<div class="container">
<h1>Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, pyt</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:2783-2</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1099269">#1099269</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1133277">#1133277</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1144068">#1144068</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1162343">#1162343</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1177127">#1177127</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1178168">#1178168</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1182066">#1182066</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1184753">#1184753</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1194530">#1194530</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1197726">#1197726</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1198331">#1198331</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1199282">#1199282</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203681">#1203681</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204256">#1204256</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PM-3243">PM-3243</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/SLE-24629">SLE-24629</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2018-1000518.html">CVE-2018-1000518</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2020-25659.html">CVE-2020-25659</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2020-36242.html">CVE-2020-36242</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2021-22569.html">CVE-2021-22569</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2021-22570.html">CVE-2021-22570</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-1941.html">CVE-2022-1941</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-3171.html">CVE-2022-3171</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2018-1000518</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2018-1000518</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2020-25659</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2020-25659</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2020-36242</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2020-36242</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">9.1</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2021-22569</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2021-22569</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2021-22570</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.5</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2021-22570</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-1941</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-1941</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-1941</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-1941</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-3171</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-3171</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.3</span>
<span class="cvss-vector">CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP1</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves seven vulnerabilities, contains two features and has seven security fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues:</p>
<p>grpc:
- Update in SLE-15 (bsc#1197726, bsc#1144068)</p>
<p>protobuf:
- Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681
- Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256
- Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530
- Add missing dependency of python subpackages on python-six (bsc#1177127)
- Updated to version 3.9.2 (bsc#1162343)
* Remove OSReadLittle* due to alignment requirements.
* Don't use unions and instead use memcpy for the type swaps.
- Disable LTO (bsc#1133277)</p>
<p>python-aiocontextvars:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-avro:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-cryptography:<br />
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331)
* SECURITY ISSUE: Fixed a bug where certain sequences of update()
calls when symmetrically encrypting very large payloads (>2GB) could
result in an integer overflow, leading to buffer overflows.
CVE-2020-36242</p>
<p>python-cryptography-vectors:
- update to 3.2 (bsc#1178168, CVE-2020-25659):
* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
by our API, we cannot completely mitigate this vulnerability.
* Support for OpenSSL 1.0.2 has been removed.
* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
- update to 3.3.2 (bsc#1198331)</p>
<p>python-Deprecated:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 1.2.13:</p>
<p>python-google-api-core:
- Update to 1.14.2</p>
<p>python-googleapis-common-protos:
- Update to 1.6.0</p>
<p>python-grpcio-gcp:
- Initial spec for v0.2.2</p>
<p>python-humanfriendly:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to 10.0</p>
<p>python-jsondiff:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.0</p>
<p>python-knack:<br />
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 0.9.0</p>
<p>python-opencensus:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Disable Python2 build
- Update to 0.8.0</p>
<p>python-opencensus-context:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-opencensus-ext-threading:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial build version 0.1.2</p>
<p>python-opentelemetry-api:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Version update to 1.5.0</p>
<p>python-psutil:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 5.9.1
- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753)
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-PyGithub:
- Update to 1.43.5:</p>
<p>python-pytest-asyncio:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial release of python-pytest-asyncio 0.8.0 </p>
<p>python-requests:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-websocket-client:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.2</p>
<p>python-websockets:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 9.1:</p>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2783=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64)
<ul>
<li>python-cryptography-debugsource-3.3.2-150100.7.15.3</li>
<li>python3-cryptography-debuginfo-3.3.2-150100.7.15.3</li>
<li>python3-psutil-debuginfo-5.9.1-150100.6.6.3</li>
<li>libprotobuf-lite20-3.9.2-150100.8.3.3</li>
<li>python2-psutil-debuginfo-5.9.1-150100.6.6.3</li>
<li>python-psutil-debuginfo-5.9.1-150100.6.6.3</li>
<li>python2-cryptography-3.3.2-150100.7.15.3</li>
<li>python2-psutil-5.9.1-150100.6.6.3</li>
<li>python3-psutil-5.9.1-150100.6.6.3</li>
<li>python-psutil-debugsource-5.9.1-150100.6.6.3</li>
<li>python-cryptography-debuginfo-3.3.2-150100.7.15.3</li>
<li>python2-cryptography-debuginfo-3.3.2-150100.7.15.3</li>
<li>python3-cryptography-3.3.2-150100.7.15.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
<ul>
<li>python3-websocket-client-1.3.2-150100.6.7.3</li>
<li>python2-requests-2.25.1-150100.6.13.3</li>
<li>python3-requests-2.25.1-150100.6.13.3</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2018-1000518.html">https://www.suse.com/security/cve/CVE-2018-1000518.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2020-25659.html">https://www.suse.com/security/cve/CVE-2020-25659.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2020-36242.html">https://www.suse.com/security/cve/CVE-2020-36242.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2021-22569.html">https://www.suse.com/security/cve/CVE-2021-22569.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2021-22570.html">https://www.suse.com/security/cve/CVE-2021-22570.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-1941.html">https://www.suse.com/security/cve/CVE-2022-1941.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-3171.html">https://www.suse.com/security/cve/CVE-2022-3171.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1099269">https://bugzilla.suse.com/show_bug.cgi?id=1099269</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1133277">https://bugzilla.suse.com/show_bug.cgi?id=1133277</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1144068">https://bugzilla.suse.com/show_bug.cgi?id=1144068</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1162343">https://bugzilla.suse.com/show_bug.cgi?id=1162343</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1177127">https://bugzilla.suse.com/show_bug.cgi?id=1177127</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1178168">https://bugzilla.suse.com/show_bug.cgi?id=1178168</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1182066">https://bugzilla.suse.com/show_bug.cgi?id=1182066</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1184753">https://bugzilla.suse.com/show_bug.cgi?id=1184753</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1194530">https://bugzilla.suse.com/show_bug.cgi?id=1194530</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1197726">https://bugzilla.suse.com/show_bug.cgi?id=1197726</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1198331">https://bugzilla.suse.com/show_bug.cgi?id=1198331</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1199282">https://bugzilla.suse.com/show_bug.cgi?id=1199282</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203681">https://bugzilla.suse.com/show_bug.cgi?id=1203681</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204256">https://bugzilla.suse.com/show_bug.cgi?id=1204256</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PM-3243">https://jira.suse.com/browse/PM-3243</a>
</li>
<li>
<a href="https://jira.suse.com/browse/SLE-24629">https://jira.suse.com/browse/SLE-24629</a>
</li>
</ul>
</div>