Bugzilla – Bug 1205244
VUL-0: CVE-2022-45061: python39,python3,python310,python36,python,python27: quadratic time IDNA decoding
Last modified: 2023-01-30 20:20:09 UTC
CVE-2022-45061 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45061 https://www.cve.org/CVERecord?id=CVE-2022-45061 https://github.com/python/cpython/issues/98433
This affects all Python versions it seems
This is an autogenerated message for OBS integration: This bug (1205244) was mentioned in https://build.opensuse.org/request/show/1034962 Factory / python310 https://build.opensuse.org/request/show/1034963 Factory / python311 https://build.opensuse.org/request/show/1034964 Factory / python38
This is an autogenerated message for OBS integration: This bug (1205244) was mentioned in https://build.opensuse.org/request/show/1034968 Factory / python39 https://build.opensuse.org/request/show/1034969 Factory / python
This is an autogenerated message for OBS integration: This bug (1205244) was mentioned in https://build.opensuse.org/request/show/1035107 Factory / python
SUSE-SU-2022:4004-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1204886,1205244 CVE References: CVE-2022-42919,CVE-2022-45061 JIRA References: Sources used: openSUSE Leap 15.4 (src): python310-3.10.8-150400.4.15.1, python310-core-3.10.8-150400.4.15.1, python310-documentation-3.10.8-150400.4.15.1 SUSE Linux Enterprise Module for Python3 15-SP4 (src): python310-3.10.8-150400.4.15.1, python310-core-3.10.8-150400.4.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:4071-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1204886,1205244 CVE References: CVE-2022-42919,CVE-2022-45061 JIRA References: Sources used: openSUSE Leap 15.4 (src): python39-3.9.15-150300.4.21.1, python39-core-3.9.15-150300.4.21.1, python39-documentation-3.9.15-150300.4.21.1 openSUSE Leap 15.3 (src): python39-3.9.15-150300.4.21.1, python39-core-3.9.15-150300.4.21.1, python39-documentation-3.9.15-150300.4.21.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): python39-core-3.9.15-150300.4.21.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): python39-3.9.15-150300.4.21.1, python39-core-3.9.15-150300.4.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
I believe this is all done. Am I right?
SUSE-SU-2022:4251-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1203125,1205244 CVE References: CVE-2020-10735,CVE-2022-45061 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2 SUSE OpenStack Cloud 9 (src): python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2 SUSE Linux Enterprise Server for SAP 12-SP4 (src): python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2 SUSE Linux Enterprise Server 12-SP5 (src): python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2 SUSE Linux Enterprise Server 12-SP4-LTSS (src): python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2 SUSE Linux Enterprise Server 12-SP3-BCL (src): python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2 SUSE Linux Enterprise Server 12-SP2-BCL (src): python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2 SUSE Linux Enterprise Module for Web Scripting 12 (src): python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:4258-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1205244 CVE References: CVE-2022-45061 JIRA References: Sources used: SUSE Manager Server 4.1 (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Manager Retail Branch Server 4.1 (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Manager Proxy 4.1 (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise Server for SAP 15 (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise Server 15-LTSS (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise Micro 5.1 (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Enterprise Storage 7 (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE Enterprise Storage 6 (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 SUSE CaaS Platform 4.0 (src): python3-3.6.15-150000.3.119.1, python3-core-3.6.15-150000.3.119.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:4275-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1202666,1205244 CVE References: CVE-2022-45061 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): python-2.7.18-33.17.1, python-base-2.7.18-33.17.1, python-doc-2.7.18-33.17.1 SUSE OpenStack Cloud 9 (src): python-2.7.18-33.17.1, python-base-2.7.18-33.17.1, python-doc-2.7.18-33.17.1 SUSE Linux Enterprise Workstation Extension 12-SP5 (src): python-base-2.7.18-33.17.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): python-2.7.18-33.17.1, python-base-2.7.18-33.17.1, python-doc-2.7.18-33.17.1 SUSE Linux Enterprise Server 12-SP5 (src): python-2.7.18-33.17.1, python-base-2.7.18-33.17.1, python-doc-2.7.18-33.17.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): python-2.7.18-33.17.1, python-base-2.7.18-33.17.1, python-doc-2.7.18-33.17.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hi, Will we have a fix for python3 in SUSE Linux Enterprise Server 15 SP4? BRs/KhanhVu
SUSE-SU-2023:0213-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 1202666,1205244 CVE References: CVE-2022-45061 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP2-BCL (src): python-2.7.18-28.93.1, python-base-2.7.18-28.93.1, python-doc-2.7.18-28.93.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.