SUSE-SU-2022:2174-1: important: Security update for python39

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Jun 24 13:21:58 UTC 2022


   SUSE Security Update: Security update for python39
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2174-1
Rating:             important
References:         #1192249 #1198511 SLE-21253 
Cross-References:   CVE-2015-20107
CVSS scores:
                    CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Affected Products:
                    SUSE Linux Enterprise Desktop 15-SP3
                    SUSE Linux Enterprise High Performance Computing 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Development Tools 15-SP3
                    SUSE Linux Enterprise Server 15-SP3
                    SUSE Linux Enterprise Server for SAP Applications 15-SP3
                    SUSE Manager Proxy 4.2
                    SUSE Manager Server 4.2
                    openSUSE Leap 15.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that solves one vulnerability, contains one
   feature and has one errata is now available.

Description:

   This update for python39 fixes the following issues:

   - CVE-2015-20107: avoid command injection in the mailcap module
     (bsc#1198511).

   - Update to 3.9.13:
     - Core and Builtins
       - gh-92311: Fixed a bug where setting frame.f_lineno to jump
         over a list comprehension could misbehave or crash.
       - gh-92112: Fix crash triggered by an evil custom mro() on a metaclass.
       - gh-92036: Fix a crash in subinterpreters related to the garbage
         collector. When a subinterpreter is deleted, untrack all objects
         tracked by its GC. To prevent a crash in deallocator functions
         expecting objects to be tracked by the GC, leak a strong reference
         to these objects on purpose, so they are never deleted and their
         deallocator functions are not called. Patch by Victor Stinner.
       - gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex.
       - bpo-46775: Some Windows system error codes(>= 10000) are now mapped
         into the correct errno and may now raise a subclass of OSError.
         Patch by Dong-hee Na.
       - bpo-46962: Classes and functions that unconditionally declared their
         docstrings ignoring the
         --without-doc-strings compilation flag no longer do so.
       - The classes affected are pickle.PickleBuffer,
         testcapi.RecursingInfinitelyError, and types.GenericAlias.
       - The functions affected are 24 methods in ctypes.
       - Patch by Oleg Iarygin.
       - bpo-36819: Fix crashes in built-in encoders with error handlers that
         return position less or equal than the starting position of
         non-encodable characters.
     - Library
       - gh-91581: utcfromtimestamp() no longer attempts to resolve fold in
         the pure Python implementation, since the fold is never 1 in UTC. In
         addition to being slightly faster in the common case, this also
         prevents some errors when the timestamp is close to datetime.min.
         Patch by Paul Ganssle.
       - gh-92530: Fix an issue that occurred after interrupting
         threading.Condition.notify().
       - gh-92049: Forbid pickling constants re._constants.SUCCESS etc.
         Previously, pickling did not fail, but the result could not be
         unpickled.
       - bpo-47029: Always close the read end of the pipe used by
         multiprocessing.Queue after the last write of buffered data to the
         write end of the pipe to avoid BrokenPipeError at garbage collection
         and at multiprocessing.Queue.close() calls. Patch by Géry Ogam.
       - gh-91910: Add missing f prefix to f-strings in error messages from
         the multiprocessing and asyncio modules.
       - gh-91810: ElementTree method write() and function tostring() now use
         the text file''s encoding ("UTF-8" if not available) instead of
         locale encoding in XML declaration when encoding="unicode" is
         specified.
       - gh-91832: Add required attribute to argparse.Action repr
         output.
       - gh-91734: Fix OSS audio support on Solaris.
       - gh-91700: Compilation of regular expression containing a conditional
         expression (?(group)...) now raises an appropriate re.error if the
         group number refers to not defined group. Previously an internal
         RuntimeError was raised.
       - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per
         test event loop executor before returning from its run method so
         that a not yet stopped or garbage collected executor state does not
         persist beyond the test.
       - gh-90568: Parsing \N escapes of Unicode Named Character Sequences in
         a regular expression raises now re.error instead of TypeError.
       - gh-91595: Fix the comparison of character and integer inside
         Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
       - gh-90622: Worker processes for
         concurrent.futures.ProcessPoolExecutor are no longer spawned on
         demand (a feature added in 3.9) when the multiprocessing context
         start method is "fork" as that can lead to deadlocks in the child
         processes due to a fork happening while threads are running.
       - gh-91575: Update case-insensitive matching in the re module to the
         latest Unicode version.
       - gh-91581: Remove an unhandled error case in the C implementation of
         calls to datetime.fromtimestamp with no time zone (i.e. getting a
         local time from an epoch timestamp). This should have no user-facing
         effect other than giving a possibly more accurate error message when
         called with timestamps that fall on 10000-01-01 in the local time.
         Patch by Paul Ganssle.
       - bpo-34480: Fix a bug where _markupbase raised an UnboundLocalError
         when an invalid keyword was found in marked section. Patch by Marek
         Suscak.
       - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for
         socket.AF_INET or socket.AF_INET6 families. Resolution may not make
         sense for other families, like socket.AF_BLUETOOTH and
         socket.AF_UNIX.
       - bpo-43323: Fix errors in the email module if the charset itself
         contains undecodable/unencodable characters.
       - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception
         memory leak
       - bpo-46415: Fix ipaddress.ip_{address,interface,network} raising
         TypeError instead of ValueError if given invalid tuple as address
         parameter.
       - bpo-44911: IsolatedAsyncioTestCase will no longer throw an exception
         while cancelling leaked tasks. Patch by Bar Harel.
       - bpo-44493: Add missing terminated NUL in sockaddr_un's length
       - This was potentially observable when using non-abstract AF_UNIX
         datagram sockets to processes written in another programming
         language.
       - bpo-42627: Fix incorrect parsing of Windows registry proxy settings
       - bpo-36073: Raise ProgrammingError instead of segfaulting on
         recursive usage of cursors in sqlite3 converters. Patch by Sergey
         Fedoseev.
     - Documentation
       - gh-91888: Add a new gh role to the documentation to link to GitHub
         issues.
       - gh-91783: Document security issues concerning the use of the
         function shutil.unpack_archive()
       - gh-91547: Remove "Undocumented modules" page.
       - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of
         shutil.copytree().
       - bpo-38668: Update the introduction to documentation for
         os.path to remove warnings that became irrelevant after the
   implementations of PEP 383 and PEP 529.
       - bpo-47138: Pin Jinja to a version compatible with Sphinx version
         2.4.4.
       - bpo-46962: All docstrings in code snippets are now wrapped into
         PyDoc_STR() to follow the guideline of PEP 7's Documentation Strings
         paragraph. Patch by Oleg Iarygin.
       - bpo-26792: Improve the docstrings of runpy.run_module() and
         runpy.run_path(). Original patch by Andrew Brezovsky.
       - bpo-45790: Adjust inaccurate phrasing in Defining Extension Types:
         Tutorial about the ob_base field and the macros used to access its
         contents.
       - bpo-42340: Document that in some circumstances KeyboardInterrupt may
         cause the code to enter an inconsistent state. Provided a sample
         workaround to avoid it if needed.
       - bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst
         to their respective section in Doc/library/errno.rst, and vice
         versa. Previously this was
         only done for EINTR and InterruptedError. Patch by Yan "yyyyyyyan"
   Orestes.
       - bpo-38056: Overhaul the Error Handlers documentation in codecs.
       - bpo-13553: Document tkinter.Tk args.
     - Tests
       - gh-91607: Fix test_concurrent_futures to test the correct
         multiprocessing start method context in several cases where the test
         logic mixed this up.
       - bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity()
         error case on FreeBSD.
       - bpo-29890: Add tests for ipaddress.IPv4Interface and
         ipaddress.IPv6Interface construction with tuple arguments. Original
         patch and tests by louisom.
     - Build
       - bpo-47103: Windows PGInstrument builds now copy a required DLL into
         the output directory, making it easier to run the profile stage of a
         PGO build.
     - Windows
       - bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
       - bpo-46785: Fix race condition between os.stat() and unlinking a file
         on Windows, by using errors codes returned by FindFirstFileW() when
         appropriate in win32_xstat_impl.
       - bpo-40859: Update Windows build to use xz-5.2.5
     - Tools/Demos
       - gh-91583: Fix regression in the code generated by Argument Clinic
         for functions with the defining_class parameter.

   - Update to 3.9.12:
     - bpo-46968: Check for the existence of the "sys/auxv.h" header in
       faulthandler to avoid compilation problems in systems where this
       header doesn't exist. Patch by Pablo Galindo
     - bpo-47101: hashlib.algorithms_available now lists only algorithms that
       are provided by activated crypto providers on OpenSSL 3.0. Legacy
       algorithms are not listed unless the legacy provider has been loaded
       into the default OSSL context.
     - bpo-23691: Protect the re.finditer() iterator from re-entering.
     - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a
       "zipfile.BadZipFile: Bad CRC-32 for file" exception when reading a
       ZipFile from multiple threads.
     - bpo-38256: Fix binascii.crc32() when it is compiled to use zlib'c
       crc32 to work properly on inputs 4+GiB in length instead of returning
       the wrong result. The workaround prior to this was to always feed the
       function data in increments smaller than 4GiB or to just call the zlib
       module function.
     - bpo-39394: A warning about inline flags not at the start of the
       regular expression now contains the position of the flag.
     - bpo-47061: Deprecate the various modules listed by PEP 594:
     - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr,
       msilib, nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau,
       telnetlib, uu, xdrlib
     - bpo-2604: Fix bug where doctests using globals would fail when run
       multiple times.
     - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
     - bpo-47022: The asynchat, asyncore and smtpd modules have been
       deprecated since at least Python 3.6. Their documentation has now been
       updated to note they will removed in Python 3.12 (PEP 594).
     - bpo-46421: Fix a unittest issue where if the command was invoked as
       python -m unittest and the filename(s) began with a dot (.), a
       ValueError is returned.
     - bpo-40296: Fix supporting generic aliases in pydoc.
     - bpo-14156: argparse.FileType now supports an argument of '-'; in
       binary mode, returning the .buffer attribute of sys.stdin/sys.stdout
       as appropriate. Modes including 'x' and 'a' are treated equivalently
       to 'w' when argument is '-'. Patch contributed by Josh Rosenberg
   - Update to 3.9.11:
     - bpo-46852: Rename the private undocumented float.__set_format__()
       method to float.__setformat__() to fix a typo introduced in Python
       3.7. The method is only used by test_float. Patch by Victor Stinner.
     - bpo-46794: Bump up the libexpat version into 2.4.6
     - bpo-46762: Fix an assert failure in debug builds when a '<', '>', or
       '=' is the last character in an f-string that's missing a closing
       right brace.
     - bpo-46732: Correct the docstring for the __bool__() method. Patch by
       Jelle Zijlstra.
     - bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c.
     - bpo-46615: When iterating over sets internally in setobject.c, acquire
       strong references to the resulting items from the set. This prevents
       crashes in corner-cases of various set operations where the set gets
       mutated.
     - bpo-43721: Fix docstrings of getter, setter, and deleter to clarify
       that they create a new copy of the property.
     - bpo-46503: Fix an assert when parsing some invalid N escape sequences
       in f-strings.
     - bpo-46417: Fix a race condition on setting a type __bases__ attribute:
       the internal function add_subclass() now gets the
       PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef()
       which can trigger a garbage collection which can indirectly modify
       PyTypeObject.tp_subclasses. Patch by Victor Stinner.
     - bpo-46383: Fix invalid signature of _zoneinfo's module_free function
       to resolve a crash on wasm32-emscripten platform.
     - bpo-43253: Fix a crash when closing transports where the underlying
       socket handle is already invalid on the Proactor event loop.
     - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including
       bugfix for EntryPoint.extras, which was returning match objects and
       not the extras strings.
     - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
     - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically
       determine size of signal handler stack size CPython allocates using
       getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension's
       request to Linux kernel to use AMX_TILE instruction set on Sapphire
       Rapids Xeon processor to succeed, unblocking use of the ISA in
       frameworks.
     - bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch
       by Stefan Zabka.
     - bpo-46932: Update bundled libexpat to 2.4.7
     - bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when
       the iterator is not exhausted. Patch by Jacob Walls.
     - bpo-44886: Inherit asyncio proactor datagram transport from
       asyncio.DatagramTransport.
     - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for
       selector-based event loops. Patch by Thomas Grainger.
     - bpo-46811: Make test suite support Expat >=2.4.5
     - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to
       transport-based APIs.
     - bpo-46784: Fix libexpat symbols collisions with user dynamically
       loaded or statically linked libexpat in embedded Python.
     - bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders
       when running from the guest operating-system.
     - bpo-46756: Fix a bug in
       urllib.request.HTTPPasswordMgr.find_user_password() and
       urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which
       allowed to bypass authorization. For example, access to URI
       example.org/foobar was allowed if the user was authorized for URI
       example.org/foo.
     - bpo-45863: When the tarfile module creates a pax format archive, it
       will put an integer representation of timestamps in the ustar header
       (if possible) for the benefit of older unarchivers, in addition to the
       existing full-precision timestamps in the pax extended header.
     - bpo-46672: Fix NameError in asyncio.gather() when initial type check
       fails.
     - bpo-45948: Fixed a discrepancy in the C implementation of the
       xml.etree.ElementTree module. Now, instantiating an
       xml.etree.ElementTree.XMLParser with a target=None keyword provides a
       default xml.etree.ElementTree.TreeBuilder target as the Python
       implementation does.
     - bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable.
     - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
     - bpo-46487: Add the get_write_buffer_limits method to
       asyncio.transports.WriteTransport and to the SSL transport.
     - bpo-46539: In typing.get_type_hints(), support evaluating stringified
       ClassVar and Final annotations inside Annotated. Patch by Gregory
       Beauregard.
     - bpo-46491: Allow typing.Annotated to wrap typing.Final and
       typing.ClassVar. Patch by Gregory Beauregard.
     - bpo-46436: Fix command-line option -d/--directory in module
       http.server which is ignored when combined with command-line
       option --cgi. Patch by Géry Ogam.
     - bpo-41403: Make mock.patch() raise a TypeError with a relevant error
       message on invalid arg. Previously it allowed a cryptic AttributeError
       to escape.
     - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential
       REDoS by limiting ambiguity in consecutive whitespace.
     - bpo-46469: asyncio generic classes now return types.GenericAlias in
       __class_getitem__ instead of the same class.
     - bpo-46434: pdb now gracefully handles help when __doc__ is missing,
       for example when run with pregenerated optimized .pyc files.
     - bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef
       now honor the module parameter of typing.ForwardRef. Forward
       references from different modules are now differentiated.
     - bpo-43118: Fix a bug in inspect.signature() that was causing it to
       fail on some subclasses of classes with a __text_signature__
       referencing module globals. Patch by Weipeng Hong.
     - bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a
       directory name with a trailing slash.
     - bpo-20392: Fix inconsistency with uppercase file extensions in
       MimeTypes.guess_type(). Patch by Kumar Aditya.
     - bpo-46080: Fix exception in argparse help text generation if a
       argparse.BooleanOptionalAction argument's default is argparse.SUPPRESS
       and it has help specified. Patch by Felix Fontein.
     - bpo-44439: Fix .write() method of a member file in ZipFile, when the
       input data is an object that supports the buffer protocol, the file
       length may be wrong.
     - bpo-45703: When a namespace package is imported before another module
       from the same namespace is created/installed in a different sys.path
       location while the program is running, calling the
       importlib.invalidate_caches() function will now also guarantee the new
       module is noticed.
     - bpo-24959: Fix bug where unittest sometimes drops frames from
       tracebacks of exceptions raised in tests.
     - bpo-46463: Fixes escape4chm.py script used when building the CHM
       documentation file
     - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with
       undefined behavior sanitizer (UBSAN): disable UBSAN on the
       faulthandler_sigfpe() function. Patch by Victor Stinner.
     - bpo-46708: Prevent default asyncio event loop policy modification
       warning after test_asyncio execution.
     - bpo-46616: Ensures test_importlib.test_windows cleans up registry keys
       after completion.
     - bpo-44359: test_ftplib now silently ignores socket errors to prevent
       logging unhandled threading exceptions. Patch by Victor Stinner.
     - bpo-46542: Fix a Python crash in test_lib2to3 when using Python built
       in debug mode: limit the recursion limit. Patch by Victor Stinner.
     - bpo-46576: test_peg_generator now disables compiler
       optimization when testing compilation of its own C extensions to
        significantly speed up the testing on non-debug builds of CPython.
     - bpo-46542: Fix test_json tests checking for RecursionError: modify
       these tests to use support.infinite_recursion(). Patch by Victor
       Stinner.
     - bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the
       readline module is loaded. The readline module changes input()
       behavior, but test_builtin is not intented to test the readline
       module. Patch by Victor Stinner.
     - bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C
       compiler is now run with LC_ALL=C. Previously, the detection failed
       with a German locale.
     - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and
       pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__.
     - bpo-45925: Update Windows installer to use SQLite 3.37.2.
     - bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu,
       'Close' and 'Exit' are now 'Close Window' (the current
       one) and 'Exit' is now 'Exit IDLE' (by closing all windows). In Shell,
        'quit()' and 'exit()' mean 'close Shell'. If there are no other
        windows, this also exits IDLE.
     - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex
       Waygood and Terry Jan Reedy.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-2174=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-2174=1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2174=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2174=1



Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      libpython3_9-1_0-3.9.13-150300.4.13.1
      libpython3_9-1_0-debuginfo-3.9.13-150300.4.13.1
      python39-3.9.13-150300.4.13.1
      python39-base-3.9.13-150300.4.13.1
      python39-base-debuginfo-3.9.13-150300.4.13.1
      python39-core-debugsource-3.9.13-150300.4.13.1
      python39-curses-3.9.13-150300.4.13.1
      python39-curses-debuginfo-3.9.13-150300.4.13.1
      python39-dbm-3.9.13-150300.4.13.1
      python39-dbm-debuginfo-3.9.13-150300.4.13.1
      python39-debuginfo-3.9.13-150300.4.13.1
      python39-debugsource-3.9.13-150300.4.13.1
      python39-devel-3.9.13-150300.4.13.1
      python39-doc-3.9.13-150300.4.13.1
      python39-doc-devhelp-3.9.13-150300.4.13.1
      python39-idle-3.9.13-150300.4.13.1
      python39-testsuite-3.9.13-150300.4.13.1
      python39-testsuite-debuginfo-3.9.13-150300.4.13.1
      python39-tk-3.9.13-150300.4.13.1
      python39-tk-debuginfo-3.9.13-150300.4.13.1
      python39-tools-3.9.13-150300.4.13.1

   - openSUSE Leap 15.4 (x86_64):

      libpython3_9-1_0-32bit-3.9.13-150300.4.13.1
      libpython3_9-1_0-32bit-debuginfo-3.9.13-150300.4.13.1
      python39-32bit-3.9.13-150300.4.13.1
      python39-32bit-debuginfo-3.9.13-150300.4.13.1
      python39-base-32bit-3.9.13-150300.4.13.1
      python39-base-32bit-debuginfo-3.9.13-150300.4.13.1

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      libpython3_9-1_0-3.9.13-150300.4.13.1
      libpython3_9-1_0-debuginfo-3.9.13-150300.4.13.1
      python39-3.9.13-150300.4.13.1
      python39-base-3.9.13-150300.4.13.1
      python39-base-debuginfo-3.9.13-150300.4.13.1
      python39-core-debugsource-3.9.13-150300.4.13.1
      python39-curses-3.9.13-150300.4.13.1
      python39-curses-debuginfo-3.9.13-150300.4.13.1
      python39-dbm-3.9.13-150300.4.13.1
      python39-dbm-debuginfo-3.9.13-150300.4.13.1
      python39-debuginfo-3.9.13-150300.4.13.1
      python39-debugsource-3.9.13-150300.4.13.1
      python39-devel-3.9.13-150300.4.13.1
      python39-doc-3.9.13-150300.4.13.1
      python39-doc-devhelp-3.9.13-150300.4.13.1
      python39-idle-3.9.13-150300.4.13.1
      python39-testsuite-3.9.13-150300.4.13.1
      python39-testsuite-debuginfo-3.9.13-150300.4.13.1
      python39-tk-3.9.13-150300.4.13.1
      python39-tk-debuginfo-3.9.13-150300.4.13.1
      python39-tools-3.9.13-150300.4.13.1

   - openSUSE Leap 15.3 (x86_64):

      libpython3_9-1_0-32bit-3.9.13-150300.4.13.1
      libpython3_9-1_0-32bit-debuginfo-3.9.13-150300.4.13.1
      python39-32bit-3.9.13-150300.4.13.1
      python39-32bit-debuginfo-3.9.13-150300.4.13.1
      python39-base-32bit-3.9.13-150300.4.13.1
      python39-base-32bit-debuginfo-3.9.13-150300.4.13.1

   - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):

      python39-core-debugsource-3.9.13-150300.4.13.1
      python39-tools-3.9.13-150300.4.13.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      libpython3_9-1_0-3.9.13-150300.4.13.1
      libpython3_9-1_0-debuginfo-3.9.13-150300.4.13.1
      python39-3.9.13-150300.4.13.1
      python39-base-3.9.13-150300.4.13.1
      python39-base-debuginfo-3.9.13-150300.4.13.1
      python39-core-debugsource-3.9.13-150300.4.13.1
      python39-curses-3.9.13-150300.4.13.1
      python39-curses-debuginfo-3.9.13-150300.4.13.1
      python39-dbm-3.9.13-150300.4.13.1
      python39-dbm-debuginfo-3.9.13-150300.4.13.1
      python39-debuginfo-3.9.13-150300.4.13.1
      python39-debugsource-3.9.13-150300.4.13.1
      python39-devel-3.9.13-150300.4.13.1
      python39-idle-3.9.13-150300.4.13.1
      python39-tk-3.9.13-150300.4.13.1
      python39-tk-debuginfo-3.9.13-150300.4.13.1


References:

   https://www.suse.com/security/cve/CVE-2015-20107.html
   https://bugzilla.suse.com/1192249
   https://bugzilla.suse.com/1198511



More information about the sle-security-updates mailing list