suse-su-2020:0302-1
Vulnerability from csaf_suse
Published
2020-02-03 13:35
Modified
2020-02-03 13:35
Summary
Security update for python36
Notes
Title of the patch
Security update for python36
Description of the patch
This update for python36 to version 3.6.10 fixes the following issues:
- CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).
- CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs (bsc#1149955).
- CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).
Patchnames
SUSE-2020-302,SUSE-SLE-SERVER-12-SP5-2020-302
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python36",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python36 to version 3.6.10 fixes the following issues:\n\n- CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).\n- CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs (bsc#1149955).\n- CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-302,SUSE-SLE-SERVER-12-SP5-2020-302",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_0302-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:0302-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200302-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:0302-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-February/006445.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027282",
"url": "https://bugzilla.suse.com/1027282"
},
{
"category": "self",
"summary": "SUSE Bug 1029377",
"url": "https://bugzilla.suse.com/1029377"
},
{
"category": "self",
"summary": "SUSE Bug 1081750",
"url": "https://bugzilla.suse.com/1081750"
},
{
"category": "self",
"summary": "SUSE Bug 1083507",
"url": "https://bugzilla.suse.com/1083507"
},
{
"category": "self",
"summary": "SUSE Bug 1086001",
"url": "https://bugzilla.suse.com/1086001"
},
{
"category": "self",
"summary": "SUSE Bug 1088009",
"url": "https://bugzilla.suse.com/1088009"
},
{
"category": "self",
"summary": "SUSE Bug 1094814",
"url": "https://bugzilla.suse.com/1094814"
},
{
"category": "self",
"summary": "SUSE Bug 1109663",
"url": "https://bugzilla.suse.com/1109663"
},
{
"category": "self",
"summary": "SUSE Bug 1137942",
"url": "https://bugzilla.suse.com/1137942"
},
{
"category": "self",
"summary": "SUSE Bug 1138459",
"url": "https://bugzilla.suse.com/1138459"
},
{
"category": "self",
"summary": "SUSE Bug 1141853",
"url": "https://bugzilla.suse.com/1141853"
},
{
"category": "self",
"summary": "SUSE Bug 1149121",
"url": "https://bugzilla.suse.com/1149121"
},
{
"category": "self",
"summary": "SUSE Bug 1149429",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "self",
"summary": "SUSE Bug 1149792",
"url": "https://bugzilla.suse.com/1149792"
},
{
"category": "self",
"summary": "SUSE Bug 1149955",
"url": "https://bugzilla.suse.com/1149955"
},
{
"category": "self",
"summary": "SUSE Bug 1151490",
"url": "https://bugzilla.suse.com/1151490"
},
{
"category": "self",
"summary": "SUSE Bug 1159035",
"url": "https://bugzilla.suse.com/1159035"
},
{
"category": "self",
"summary": "SUSE Bug 1159622",
"url": "https://bugzilla.suse.com/1159622"
},
{
"category": "self",
"summary": "SUSE Bug 709442",
"url": "https://bugzilla.suse.com/709442"
},
{
"category": "self",
"summary": "SUSE Bug 951166",
"url": "https://bugzilla.suse.com/951166"
},
{
"category": "self",
"summary": "SUSE Bug 983582",
"url": "https://bugzilla.suse.com/983582"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18207 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000802 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000802/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1060 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20852 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10160 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16056 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5010 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9636 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9947 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9947/"
}
],
"title": "Security update for python36",
"tracking": {
"current_release_date": "2020-02-03T13:35:40Z",
"generator": {
"date": "2020-02-03T13:35:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:0302-1",
"initial_release_date": "2020-02-03T13:35:40Z",
"revision_history": [
{
"date": "2020-02-03T13:35:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"product": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"product_id": "libpython3_6m1_0-3.6.10-4.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "python36-3.6.10-4.3.5.aarch64",
"product": {
"name": "python36-3.6.10-4.3.5.aarch64",
"product_id": "python36-3.6.10-4.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.10-4.3.5.aarch64",
"product": {
"name": "python36-base-3.6.10-4.3.5.aarch64",
"product_id": "python36-base-3.6.10-4.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.10-4.3.5.aarch64",
"product": {
"name": "python36-curses-3.6.10-4.3.5.aarch64",
"product_id": "python36-curses-3.6.10-4.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.10-4.3.5.aarch64",
"product": {
"name": "python36-dbm-3.6.10-4.3.5.aarch64",
"product_id": "python36-dbm-3.6.10-4.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.10-4.3.5.aarch64",
"product": {
"name": "python36-devel-3.6.10-4.3.5.aarch64",
"product_id": "python36-devel-3.6.10-4.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.10-4.3.5.aarch64",
"product": {
"name": "python36-idle-3.6.10-4.3.5.aarch64",
"product_id": "python36-idle-3.6.10-4.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.10-4.3.5.aarch64",
"product": {
"name": "python36-testsuite-3.6.10-4.3.5.aarch64",
"product_id": "python36-testsuite-3.6.10-4.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.10-4.3.5.aarch64",
"product": {
"name": "python36-tk-3.6.10-4.3.5.aarch64",
"product_id": "python36-tk-3.6.10-4.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.10-4.3.5.aarch64",
"product": {
"name": "python36-tools-3.6.10-4.3.5.aarch64",
"product_id": "python36-tools-3.6.10-4.3.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-64bit-3.6.10-4.3.5.aarch64_ilp32",
"product": {
"name": "libpython3_6m1_0-64bit-3.6.10-4.3.5.aarch64_ilp32",
"product_id": "libpython3_6m1_0-64bit-3.6.10-4.3.5.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python36-64bit-3.6.10-4.3.5.aarch64_ilp32",
"product": {
"name": "python36-64bit-3.6.10-4.3.5.aarch64_ilp32",
"product_id": "python36-64bit-3.6.10-4.3.5.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "python36-base-64bit-3.6.10-4.3.5.aarch64_ilp32",
"product": {
"name": "python36-base-64bit-3.6.10-4.3.5.aarch64_ilp32",
"product_id": "python36-base-64bit-3.6.10-4.3.5.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.10-4.3.5.i586",
"product": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.i586",
"product_id": "libpython3_6m1_0-3.6.10-4.3.5.i586"
}
},
{
"category": "product_version",
"name": "python36-3.6.10-4.3.5.i586",
"product": {
"name": "python36-3.6.10-4.3.5.i586",
"product_id": "python36-3.6.10-4.3.5.i586"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.10-4.3.5.i586",
"product": {
"name": "python36-base-3.6.10-4.3.5.i586",
"product_id": "python36-base-3.6.10-4.3.5.i586"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.10-4.3.5.i586",
"product": {
"name": "python36-curses-3.6.10-4.3.5.i586",
"product_id": "python36-curses-3.6.10-4.3.5.i586"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.10-4.3.5.i586",
"product": {
"name": "python36-dbm-3.6.10-4.3.5.i586",
"product_id": "python36-dbm-3.6.10-4.3.5.i586"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.10-4.3.5.i586",
"product": {
"name": "python36-devel-3.6.10-4.3.5.i586",
"product_id": "python36-devel-3.6.10-4.3.5.i586"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.10-4.3.5.i586",
"product": {
"name": "python36-idle-3.6.10-4.3.5.i586",
"product_id": "python36-idle-3.6.10-4.3.5.i586"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.10-4.3.5.i586",
"product": {
"name": "python36-testsuite-3.6.10-4.3.5.i586",
"product_id": "python36-testsuite-3.6.10-4.3.5.i586"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.10-4.3.5.i586",
"product": {
"name": "python36-tk-3.6.10-4.3.5.i586",
"product_id": "python36-tk-3.6.10-4.3.5.i586"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.10-4.3.5.i586",
"product": {
"name": "python36-tools-3.6.10-4.3.5.i586",
"product_id": "python36-tools-3.6.10-4.3.5.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-doc-3.6.10-4.3.5.noarch",
"product": {
"name": "python36-doc-3.6.10-4.3.5.noarch",
"product_id": "python36-doc-3.6.10-4.3.5.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"product": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"product_id": "libpython3_6m1_0-3.6.10-4.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-3.6.10-4.3.5.ppc64le",
"product": {
"name": "python36-3.6.10-4.3.5.ppc64le",
"product_id": "python36-3.6.10-4.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.10-4.3.5.ppc64le",
"product": {
"name": "python36-base-3.6.10-4.3.5.ppc64le",
"product_id": "python36-base-3.6.10-4.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.10-4.3.5.ppc64le",
"product": {
"name": "python36-curses-3.6.10-4.3.5.ppc64le",
"product_id": "python36-curses-3.6.10-4.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.10-4.3.5.ppc64le",
"product": {
"name": "python36-dbm-3.6.10-4.3.5.ppc64le",
"product_id": "python36-dbm-3.6.10-4.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.10-4.3.5.ppc64le",
"product": {
"name": "python36-devel-3.6.10-4.3.5.ppc64le",
"product_id": "python36-devel-3.6.10-4.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.10-4.3.5.ppc64le",
"product": {
"name": "python36-idle-3.6.10-4.3.5.ppc64le",
"product_id": "python36-idle-3.6.10-4.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.10-4.3.5.ppc64le",
"product": {
"name": "python36-testsuite-3.6.10-4.3.5.ppc64le",
"product_id": "python36-testsuite-3.6.10-4.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.10-4.3.5.ppc64le",
"product": {
"name": "python36-tk-3.6.10-4.3.5.ppc64le",
"product_id": "python36-tk-3.6.10-4.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.10-4.3.5.ppc64le",
"product": {
"name": "python36-tools-3.6.10-4.3.5.ppc64le",
"product_id": "python36-tools-3.6.10-4.3.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.10-4.3.5.s390",
"product": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.s390",
"product_id": "libpython3_6m1_0-3.6.10-4.3.5.s390"
}
},
{
"category": "product_version",
"name": "python36-3.6.10-4.3.5.s390",
"product": {
"name": "python36-3.6.10-4.3.5.s390",
"product_id": "python36-3.6.10-4.3.5.s390"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.10-4.3.5.s390",
"product": {
"name": "python36-base-3.6.10-4.3.5.s390",
"product_id": "python36-base-3.6.10-4.3.5.s390"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.10-4.3.5.s390",
"product": {
"name": "python36-curses-3.6.10-4.3.5.s390",
"product_id": "python36-curses-3.6.10-4.3.5.s390"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.10-4.3.5.s390",
"product": {
"name": "python36-dbm-3.6.10-4.3.5.s390",
"product_id": "python36-dbm-3.6.10-4.3.5.s390"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.10-4.3.5.s390",
"product": {
"name": "python36-devel-3.6.10-4.3.5.s390",
"product_id": "python36-devel-3.6.10-4.3.5.s390"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.10-4.3.5.s390",
"product": {
"name": "python36-idle-3.6.10-4.3.5.s390",
"product_id": "python36-idle-3.6.10-4.3.5.s390"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.10-4.3.5.s390",
"product": {
"name": "python36-testsuite-3.6.10-4.3.5.s390",
"product_id": "python36-testsuite-3.6.10-4.3.5.s390"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.10-4.3.5.s390",
"product": {
"name": "python36-tk-3.6.10-4.3.5.s390",
"product_id": "python36-tk-3.6.10-4.3.5.s390"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.10-4.3.5.s390",
"product": {
"name": "python36-tools-3.6.10-4.3.5.s390",
"product_id": "python36-tools-3.6.10-4.3.5.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.10-4.3.5.s390x",
"product": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.s390x",
"product_id": "libpython3_6m1_0-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "libpython3_6m1_0-32bit-3.6.10-4.3.5.s390x",
"product": {
"name": "libpython3_6m1_0-32bit-3.6.10-4.3.5.s390x",
"product_id": "libpython3_6m1_0-32bit-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "python36-3.6.10-4.3.5.s390x",
"product": {
"name": "python36-3.6.10-4.3.5.s390x",
"product_id": "python36-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "python36-32bit-3.6.10-4.3.5.s390x",
"product": {
"name": "python36-32bit-3.6.10-4.3.5.s390x",
"product_id": "python36-32bit-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.10-4.3.5.s390x",
"product": {
"name": "python36-base-3.6.10-4.3.5.s390x",
"product_id": "python36-base-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "python36-base-32bit-3.6.10-4.3.5.s390x",
"product": {
"name": "python36-base-32bit-3.6.10-4.3.5.s390x",
"product_id": "python36-base-32bit-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.10-4.3.5.s390x",
"product": {
"name": "python36-curses-3.6.10-4.3.5.s390x",
"product_id": "python36-curses-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.10-4.3.5.s390x",
"product": {
"name": "python36-dbm-3.6.10-4.3.5.s390x",
"product_id": "python36-dbm-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.10-4.3.5.s390x",
"product": {
"name": "python36-devel-3.6.10-4.3.5.s390x",
"product_id": "python36-devel-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.10-4.3.5.s390x",
"product": {
"name": "python36-idle-3.6.10-4.3.5.s390x",
"product_id": "python36-idle-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.10-4.3.5.s390x",
"product": {
"name": "python36-testsuite-3.6.10-4.3.5.s390x",
"product_id": "python36-testsuite-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.10-4.3.5.s390x",
"product": {
"name": "python36-tk-3.6.10-4.3.5.s390x",
"product_id": "python36-tk-3.6.10-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.10-4.3.5.s390x",
"product": {
"name": "python36-tools-3.6.10-4.3.5.s390x",
"product_id": "python36-tools-3.6.10-4.3.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"product": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"product_id": "libpython3_6m1_0-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "libpython3_6m1_0-32bit-3.6.10-4.3.5.x86_64",
"product": {
"name": "libpython3_6m1_0-32bit-3.6.10-4.3.5.x86_64",
"product_id": "libpython3_6m1_0-32bit-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "python36-3.6.10-4.3.5.x86_64",
"product": {
"name": "python36-3.6.10-4.3.5.x86_64",
"product_id": "python36-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "python36-32bit-3.6.10-4.3.5.x86_64",
"product": {
"name": "python36-32bit-3.6.10-4.3.5.x86_64",
"product_id": "python36-32bit-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "python36-base-3.6.10-4.3.5.x86_64",
"product": {
"name": "python36-base-3.6.10-4.3.5.x86_64",
"product_id": "python36-base-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "python36-base-32bit-3.6.10-4.3.5.x86_64",
"product": {
"name": "python36-base-32bit-3.6.10-4.3.5.x86_64",
"product_id": "python36-base-32bit-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "python36-curses-3.6.10-4.3.5.x86_64",
"product": {
"name": "python36-curses-3.6.10-4.3.5.x86_64",
"product_id": "python36-curses-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "python36-dbm-3.6.10-4.3.5.x86_64",
"product": {
"name": "python36-dbm-3.6.10-4.3.5.x86_64",
"product_id": "python36-dbm-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "python36-devel-3.6.10-4.3.5.x86_64",
"product": {
"name": "python36-devel-3.6.10-4.3.5.x86_64",
"product_id": "python36-devel-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "python36-idle-3.6.10-4.3.5.x86_64",
"product": {
"name": "python36-idle-3.6.10-4.3.5.x86_64",
"product_id": "python36-idle-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "python36-testsuite-3.6.10-4.3.5.x86_64",
"product": {
"name": "python36-testsuite-3.6.10-4.3.5.x86_64",
"product_id": "python36-testsuite-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "python36-tk-3.6.10-4.3.5.x86_64",
"product": {
"name": "python36-tk-3.6.10-4.3.5.x86_64",
"product_id": "python36-tk-3.6.10-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "python36-tools-3.6.10-4.3.5.x86_64",
"product": {
"name": "python36-tools-3.6.10-4.3.5.x86_64",
"product_id": "python36-tools-3.6.10-4.3.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64"
},
"product_reference": "libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le"
},
"product_reference": "libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x"
},
"product_reference": "libpython3_6m1_0-3.6.10-4.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64"
},
"product_reference": "libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.10-4.3.5.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64"
},
"product_reference": "python36-3.6.10-4.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.10-4.3.5.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le"
},
"product_reference": "python36-3.6.10-4.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.10-4.3.5.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x"
},
"product_reference": "python36-3.6.10-4.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.10-4.3.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64"
},
"product_reference": "python36-3.6.10-4.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-base-3.6.10-4.3.5.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64"
},
"product_reference": "python36-base-3.6.10-4.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-base-3.6.10-4.3.5.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le"
},
"product_reference": "python36-base-3.6.10-4.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-base-3.6.10-4.3.5.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x"
},
"product_reference": "python36-base-3.6.10-4.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-base-3.6.10-4.3.5.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
},
"product_reference": "python36-base-3.6.10-4.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64"
},
"product_reference": "libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le"
},
"product_reference": "libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x"
},
"product_reference": "libpython3_6m1_0-3.6.10-4.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpython3_6m1_0-3.6.10-4.3.5.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64"
},
"product_reference": "libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.10-4.3.5.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64"
},
"product_reference": "python36-3.6.10-4.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.10-4.3.5.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le"
},
"product_reference": "python36-3.6.10-4.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.10-4.3.5.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x"
},
"product_reference": "python36-3.6.10-4.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-3.6.10-4.3.5.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64"
},
"product_reference": "python36-3.6.10-4.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-base-3.6.10-4.3.5.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64"
},
"product_reference": "python36-base-3.6.10-4.3.5.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-base-3.6.10-4.3.5.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le"
},
"product_reference": "python36-base-3.6.10-4.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-base-3.6.10-4.3.5.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x"
},
"product_reference": "python36-base-3.6.10-4.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-base-3.6.10-4.3.5.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
},
"product_reference": "python36-base-3.6.10-4.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-18207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18207"
}
],
"notes": [
{
"category": "general",
"text": "The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18207",
"url": "https://www.suse.com/security/cve/CVE-2017-18207"
},
{
"category": "external",
"summary": "SUSE Bug 1083507 for CVE-2017-18207",
"url": "https://bugzilla.suse.com/1083507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-03T13:35:40Z",
"details": "moderate"
}
],
"title": "CVE-2017-18207"
},
{
"cve": "CVE-2018-1000802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000802"
}
],
"notes": [
{
"category": "general",
"text": "Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000802",
"url": "https://www.suse.com/security/cve/CVE-2018-1000802"
},
{
"category": "external",
"summary": "SUSE Bug 1109663 for CVE-2018-1000802",
"url": "https://bugzilla.suse.com/1109663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-03T13:35:40Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000802"
},
{
"cve": "CVE-2018-1060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1060"
}
],
"notes": [
{
"category": "general",
"text": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1060",
"url": "https://www.suse.com/security/cve/CVE-2018-1060"
},
{
"category": "external",
"summary": "SUSE Bug 1088009 for CVE-2018-1060",
"url": "https://bugzilla.suse.com/1088009"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-03T13:35:40Z",
"details": "low"
}
],
"title": "CVE-2018-1060"
},
{
"cve": "CVE-2018-20852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20852"
}
],
"notes": [
{
"category": "general",
"text": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20852",
"url": "https://www.suse.com/security/cve/CVE-2018-20852"
},
{
"category": "external",
"summary": "SUSE Bug 1141853 for CVE-2018-20852",
"url": "https://bugzilla.suse.com/1141853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-03T13:35:40Z",
"details": "moderate"
}
],
"title": "CVE-2018-20852"
},
{
"cve": "CVE-2019-10160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10160"
}
],
"notes": [
{
"category": "general",
"text": "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10160",
"url": "https://www.suse.com/security/cve/CVE-2019-10160"
},
{
"category": "external",
"summary": "SUSE Bug 1138459 for CVE-2019-10160",
"url": "https://bugzilla.suse.com/1138459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-03T13:35:40Z",
"details": "important"
}
],
"title": "CVE-2019-10160"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-03T13:35:40Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2019-16056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16056"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16056",
"url": "https://www.suse.com/security/cve/CVE-2019-16056"
},
{
"category": "external",
"summary": "SUSE Bug 1149955 for CVE-2019-16056",
"url": "https://bugzilla.suse.com/1149955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-03T13:35:40Z",
"details": "moderate"
}
],
"title": "CVE-2019-16056"
},
{
"cve": "CVE-2019-5010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5010"
}
],
"notes": [
{
"category": "general",
"text": "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5010",
"url": "https://www.suse.com/security/cve/CVE-2019-5010"
},
{
"category": "external",
"summary": "SUSE Bug 1122191 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1122191"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2019-5010",
"url": "https://bugzilla.suse.com/1126909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-03T13:35:40Z",
"details": "moderate"
}
],
"title": "CVE-2019-5010"
},
{
"cve": "CVE-2019-9636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9636"
}
],
"notes": [
{
"category": "general",
"text": "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9636",
"url": "https://www.suse.com/security/cve/CVE-2019-9636"
},
{
"category": "external",
"summary": "SUSE Bug 1129346 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1129346"
},
{
"category": "external",
"summary": "SUSE Bug 1135433 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1135433"
},
{
"category": "external",
"summary": "SUSE Bug 1138459 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1138459"
},
{
"category": "external",
"summary": "SUSE Bug 1145004 for CVE-2019-9636",
"url": "https://bugzilla.suse.com/1145004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-03T13:35:40Z",
"details": "moderate"
}
],
"title": "CVE-2019-9636"
},
{
"cve": "CVE-2019-9947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9947"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9947",
"url": "https://www.suse.com/security/cve/CVE-2019-9947"
},
{
"category": "external",
"summary": "SUSE Bug 1130840 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1130840"
},
{
"category": "external",
"summary": "SUSE Bug 1136184 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1136184"
},
{
"category": "external",
"summary": "SUSE Bug 1155094 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1155094"
},
{
"category": "external",
"summary": "SUSE Bug 1201559 for CVE-2019-9947",
"url": "https://bugzilla.suse.com/1201559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server 12 SP5:python36-base-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpython3_6m1_0-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-3.6.10-4.3.5.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-base-3.6.10-4.3.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-03T13:35:40Z",
"details": "moderate"
}
],
"title": "CVE-2019-9947"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…