<div class="container">
    <h1>Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, pyt</h1>

    <table class="table table-striped table-bordered">
        <tbody>
        <tr>
            <th>Announcement ID:</th>
            <td>SUSE-SU-2023:2783-2</td>
        </tr>
        
        <tr>
            <th>Rating:</th>
            <td>important</td>
        </tr>
        <tr>
            <th>References:</th>
            <td>
                <ul>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1099269">#1099269</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1133277">#1133277</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1144068">#1144068</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1162343">#1162343</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1177127">#1177127</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1178168">#1178168</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1182066">#1182066</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1184753">#1184753</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1194530">#1194530</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1197726">#1197726</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1198331">#1198331</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1199282">#1199282</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1203681">#1203681</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1204256">#1204256</a>
                        </li>
                    
                    
                        <li style="display: inline;">
                            <a href="https://jira.suse.com/browse/PM-3243">PM-3243</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://jira.suse.com/browse/SLE-24629">SLE-24629</a>
                        </li>
                    
                </ul>
            </td>
        </tr>
        
            <tr>
                <th>
                    Cross-References:
                </th>
                <td>
                    <ul>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2018-1000518.html">CVE-2018-1000518</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2020-25659.html">CVE-2020-25659</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2020-36242.html">CVE-2020-36242</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2021-22569.html">CVE-2021-22569</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2021-22570.html">CVE-2021-22570</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2022-1941.html">CVE-2022-1941</a>
                        </li>
                    
                        <li style="display: inline;">
                            <a href="https://www.suse.com/security/cve/CVE-2022-3171.html">CVE-2022-3171</a>
                        </li>
                    
                    </ul>
                </td>
            </tr>
            <tr>
                <th>CVSS scores:</th>
                <td>
                    <ul class="list-group">
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2018-1000518</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2018-1000518</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.5</span>
                                <span class="cvss-vector">CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2020-25659</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.9</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2020-25659</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.9</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2020-36242</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2020-36242</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">9.1</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2021-22569</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2021-22569</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2021-22570</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">5.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2021-22570</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">6.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2022-1941</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">6.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2022-1941</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">6.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2022-1941</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2022-1941</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2022-3171</span>
                                <span class="cvss-source">
                                    (
                                    
                                        SUSE
                                    
                                    ):
                                </span>
                                <span class="cvss-score">7.5</span>
                                <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
                            </li>
                        
                            <li class="list-group-item">
                                <span class="cvss-reference">CVE-2022-3171</span>
                                <span class="cvss-source">
                                    (
                                    
                                        NVD
                                    
                                    ):
                                </span>
                                <span class="cvss-score">4.3</span>
                                <span class="cvss-vector">CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
                            </li>
                        
                    </ul>
                </td>
            </tr>
        
        <tr>
            <th>Affected Products:</th>
            <td>
                <ul class="list-group">
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP1</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1</li>
                    
                </ul>
            </td>
        </tr>
        </tbody>
    </table>

    <p>An update that solves seven vulnerabilities, contains two features and has seven security fixes can now be installed.</p>

    


    
        <h2>Description:</h2>
    
    <p>This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues:</p>
<p>grpc:
- Update in SLE-15 (bsc#1197726, bsc#1144068)</p>
<p>protobuf:
- Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681
- Fix a potential DoS issue when parsing with binary data in  protobuf-java, CVE-2022-3171, bsc#1204256
- Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530
- Add missing dependency of python subpackages on python-six (bsc#1177127)
- Updated to version 3.9.2 (bsc#1162343)
  * Remove OSReadLittle* due to alignment requirements.
  * Don&#x27;t use unions and instead use memcpy for the type swaps.
- Disable LTO (bsc#1133277)</p>
<p>python-aiocontextvars:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-avro:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-cryptography:<br />
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331)
  * SECURITY ISSUE: Fixed a bug where certain sequences of update()
    calls when symmetrically encrypting very large payloads (>2GB) could
    result in an integer overflow, leading to buffer overflows.
  CVE-2020-36242</p>
<p>python-cryptography-vectors:
- update to 3.2 (bsc#1178168, CVE-2020-25659):
  * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
    to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
    by our API, we cannot completely mitigate this vulnerability.
  * Support for OpenSSL 1.0.2 has been removed.
  * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
- update to 3.3.2 (bsc#1198331)</p>
<p>python-Deprecated:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 1.2.13:</p>
<p>python-google-api-core:
- Update to 1.14.2</p>
<p>python-googleapis-common-protos:
- Update to 1.6.0</p>
<p>python-grpcio-gcp:
- Initial spec for v0.2.2</p>
<p>python-humanfriendly:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to 10.0</p>
<p>python-jsondiff:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.0</p>
<p>python-knack:<br />
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 0.9.0</p>
<p>python-opencensus:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Disable Python2 build
- Update to 0.8.0</p>
<p>python-opencensus-context:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-opencensus-ext-threading:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial build version 0.1.2</p>
<p>python-opentelemetry-api:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Version update to 1.5.0</p>
<p>python-psutil:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 5.9.1
- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753)
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-PyGithub:
- Update to 1.43.5:</p>
<p>python-pytest-asyncio:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial release of python-pytest-asyncio 0.8.0 </p>
<p>python-requests:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-websocket-client:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.2</p>
<p>python-websockets:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 9.1:</p>



    

    <h2>Patch Instructions:</h2>
    <p>
        To install this SUSE  update use the SUSE recommended
        installation methods like YaST online_update or "zypper patch".<br/>

        Alternatively you can run the command listed for your product:
    </p>
    <ul class="list-group">
        
            <li class="list-group-item">
                SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2783=1</code>
                    
                    
                
            </li>
        
    </ul>

    <h2>Package List:</h2>
    <ul>
        
            
                <li>
                    SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64)
                    <ul>
                        
                            <li>python-cryptography-debugsource-3.3.2-150100.7.15.3</li>
                        
                            <li>python3-cryptography-debuginfo-3.3.2-150100.7.15.3</li>
                        
                            <li>python3-psutil-debuginfo-5.9.1-150100.6.6.3</li>
                        
                            <li>libprotobuf-lite20-3.9.2-150100.8.3.3</li>
                        
                            <li>python2-psutil-debuginfo-5.9.1-150100.6.6.3</li>
                        
                            <li>python-psutil-debuginfo-5.9.1-150100.6.6.3</li>
                        
                            <li>python2-cryptography-3.3.2-150100.7.15.3</li>
                        
                            <li>python2-psutil-5.9.1-150100.6.6.3</li>
                        
                            <li>python3-psutil-5.9.1-150100.6.6.3</li>
                        
                            <li>python-psutil-debugsource-5.9.1-150100.6.6.3</li>
                        
                            <li>python-cryptography-debuginfo-3.3.2-150100.7.15.3</li>
                        
                            <li>python2-cryptography-debuginfo-3.3.2-150100.7.15.3</li>
                        
                            <li>python3-cryptography-3.3.2-150100.7.15.3</li>
                        
                    </ul>
                </li>
            
                <li>
                    SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
                    <ul>
                        
                            <li>python3-websocket-client-1.3.2-150100.6.7.3</li>
                        
                            <li>python2-requests-2.25.1-150100.6.13.3</li>
                        
                            <li>python3-requests-2.25.1-150100.6.13.3</li>
                        
                    </ul>
                </li>
            
        
    </ul>

    
        <h2>References:</h2>
        <ul>
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2018-1000518.html">https://www.suse.com/security/cve/CVE-2018-1000518.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2020-25659.html">https://www.suse.com/security/cve/CVE-2020-25659.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2020-36242.html">https://www.suse.com/security/cve/CVE-2020-36242.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2021-22569.html">https://www.suse.com/security/cve/CVE-2021-22569.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2021-22570.html">https://www.suse.com/security/cve/CVE-2021-22570.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2022-1941.html">https://www.suse.com/security/cve/CVE-2022-1941.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://www.suse.com/security/cve/CVE-2022-3171.html">https://www.suse.com/security/cve/CVE-2022-3171.html</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1099269">https://bugzilla.suse.com/show_bug.cgi?id=1099269</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1133277">https://bugzilla.suse.com/show_bug.cgi?id=1133277</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1144068">https://bugzilla.suse.com/show_bug.cgi?id=1144068</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1162343">https://bugzilla.suse.com/show_bug.cgi?id=1162343</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1177127">https://bugzilla.suse.com/show_bug.cgi?id=1177127</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1178168">https://bugzilla.suse.com/show_bug.cgi?id=1178168</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1182066">https://bugzilla.suse.com/show_bug.cgi?id=1182066</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1184753">https://bugzilla.suse.com/show_bug.cgi?id=1184753</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1194530">https://bugzilla.suse.com/show_bug.cgi?id=1194530</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1197726">https://bugzilla.suse.com/show_bug.cgi?id=1197726</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1198331">https://bugzilla.suse.com/show_bug.cgi?id=1198331</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1199282">https://bugzilla.suse.com/show_bug.cgi?id=1199282</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1203681">https://bugzilla.suse.com/show_bug.cgi?id=1203681</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1204256">https://bugzilla.suse.com/show_bug.cgi?id=1204256</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://jira.suse.com/browse/PM-3243">https://jira.suse.com/browse/PM-3243</a>
                    </li>
                
            
                
                    <li>
                        <a href="https://jira.suse.com/browse/SLE-24629">https://jira.suse.com/browse/SLE-24629</a>
                    </li>
                
            
        </ul>
    
</div>