SUSE-RU-2018:4074-1: moderate: Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Wed Dec 12 01:41:59 MST 2018
SUSE Recommended Update: Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer
______________________________________________________________________________
Announcement ID: SUSE-RU-2018:4074-1
Rating: moderate
References: #1088310 #1092493 #1098125 #1105988 #1118021
#1118027
Affected Products:
SUSE Linux Enterprise Module for Public Cloud 15
SUSE Linux Enterprise Module for Packagehub Subpackages 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Basesystem 15
______________________________________________________________________________
An update that solves one vulnerability and has 5 fixes is
now available.
Description:
This update for aws-cli, python-boto3, python-botocore, python-s3transfer
fixes the following issues:
aws-cli:
- Update to version 1.16.61. (bsc#1088310)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.1/CHANGELOG.rst
- Update to version 1.16.1 (bsc#1105988, bsc#1092493)
+ CVE-2018-15869: An Amazon Web Services (AWS) developer who does not
specify the --owners flag when describing images via AWS CLI, and
therefore not properly validating source software per AWS recommended
security best practices, might have unintentionally loaded an
undesired and potentially malicious Amazon Machine Image (AMI) from
the uncurated public community AMI catalog.
- Disable vendored versions of requests and six from botocore and use
requests and six from the RPM packages.
python-botocore:
- Update to version 1.10.40
+ For detailed changes, please refer to the changelog.
+ Remove the broken attempt to avoid using the bundeled requests module
provided by the source (bsc#1088310)
python-boto3:
- Version update to 1.9.57 (bsc#1118021, bsc#1118027)
+ For detailed changes, please refer to the changelog.
python-s3transfer:
- Update to version 0.1.13
- Make sure to really not use any bundles.
- enhancement:max_bandwidth: Add ability to set maximum bandwidth
consumption for streaming of S3 uploads and downloads.
Patch Instructions:
To install this SUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Public Cloud 15:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2018-2898=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2898=1
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:
zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2018-2898=1
- SUSE Linux Enterprise Module for Basesystem 15:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2898=1
Package List:
- SUSE Linux Enterprise Module for Public Cloud 15 (noarch):
aws-cli-1.16.61-4.7.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15 (noarch):
python2-boto3-1.9.57-3.5.1
python2-botocore-1.12.57-3.5.1
python2-s3transfer-0.1.13-3.3.6
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch):
python2-boto3-1.9.57-3.5.1
python2-botocore-1.12.57-3.5.1
python2-s3transfer-0.1.13-3.3.6
- SUSE Linux Enterprise Module for Basesystem 15 (noarch):
python3-boto3-1.9.57-3.5.1
python3-botocore-1.12.57-3.5.1
python3-s3transfer-0.1.13-3.3.6
References:
https://www.suse.com/security/cve/CVE-2018-15869.html
https://bugzilla.suse.com/1088310
https://bugzilla.suse.com/1092493
https://bugzilla.suse.com/1098125
https://bugzilla.suse.com/1105988
https://bugzilla.suse.com/1118021
https://bugzilla.suse.com/1118027
More information about the sle-updates
mailing list