Bug 1187045 – VUL-0: CVE-2021-33503: python-urllib3: Catastrophic backtracking in URL authority parser when passed URL containing many @ characters

Bug 1187045 - (CVE-2021-33503) VUL-0: CVE-2021-33503: python-urllib3: Catastrophic backtracking in URL authority parser when passed URL containing many @ characters

(CVE-2021-33503)
Summary:	VUL-0: CVE-2021-33503: python-urllib3: Catastrophic backtracking in URL autho...

Status:	RESOLVED FIXED
Duplicates:	1188903 (view as bug list)

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/301293/
Whiteboard:	CVSSv3.1:SUSE:CVE-2021-33503:7.5:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-06-08 12:53 UTC by Gianluca Gabrielli
Modified:	2023-01-25 04:55 UTC (History)
CC List:	8 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gianluca Gabrielli 2021-06-08 12:53:26 UTC

When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.

References:

https://github.com/advisories/GHSA-q2q7-5pp4-w6pg

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1968074
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33503

Comment 1 Gianluca Gabrielli 2021-06-08 12:54:21 UTC

Affected packages:
 - SUSE:SLE-15-SP3:Update/python-urllib3   1.25.10
 - openSUSE:Factory/python-urllib3         1.26.4

Upstream patch [0].

[0] https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec.patch

Comment 5 Johannes Grassler 2021-06-11 11:05:18 UTC

Maintenance request for patched version 1.25.10 in SLE 15 SP3 created:

https://build.suse.de/request/show/243026

Regarding OpenSUSE: I'd like to leave submitting openSUSE:Factory/python-urllib3 to the devel:languages:python maintainers. python-urllib3 is quite dicey in terms of dependencies and I'd rather not break something in openSUSE:Factory by submitting python-urllib3 and accidentally overlooking one or more packages that depend on the older version.

Comment 6 Gianluca Gabrielli 2021-06-11 11:21:41 UTC

@steven.kowalik@suse.com alarrosa@suse.com aplanas@suse.com rjschwei@suse.com

Comment 7 Gianluca Gabrielli 2021-06-11 11:24:55 UTC

Please ignore my previous message.

@Steven, @Antonio, @Alberto, @Robert: can any of, as maintainer of `devel:languages:python` you help Johannes here?

Comment 9 Swamp Workflow Management 2021-06-18 10:21:44 UTC

SUSE-SU-2021:2012-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1187045
CVE References: CVE-2021-33503
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    python-urllib3-1.25.10-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 10 Swamp Workflow Management 2021-06-28 20:11:34 UTC

SUSE-SU-2021:2195-1: An update that solves one vulnerability, contains two features and has two fixes is now available.

Category: security (moderate)
Bug References: 1176784,1182421,1187045
CVE References: CVE-2021-33503
JIRA References: ECO-3105,ECO-3352
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    python-requests-2.24.0-3.3.1, python-urllib3-1.25.10-5.19.1
SUSE OpenStack Cloud 8 (src):    python-requests-2.24.0-3.3.1, python-urllib3-1.25.10-5.19.1
HPE Helion Openstack 8 (src):    python-requests-2.24.0-3.3.1, python-urllib3-1.25.10-5.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Swamp Workflow Management 2021-06-28 20:13:39 UTC

SUSE-RU-2021:2194-1: An update that solves one vulnerability, contains two features and has 6 fixes is now available.

Category: recommended (important)
Bug References: 1125671,1154393,1175289,1176784,1176785,1182421,1187045
CVE References: CVE-2021-33503
JIRA References: ECO-3105,ECO-3352
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE OpenStack Cloud Crowbar 8 (src):    aws-cli-1.19.9-22.24.2, python-PyYAML-5.3.1-28.4.3, python-botocore-1.20.9-28.30.2, python-colorama-0.4.4-4.4.2, python-pexpect-4.3.1-3.9.2, python-ptyprocess-0.5.2-2.8.2, python-six-1.14.0-13.10.3, python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE OpenStack Cloud 9 (src):    python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE OpenStack Cloud 8 (src):    aws-cli-1.19.9-22.24.2, python-PyYAML-5.3.1-28.4.3, python-botocore-1.20.9-28.30.2, python-colorama-0.4.4-4.4.2, python-pexpect-4.3.1-3.9.2, python-ptyprocess-0.5.2-2.8.2, python-six-1.14.0-13.10.3, python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE OpenStack Cloud 7 (src):    python-PyYAML-5.3.1-28.4.3, python-colorama-0.4.4-4.4.2, python-configparser-3.5.0-2.10.3, python-pexpect-4.3.1-3.9.2, python-ptyprocess-0.5.2-2.8.2, python-scandir-1.9.0-1.9.2, python-websocket-client-0.57.0-15.4.2
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    python-pexpect-4.3.1-3.9.2, python-ptyprocess-0.5.2-2.8.2, python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    python-six-1.14.0-13.10.3, python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE Linux Enterprise Server 12-SP5 (src):    python-requests-2.24.0-8.11.4, python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    python-six-1.14.0-13.10.3, python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE Linux Enterprise Server 12-SP3-BCL (src):    python-six-1.14.0-13.10.3, python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE Linux Enterprise Server 12-SP2-BCL (src):    python-six-1.14.0-13.10.3, python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3
SUSE Linux Enterprise Module for Web Scripting 12 (src):    libsodium-1.0.16-1.7.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    aws-cli-1.19.9-22.24.2, azure-cli-2.14.2-2.10.2, azure-cli-command-modules-nspkg-2.0.3-2.10.2, azure-cli-core-2.14.2-2.10.2, azure-cli-nspkg-3.0.4-2.10.2, azure-cli-telemetry-1.0.6-2.7.2, azure-cli-test-2.14.2-2.10.2, libsodium-1.0.16-1.7.1, python-Fabric-2.5.0-2.3.4, python-PyNaCl-1.2.1-2.3.6, python-PyYAML-5.3.1-28.4.3, python-Pygments-2.4.2-10.4.3, python-adal-1.2.4-5.10.2, python-antlr4-python3-runtime-4.8-2.3.2, python-applicationinsights-0.11.9-2.11.2, python-atomicwrites-1.1.5-2.3.2, python-attrs-18.1.0-2.7.3, python-azure-ai-anomalydetector-3.0.0b2-2.3.2, python-azure-ai-metricsadvisor-1.0.0b1-2.3.2, python-azure-ai-nspkg-1.0.0-2.3.2, python-azure-ai-textanalytics-5.0.0-2.3.2, python-azure-appconfiguration-1.1.1-2.3.2, python-azure-applicationinsights-0.1.0-2.8.2, python-azure-batch-9.0.0-2.10.3, python-azure-cognitiveservices-anomalydetector-0.3.0-2.3.2, python-azure-cognitiveservices-formrecognizer-0.1.1-2.3.2, python-azure-cognitiveservices-inkrecognizer-1.0.0b1-2.3.2, python-azure-cognitiveservices-knowledge-nspkg-3.0.0-2.3.2, python-azure-cognitiveservices-knowledge-qnamaker-0.2.0-2.3.2, python-azure-cognitiveservices-language-luis-0.7.0-2.7.2, python-azure-cognitiveservices-language-nspkg-3.0.1-2.7.2, python-azure-cognitiveservices-language-spellcheck-2.0.0-2.7.2, python-azure-cognitiveservices-language-textanalytics-0.2.0-2.7.2, python-azure-cognitiveservices-nspkg-3.0.1-2.7.2, python-azure-cognitiveservices-personalizer-0.1.0-2.3.2, python-azure-cognitiveservices-search-autosuggest-0.2.0-2.7.2, python-azure-cognitiveservices-search-customimagesearch-0.2.0-2.3.2, python-azure-cognitiveservices-search-customsearch-0.3.0-2.7.2, python-azure-cognitiveservices-search-entitysearch-2.0.0-2.7.2, python-azure-cognitiveservices-search-imagesearch-2.0.0-2.7.2, python-azure-cognitiveservices-search-newssearch-2.0.0-2.7.2, python-azure-cognitiveservices-search-nspkg-3.0.1-2.7.2, python-azure-cognitiveservices-search-videosearch-2.0.0-2.7.2, python-azure-cognitiveservices-search-visualsearch-0.2.0-2.7.2, python-azure-cognitiveservices-search-websearch-2.0.0-2.7.2, python-azure-cognitiveservices-vision-computervision-0.7.0-2.7.2, python-azure-cognitiveservices-vision-contentmoderator-1.0.0-2.7.2, python-azure-cognitiveservices-vision-customvision-3.0.0-2.7.2, python-azure-cognitiveservices-vision-face-0.4.1-2.3.2, python-azure-cognitiveservices-vision-nspkg-3.0.1-2.7.2, python-azure-common-1.1.25-2.10.2, python-azure-communication-administration-1.0.0b2-2.3.3, python-azure-communication-chat-1.0.0b2-2.3.2, python-azure-communication-nspkg-0.0.0b1-2.3.2, python-azure-communication-sms-1.0.0b3-2.3.2, python-azure-core-1.9.0-2.3.4, python-azure-cosmos-4.2.0-2.3.2, python-azure-data-nspkg-1.0.0-2.3.2, python-azure-data-tables-12.0.0b2-2.3.2, python-azure-datalake-store-0.0.51-2.10.4, python-azure-devops-6.0.0b4-2.3.3, python-azure-eventgrid-1.3.0-2.7.2, python-azure-eventhub-5.2.0-2.3.2, python-azure-eventhub-checkpointstoreblob-1.1.1-2.3.2, python-azure-functions-devops-build-0.0.22-2.3.2, python-azure-graphrbac-0.61.1-2.10.2, python-azure-identity-1.5.0-2.3.4, python-azure-keyvault-4.1.0-2.10.2, python-azure-keyvault-administration-4.0.0b2-2.3.2, python-azure-keyvault-certificates-4.2.1-2.3.2, python-azure-keyvault-keys-4.3.0-2.3.2, python-azure-keyvault-nspkg-1.0.0-2.3.2, python-azure-keyvault-secrets-4.2.0-2.3.2, python-azure-loganalytics-0.1.0-2.7.2, python-azure-mgmt-4.0.0-2.14.3, python-azure-mgmt-advisor-4.0.0-2.7.2, python-azure-mgmt-alertsmanagement-0.2.0rc2-2.3.2, python-azure-mgmt-apimanagement-0.2.0-2.3.2, python-azure-mgmt-appconfiguration-1.0.1-2.3.2, python-azure-mgmt-applicationinsights-0.3.0-2.7.2, python-azure-mgmt-appplatform-1.0.0-2.3.2, python-azure-mgmt-attestation-0.1.0.0-2.3.2, python-azure-mgmt-authorization-0.61.0-2.10.2, python-azure-mgmt-automanage-1.0.0b1-2.3.2, python-azure-mgmt-automation-0.1.1-2.3.2, python-azure-mgmt-azurestack-0.1.0-2.3.2, python-azure-mgmt-azurestackhci-1.0.0rc1-2.3.2, python-azure-mgmt-baremetalinfrastructure-1.0.0b1-2.3.2, python-azure-mgmt-batch-9.0.0-2.10.2, python-azure-mgmt-batchai-2.0.0-2.7.2, python-azure-mgmt-billing-0.2.0-2.10.2, python-azure-mgmt-botservice-0.2.0-2.7.2, python-azure-mgmt-cdn-5.1.0-2.10.2, python-azure-mgmt-cognitiveservices-6.3.0-2.10.2, python-azure-mgmt-commerce-1.0.1-2.10.2, python-azure-mgmt-communication-1.0.0b2-2.3.2, python-azure-mgmt-compute-17.0.0-2.10.2, python-azure-mgmt-consumption-3.0.0-2.10.2, python-azure-mgmt-containerinstance-2.0.0-2.10.2, python-azure-mgmt-containerregistry-3.0.0rc15-2.10.2, python-azure-mgmt-containerservice-9.4.0-2.10.2, python-azure-mgmt-core-1.2.2-2.3.2, python-azure-mgmt-cosmosdb-1.0.0-2.10.2, python-azure-mgmt-costmanagement-0.2.0-2.3.2, python-azure-mgmt-databoxedge-0.1.0-2.3.2, python-azure-mgmt-databricks-0.1.0-2.3.2, python-azure-mgmt-datafactory-0.13.0-2.7.2, python-azure-mgmt-datalake-analytics-0.6.0-2.10.2, python-azure-mgmt-datalake-nspkg-3.0.1-2.10.2, python-azure-mgmt-datalake-store-0.5.0-2.10.2, python-azure-mgmt-datamigration-4.0.0-2.7.2, python-azure-mgmt-datashare-0.2.0-2.3.2, python-azure-mgmt-deploymentmanager-0.2.0-2.3.2, python-azure-mgmt-devspaces-0.2.0-2.7.2, python-azure-mgmt-devtestlabs-4.0.0-2.10.2, python-azure-mgmt-dns-3.0.0-2.10.2, python-azure-mgmt-documentdb-0.1.3-2.10.2, python-azure-mgmt-edgegateway-0.1.0-2.3.2, python-azure-mgmt-eventgrid-3.0.0rc8-2.10.2, python-azure-mgmt-eventhub-8.0.0-2.10.2, python-azure-mgmt-frontdoor-0.3.0-2.3.2, python-azure-mgmt-hanaonazure-0.14.0-2.7.2, python-azure-mgmt-hdinsight-1.7.0-2.7.2, python-azure-mgmt-healthcareapis-0.1.0-2.3.2, python-azure-mgmt-hybridcompute-2.0.0-2.3.2, python-azure-mgmt-imagebuilder-0.4.0-2.3.2, python-azure-mgmt-iotcentral-3.1.0-2.7.2, python-azure-mgmt-iothub-0.12.0-2.10.2, python-azure-mgmt-iothubprovisioningservices-0.2.0-2.7.2, python-azure-mgmt-keyvault-8.0.0-2.10.2, python-azure-mgmt-kubernetesconfiguration-0.2.0-2.3.2, python-azure-mgmt-kusto-0.9.0-2.7.2, python-azure-mgmt-labservices-0.1.1-2.3.2, python-azure-mgmt-loganalytics-1.0.0-2.7.2, python-azure-mgmt-logic-4.0.0rc2-2.10.2, python-azure-mgmt-machinelearningcompute-0.4.1-2.7.2, python-azure-mgmt-machinelearningservices-0.1.0-2.3.2, python-azure-mgmt-managedservices-1.0.0-2.3.2, python-azure-mgmt-managementgroups-0.2.0-2.7.2, python-azure-mgmt-managementpartner-0.1.1-2.7.2, python-azure-mgmt-maps-0.1.0-2.7.2, python-azure-mgmt-marketplaceordering-0.2.1-2.7.2, python-azure-mgmt-media-2.2.0-2.10.2, python-azure-mgmt-mixedreality-0.2.0-2.3.2, python-azure-mgmt-monitor-1.0.1-2.10.2, python-azure-mgmt-msi-1.0.0-2.7.2, python-azure-mgmt-netapp-0.13.0-2.3.2, python-azure-mgmt-network-16.0.0-2.10.2, python-azure-mgmt-notificationhubs-2.1.0-2.10.2, python-azure-mgmt-nspkg-3.0.2-2.10.2, python-azure-mgmt-peering-0.2.0-2.3.2, python-azure-mgmt-policyinsights-0.5.0-2.7.2, python-azure-mgmt-powerbiembedded-2.0.0-2.10.2, python-azure-mgmt-privatedns-0.1.0-2.3.2, python-azure-mgmt-rdbms-3.1.0rc1-2.10.2, python-azure-mgmt-recoveryservices-0.5.0-2.10.2, python-azure-mgmt-recoveryservicesbackup-0.8.0-2.10.2, python-azure-mgmt-redhatopenshift-0.1.0-2.3.2, python-azure-mgmt-redis-7.0.0rc1-2.10.2, python-azure-mgmt-regionmove-1.0.0b1-2.3.2, python-azure-mgmt-relay-0.2.0-2.7.2, python-azure-mgmt-reservations-0.8.0-2.7.2, python-azure-mgmt-resource-10.2.0-2.10.2, python-azure-mgmt-resourcegraph-2.0.0-2.3.2, python-azure-mgmt-resourcemover-1.0.1b1-2.3.2, python-azure-mgmt-scheduler-2.0.0-2.10.2, python-azure-mgmt-search-3.0.0-2.10.2, python-azure-mgmt-security-0.4.1-2.3.2, python-azure-mgmt-serialconsole-0.1.0-2.3.2, python-azure-mgmt-servermanager-2.0.0-2.10.2, python-azure-mgmt-servicebus-1.0.0-2.10.2, python-azure-mgmt-servicefabric-0.5.0-2.10.2, python-azure-mgmt-signalr-0.4.0-2.7.2, python-azure-mgmt-sql-0.24.0-2.10.2, python-azure-mgmt-sqlvirtualmachine-0.5.0-2.3.2, python-azure-mgmt-storage-16.0.0-2.10.2, python-azure-mgmt-storagecache-0.3.0-2.3.2, python-azure-mgmt-storageimportexport-0.1.0-2.3.2, python-azure-mgmt-storagesync-0.2.0-2.3.2, python-azure-mgmt-streamanalytics-1.0.0rc1-2.3.2, python-azure-mgmt-subscription-0.7.0-2.7.2, python-azure-mgmt-synapse-0.4.0-2.3.2, python-azure-mgmt-trafficmanager-0.51.0-2.10.2, python-azure-mgmt-vmwarecloudsimple-0.2.0-2.3.2, python-azure-mgmt-web-0.48.0-2.10.2, python-azure-monitor-0.3.1-2.10.2, python-azure-multiapi-storage-0.5.2-2.10.2, python-azure-nspkg-3.0.2-2.10.3, python-azure-sdk-4.0.0-16.4.3, python-azure-search-documents-11.0.0-2.3.2, python-azure-search-nspkg-1.0.0-2.3.2, python-azure-servicebus-0.50.3-2.10.2, python-azure-servicefabric-7.1.0.45-2.10.2, python-azure-servicemanagement-legacy-0.20.7-2.10.2, python-azure-storage-blob-12.5.0-2.7.2, python-azure-storage-common-2.1.0-2.7.2, python-azure-storage-file-2.1.0-2.7.2, python-azure-storage-file-datalake-12.1.2-2.3.2, python-azure-storage-file-share-12.2.0-2.3.2, python-azure-storage-nspkg-3.1.0-2.7.2, python-azure-storage-queue-12.1.3-2.7.2, python-azure-synapse-accesscontrol-0.3.0-2.3.2, python-azure-synapse-artifacts-0.3.0-2.3.2, python-azure-synapse-nspkg-1.0.0-2.3.2, python-azure-synapse-spark-0.3.0-2.3.2, python-bcrypt-3.1.4-2.3.2, python-boto3-1.17.9-14.24.2, python-botocore-1.20.9-28.30.2, python-brotlipy-0.6.0-2.3.3, python-colorama-0.4.4-4.4.2, python-configparser-3.5.0-2.10.3, python-contextlib2-0.5.5-2.3.2, python-fluidity-sm-0.2.0-2.3.2, python-importlib-metadata-1.5.0-2.3.3, python-importlib_resources-1.0.2-2.3.2, python-invoke-1.3.0-2.3.2, python-javaproperties-0.7.0-2.3.6, python-jsmin-2.2.2-2.3.2, python-jsondiff-1.2.0-2.3.2, python-knack-0.7.2-3.4.2, python-lexicon-1.0.0-2.3.2, python-more-itertools-4.2.0-2.3.2, python-msal-1.6.0-2.3.2, python-msal-extensions-0.3.0-2.3.2, python-msrest-0.6.19-5.14.3, python-msrestazure-0.6.4-5.14.4, python-multidict-4.7.5-2.3.6, python-nose-1.3.7-10.7.2, python-paramiko-2.4.0-9.10.2, python-pathlib2-2.3.2-2.7.2, python-pexpect-4.3.1-3.9.2, python-pkginfo-1.5.0.1-2.3.2, python-pluggy-0.13.1-2.7.3, python-portalocker-1.4.0-2.7.6, python-ptyprocess-0.5.2-2.8.2, python-pydocumentdb-2.3.5-2.7.2, python-pyfakefs-3.7.2-2.3.2, python-pytest-3.10.1-2.16.4, python-pytest-mock-2.0.0-2.8.2, python-pytest-relaxed-1.1.5-2.3.2, python-pytz-2019.1-4.7.2, python-requests-2.24.0-8.11.4, python-scandir-1.9.0-1.9.2, python-scp-0.13.2-2.8.2, python-six-1.14.0-13.10.3, python-spec-1.4.1-2.3.2, python-uamqp-1.2.12-2.7.2, python-urllib3-1.25.10-3.29.1, python-vcrpy-2.0.1-2.3.2, python-vsts-0.1.25-2.3.2, python-websocket-client-0.57.0-15.4.2, python-wrapt-1.12.1-2.3.2, python-xmltodict-0.12.0-2.8.2, python-yarl-1.3.0-2.3.2, python-zipp-0.6.0-2.3.3
SUSE Linux Enterprise High Availability 12-SP5 (src):    python-pexpect-4.3.1-3.9.2, python-ptyprocess-0.5.2-2.8.2, python-requests-2.24.0-8.11.4
SUSE Linux Enterprise High Availability 12-SP4 (src):    python-pexpect-4.3.1-3.9.2, python-ptyprocess-0.5.2-2.8.2
SUSE Linux Enterprise High Availability 12-SP3 (src):    python-pexpect-4.3.1-3.9.2, python-ptyprocess-0.5.2-2.8.2
HPE Helion Openstack 8 (src):    aws-cli-1.19.9-22.24.2, python-PyYAML-5.3.1-28.4.3, python-botocore-1.20.9-28.30.2, python-colorama-0.4.4-4.4.2, python-pexpect-4.3.1-3.9.2, python-ptyprocess-0.5.2-2.8.2, python-six-1.14.0-13.10.3, python-urllib3-1.25.10-3.29.1, python3-requests-2.24.0-8.14.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2021-07-10 10:19:14 UTC

openSUSE-SU-2021:2012-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1187045
CVE References: CVE-2021-33503
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    python-urllib3-1.25.10-4.3.1

Comment 14 OBSbugzilla Bot 2021-07-12 11:40:07 UTC

This is an autogenerated message for OBS integration:
This bug (1187045) was mentioned in
https://build.opensuse.org/request/show/905832 Factory / python-urllib3

Comment 15 Johannes Grassler 2021-07-23 08:30:45 UTC

For completeness' sake: the older version of python-urllib3 (1.23) we ship in Cloud 9 is not affected by this problem. This bug was introduced in version 1.25.4, by this commit: https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f

Comment 16 Christian Almeida de Oliveira 2021-07-28 10:22:59 UTC

affected SOC version fix included in the MU. Back to security team.

Comment 17 Thomas Abraham 2021-08-13 13:24:50 UTC

*** Bug 1188903 has been marked as a duplicate of this bug. ***

Comment 27 Swamp Workflow Management 2022-02-16 20:37:16 UTC

SUSE-FU-2022:0454-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 28 Swamp Workflow Management 2022-02-16 21:08:27 UTC

SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Swamp Workflow Management 2022-02-16 21:46:30 UTC

SUSE-FU-2022:0456-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 30 Swamp Workflow Management 2022-02-16 22:13:13 UTC

SUSE-FU-2022:0450-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 31 Swamp Workflow Management 2022-02-16 22:39:49 UTC

SUSE-FU-2022:0444-1: An update that solves 51 vulnerabilities, contains 21 features and has 249 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-9015,CVE-2017-18342,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 15-BETA (src):    venv-salt-minion-3002.2-159000.3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 32 Swamp Workflow Management 2022-02-16 23:06:44 UTC

SUSE-FU-2022:0452-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 33 Swamp Workflow Management 2022-02-16 23:33:42 UTC

SUSE-FU-2022:0447-1: An update that solves 54 vulnerabilities, contains 6 features and has 247 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000742,1002895,1003091,1005246,1010874,1010966,1011936,1015549,1027610,1027705,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042670,1049186,1049304,1050653,1050665,1055478,1055542,1056951,1057496,1062237,1066873,1068790,1070737,1070738,1070853,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087104,1088573,1090427,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097531,1098535,1099308,1099569,1102868,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112357,1115769,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150190,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1159235,1159538,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1178168,1178341,1178670,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1190781,1193357,428177,431945,589441,613497,637176,657698,658604,673071,715423,743787,747125,750618,751718,754447,754677,761500,784670,787526,799119,809831,811890,825221,828513,831629,834601,835687,839107,84331,855666,858239,867887,871152,885662,885882,889363,892480,898917,907584,912460,913229,915479,917607,917759,917815,922448,929736,930189,931978,935856,937912,939456,940608,942385,942751,944204,945455,946648,947357,947679,948198,954486,954690,961334,962291,963974,964204,964472,964474,965830,967128,968270,968601,975875,981848,988086,992988,992989,992992,993130,993825,993968,994910,996255,997614
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1437,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2014-0012,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-4650,CVE-2014-7202,CVE-2014-7203,CVE-2014-9721,CVE-2015-2296,CVE-2016-10745,CVE-2016-1238,CVE-2016-9015,CVE-2017-18342,CVE-2017-6512,CVE-2018-18074,CVE-2018-20060,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426
JIRA References: ECO-3105,SLE-12986,SLE-17532,SLE-17957,SLE-7686,SLE-9135
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.