SUSE-CU-2022:2467-1: Security update of bci/python
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Oct 7 07:46:13 UTC 2022
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2467-1
Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-5.42 , bci/python:latest
Container Release : 5.42
Severity : important
Type : security
References : 1202624 1203125 1203438 CVE-2020-10735 CVE-2021-28861 CVE-2022-40674
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3473-1
Released: Fri Sep 30 10:33:55 2022
Summary: Security update for python310
Type: security
Severity: important
References: 1202624,1203125,CVE-2020-10735,CVE-2021-28861
This update for python310 fixes the following issues:
Updated to version 3.10.7:
- CVE-2020-10735: Fixed DoS due to missing limit of amount of digits when converting text to int (bsc#1203125).
- CVE-2021-28861: Fixed an open redirect in the http server when an URI path starts with // (bsc#1202624).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3489-1
Released: Sat Oct 1 13:35:24 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1203438,CVE-2022-40674
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
The following package changes have been done:
- libexpat1-2.4.4-150400.3.9.1 updated
- libpython3_10-1_0-3.10.7-150400.4.10.1 updated
- python310-base-3.10.7-150400.4.10.1 updated
- python310-3.10.7-150400.4.10.1 updated
- aaa_base-84.87+git20180409.04c9dae-3.57.1 removed
- bash-4.4-150400.25.22 removed
- bash-sh-4.4-150400.25.22 removed
- ca-certificates-2+git20210309.21162a6-2.1 removed
- coreutils-8.32-150400.7.5 removed
- cpio-2.13-150400.1.98 removed
- cracklib-2.9.7-11.6.1 removed
- cracklib-dict-small-2.9.7-11.6.1 removed
- crypto-policies-20210917.c9d86d1-150400.1.7 removed
- curl-7.79.1-150400.5.6.1 removed
- diffutils-3.6-4.3.1 removed
- file-magic-5.32-7.14.1 removed
- filesystem-15.0-11.8.1 removed
- fillup-1.42-2.18 removed
- findutils-4.8.0-1.20 removed
- glibc-2.31-150300.41.1 removed
- grep-3.1-150000.4.6.1 removed
- info-6.5-4.17 removed
- krb5-1.19.2-150400.1.9 removed
- libacl1-2.2.52-4.3.1 removed
- libattr1-2.4.47-2.19 removed
- libaudit1-3.0.6-150400.2.13 removed
- libblkid1-2.37.2-150400.8.3.1 removed
- libbrotlicommon1-1.0.7-3.3.1 removed
- libbrotlidec1-1.0.7-3.3.1 removed
- libbz2-1-1.0.8-150400.1.122 removed
- libcap-ng0-0.7.9-4.37 removed
- libcap2-2.63-150400.1.7 removed
- libcom_err2-1.46.4-150400.3.3.1 removed
- libcrack2-2.9.7-11.6.1 removed
- libcrypt1-4.4.15-150300.4.4.3 removed
- libcurl4-7.79.1-150400.5.6.1 removed
- libdw1-0.185-150400.5.3.1 removed
- libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed
- libelf1-0.185-150400.5.3.1 removed
- libfdisk1-2.37.2-150400.8.3.1 removed
- libffi7-3.2.1.git259-10.8 removed
- libgcc_s1-11.3.0+git1637-150000.1.11.2 removed
- libgcrypt20-1.9.4-150400.4.6 removed
- libgcrypt20-hmac-1.9.4-150400.4.6 removed
- libgmp10-6.1.2-4.9.1 removed
- libgpg-error0-1.42-150400.1.101 removed
- libidn2-0-2.2.0-3.6.1 removed
- libkeyutils1-1.6.3-5.6.1 removed
- libldap-2_4-2-2.4.46-150200.14.11.2 removed
- libldap-data-2.4.46-150200.14.11.2 removed
- liblua5_3-5-5.3.6-3.6.1 removed
- liblz4-1-1.9.3-150400.1.7 removed
- liblzma5-5.2.3-150000.4.7.1 removed
- libmagic1-5.32-7.14.1 removed
- libmount1-2.37.2-150400.8.3.1 removed
- libncurses6-6.1-150000.5.12.1 removed
- libnghttp2-14-1.40.0-6.1 removed
- libnsl2-1.2.0-2.44 removed
- libopenssl1_1-1.1.1l-150400.7.7.1 removed
- libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed
- libp11-kit0-0.23.22-150400.1.10 removed
- libpcre1-8.45-150000.20.13.1 removed
- libpopt0-1.16-3.22 removed
- libpsl5-0.20.1-150000.3.3.1 removed
- libreadline7-7.0-150400.25.22 removed
- libsasl2-3-2.1.27-150300.4.6.1 removed
- libselinux1-3.1-150400.1.69 removed
- libsemanage1-3.1-150400.1.65 removed
- libsepol1-3.1-150400.1.70 removed
- libsmartcols1-2.37.2-150400.8.3.1 removed
- libsqlite3-0-3.39.3-150000.3.17.1 removed
- libssh-config-0.9.6-150400.1.5 removed
- libssh4-0.9.6-150400.1.5 removed
- libstdc++6-11.3.0+git1637-150000.1.11.2 removed
- libsystemd0-249.12-150400.8.10.1 removed
- libtasn1-4.13-4.5.1 removed
- libtasn1-6-4.13-4.5.1 removed
- libtirpc-netconfig-1.2.6-150300.3.14.1 removed
- libtirpc3-1.2.6-150300.3.14.1 removed
- libudev1-249.12-150400.8.10.1 removed
- libunistring2-0.9.10-1.1 removed
- libutempter0-1.1.6-3.42 removed
- libuuid1-2.37.2-150400.8.3.1 removed
- libverto1-0.2.6-3.20 removed
- libxml2-2-2.9.14-150400.5.7.1 removed
- libz1-1.2.11-150000.3.33.1 removed
- libzio1-1.06-2.20 removed
- libzstd1-1.5.0-150400.1.71 removed
- login_defs-4.8.1-150400.8.57 removed
- ncurses-utils-6.1-150000.5.12.1 removed
- openssl-1_1-1.1.1l-150400.7.7.1 removed
- p11-kit-0.23.22-150400.1.10 removed
- p11-kit-tools-0.23.22-150400.1.10 removed
- pam-1.3.0-150000.6.58.3 removed
- patterns-base-fips-20200124-150400.18.4 removed
- perl-base-5.26.1-150300.17.11.1 removed
- permissions-20201225-150400.5.11.1 removed
- rpm-config-SUSE-1-150400.14.3.1 removed
- rpm-ndb-4.14.3-150300.49.1 removed
- sed-4.4-11.6 removed
- shadow-4.8.1-150400.8.57 removed
- sles-release-15.4-150400.55.1 removed
- system-group-hardware-20170617-150400.22.33 removed
- system-user-root-20190513-3.3.1 removed
- sysuser-shadow-3.1-150400.1.35 removed
- terminfo-base-6.1-150000.5.12.1 removed
- timezone-2022a-150000.75.10.1 removed
- util-linux-2.37.2-150400.8.3.1 removed
More information about the sle-security-updates
mailing list