron-vsphere-2.0.1~dev167-3.3.3, openstack-nova-18.3.1~dev38-3.25.4, openstack-octavia-3.2.3~dev7-3.25.3, openstack-octavia-amphora-image-0.1.4-7.12.3, openstack-resource-agents-1.0+git.1569436425.8b9c49f-5.3.2, python-Django1-1.11.29-3.15.2, python-Pillow-5.2.0-3.3.2, python-heatclient-1.16.3-3.3.3, python-neutron-tempest-plugin-0.2.0-3.3.2, python-octavia-tempest-plugin-0.2.0-3.3.2, python-os-brick-2.5.10-3.12.3, python-oslo.messaging-8.1.4-3.6.2, python-pyroute2-0.5.2-4.3.2, python-urllib3-1.23-3.12.2, python-waitress-1.4.3-3.3.1, release-notes-suse-openstack-cloud-9.20200610-3.21.4, rubygem-activeresource-4.0.0-4.3.1, rubygem-json-1_7-1.7.7-4.3.1, rubygem-puma-2.16.0-4.9.1 SUSE OpenStack Cloud 9 (src): ansible1-1.9.6-9.7.2, ardana-ansible-9.0+git.1591138508.e269bdb-3.22.2, ardana-cobbler-9.0+git.1588181228.bae3b1f-3.13.2, ardana-glance-9.0+git.1593631708.9354a78-3.13.2, ardana-input-model-9.0+git.1589740948.c24fc0b-3.19.2, ardana-logging-9.0+git.1591193994.d93b668-3.13.2, ardana-manila-9.0+git.1594158642.b5905e4-3.12.2, ardana-monasca-9.0+git.1589385256.7fbfaaf-3.19.2, ardana-mq-9.0+git.1593618110.cbd1a37-3.16.2, ardana-neutron-9.0+git.1590756257.e09d54f-3.22.2, ardana-octavia-9.0+git.1590079609.a2ae6ab-3.19.2, ardana-tempest-9.0+git.1593033709.9495bb2-3.16.2, grafana-6.2.5-3.12.2, kibana-4.6.3-4.3.2, openstack-barbican-7.0.1~dev24-3.9.5, openstack-ceilometer-11.1.1~dev7-3.16.3, openstack-cinder-13.0.10~dev12-3.22.4, openstack-dashboard-14.1.1~dev6-3.15.5, openstack-designate-7.0.2~dev2-3.19.3, openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.6.2, openstack-ironic-11.1.5~dev6-3.19.3, openstack-keystone-14.2.1~dev4-3.22.3, openstack-magnum-7.2.1~dev1-3.13.3, openstack-manila-7.4.2~dev31-4.24.3, openstack-monasca-agent-2.8.2~dev5-3.9.3, openstack-neutron-13.0.8~dev68-3.25.3, openstack-neutron-vsphere-2.0.1~dev167-3.3.3, openstack-nova-18.3.1~dev38-3.25.4, openstack-octavia-3.2.3~dev7-3.25.3, openstack-octavia-amphora-image-0.1.4-7.12.3, openstack-resource-agents-1.0+git.1569436425.8b9c49f-5.3.2, python-Django1-1.11.29-3.15.2, python-Pillow-5.2.0-3.3.2, python-ardana-packager-0.0.3-9.3.2, python-heatclient-1.16.3-3.3.3, python-neutron-tempest-plugin-0.2.0-3.3.2, python-octavia-tempest-plugin-0.2.0-3.3.2, python-os-brick-2.5.10-3.12.3, python-oslo.messaging-8.1.4-3.6.2, python-pyroute2-0.5.2-4.3.2, python-urllib3-1.23-3.12.2, python-waitress-1.4.3-3.3.1, release-notes-suse-openstack-cloud-9.20200610-3.21.4, venv-openstack-barbican-7.0.1~dev24-3.19.3, venv-openstack-cinder-13.0.10~dev12-3.19.2, venv-openstack-designate-7.0.2~dev2-3.19.2, venv-openstack-glance-17.0.1~dev30-3.17.2, venv-openstack-heat-11.0.3~dev35-3.19.2, venv-openstack-horizon-14.1.1~dev6-4.18.3, venv-openstack-ironic-11.1.5~dev6-4.15.2, venv-openstack-keystone-14.2.1~dev4-3.19.2, venv-openstack-magnum-7.2.1~dev1-4.19.2, venv-openstack-manila-7.4.2~dev31-3.21.2, venv-openstack-monasca-2.7.1~dev10-3.17.3, venv-openstack-monasca-ceilometer-1.8.2~dev3-3.19.2, venv-openstack-neutron-13.0.8~dev68-6.19.2, venv-openstack-nova-18.3.1~dev38-3.19.3, venv-openstack-octavia-3.2.3~dev7-4.19.2, venv-openstack-sahara-9.0.2~dev15-3.19.2, venv-openstack-swift-2.19.2~dev48-2.14.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Security, please review and close when appropriate
Fixed: SUSE:SLE-12-SP3:Update:Products:Cloud7:Update SUSE:SLE-12-SP3:Update:Products:Cloud8:Update SUSE:SLE-12-SP4:Update:Products:Cloud9:Update Missing: SUSE:SLE-12-SP3:Update:Products:SES5:Update SUSE:SLE-15:Update
Adding Lenz, Nathan and Tim to check for their parts of SES5.
SUSE-SU-2020:3269-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1160790,1161088,1161089,1161670 CVE References: CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): python-waitress-1.4.3-3.3.1 SUSE Linux Enterprise Server 15-LTSS (src): python-waitress-1.4.3-3.3.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): python-waitress-1.4.3-3.3.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src): python-waitress-1.4.3-3.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): python-waitress-1.4.3-3.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): python-waitress-1.4.3-3.3.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): python-waitress-1.4.3-3.3.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): python-waitress-1.4.3-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:3292-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1160790,1161088,1161089,1161670 CVE References: CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792 JIRA References: Sources used: SUSE Enterprise Storage 5 (src): python-waitress-1.4.3-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:1911-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1160790,1161088,1161089,1161670 CVE References: CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792 JIRA References: Sources used: openSUSE Leap 15.2 (src): python-waitress-1.4.3-lp152.4.3.1
openSUSE-SU-2020:1922-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1160790,1161088,1161089,1161670 CVE References: CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792 JIRA References: Sources used: openSUSE Leap 15.1 (src): python-waitress-1.4.3-lp151.3.3.1
Released.