SUSE-CU-2024:1971-1: Security update of bci/python
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu May 9 07:14:37 UTC 2024
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1971-1
Container Tags : bci/python:3 , bci/python:3-18.13 , bci/python:3.11 , bci/python:3.11-18.13 , bci/python:latest
Container Release : 18.13
Severity : important
Type : security
References : 1189495 1211301 1219559 1219666 1221260 1221854 CVE-2023-52425
CVE-2023-6597 CVE-2024-0450
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1556-1
Released: Wed May 8 11:40:36 2024
Summary: Security update for python311
Type: security
Severity: important
References: 1189495,1211301,1219559,1219666,1221260,1221854,CVE-2023-52425,CVE-2023-6597,CVE-2024-0450
This update for python311 fixes the following issues:
- CVE-2024-0450: Fixed 'quoted-overlap' issue inside the zipfile module (bsc#1221854).
- CVE-2023-6597: Fixed removing tempfile.TemporaryDirectory in some edge cases related to symlinks (bsc#1219666).
- CVE-2023-52425: Fixed denial of service (resource consumption) caused by processing large tokens (bsc#1219559).
Bug fixes:
- Eliminate ResourceWarning which broke the test suite in test_asyncio (bsc#1221260).
- Revert use of %autopatch (bsc#1189495).
- Use the system-wide crypto-policies (bsc#1211301).
The following package changes have been done:
- libpython3_11-1_0-3.11.9-150400.9.26.1 updated
- python311-base-3.11.9-150400.9.26.1 updated
- python311-3.11.9-150400.9.26.1 updated
- python311-devel-3.11.9-150400.9.26.1 updated
- container:sles15-image-15.0.0-36.11.31 updated
More information about the sle-container-updates
mailing list