Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in SUSE Enterprise Storage
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in SUSE Enterprise Storage
ID: SUSE-SU-2021:0048-1
Distribution: SUSE
Plattformen: SUSE Enterprise Storage 6
Datum: Fr, 8. Januar 2021, 21:27
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11427
Applikationen: SUSE Enterprise Storage

Originalnachricht


SUSE Security Update: Security update for python-defusedxml,
python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec
______________________________________________________________________________

Announcement ID: SUSE-SU-2021:0048-1
Rating: moderate
References: #1019074 #1041090 #1177200
Cross-References: CVE-2017-11427
Affected Products:
SUSE Enterprise Storage 6
______________________________________________________________________________

An update that solves one vulnerability and has two fixes
is now available.

Description:

This update for python-defusedxml, python-freezegun, python-pkgconfig,
python-python3-saml, python-xmlsec fixes the following issues:


- Update to 0.6.0
- Increase test coverage.
- Add badges to README.
- Test on Python 3.7 stable and 3.8-dev
- Drop support for Python 3.4
- No longer pass *html* argument to XMLParse. It has been deprecated and
ignored for a long time. The DefusedXMLParser still takes a html
argument. A deprecation warning is issued when the argument is False
and a TypeError when it's True.
- defusedxml now fails early when pyexpat stdlib module is not available
or broken.
- defusedxml.ElementTree.__all__ now lists ParseError as public
attribute.
- The defusedxml.ElementTree and defusedxml.cElementTree modules had a
typo and used XMLParse instead of XMLParser as an alias for
DefusedXMLParser. Both the old and fixed name are now available.

- Remove superfluous devel dependency for noarch package

- Update to 5.0
* Add compatibility with Python 3.6
* Drop support for Python 2.6, 3.1, 3.2, 3.3
* Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)
- Implement single-spec version.

- Dummy changelog for bsc#1019074, FATE#322329

- Add dependency on the full python (which is not pulled by setuptools
anymore). Use %{pythons} macro now. (bsc#1177200)

- Upgrade to 0.3.12:
* Refactor classes to functions
* Ignore Selenium
* Move to pytest
* Conditionally patch time.clock (removed in 3.8)
* Patch time.time_ns added in Python 3.7

- Do not require python2 module for building python3 module

- Update to 0.3.11:
* Performance improvements
* Fix nesting time.time
* Add nanosecond property

- Remove superfluous devel dependency for noarch package

- Add remove_dependency_on_mock.patch which removes dependency on
python-mock for Python 3, where it is not required.

- update to 0.3.10
* Performance improvements
* Coroutine support

- update to version 0.3.9
* If no time to be frozen, use current time
* Fix uuid1 issues
* Add support for python 3.6

update to version 0.3.8
* Improved unpatching when importing modules after freeze_time start()
* Add manual increment via tick method
* Fix bug with time.localtime not being reset. Closes #112.
* Fix test to work when current timezone is GMT-14 or GMT+14.
* Fixed #162 - allow decorating old-style classes.
* Add support to PyMySQL
* Assume the default time to freeze is "now".
* Register fake types in PyMySQL conversions
* Ignore threading and Queue modules. Closes #129.
* Lock down coverage version since new coverage doesnt support py3.2
* Fix or py3 astimezone and not passing tz. Closes #138.
* Add note about deafult arguments. Closes #140.
* Add license info. Closes #120.

- Update to 0.3.5
* No upstream changelog
- Remove unneeded freeze_hideDeps.patch

- Use download Url as source
- Use tarball provided by pypi

- update to 1.5.1
* Use poetry instead of setuptools directly
* Fix #42: raise exception if package is missing
* Fix version parsing for openssl-like version numbers, fixes #32
* Add boolean static keyword to output private libraries as well
* Raise original OSError as well

- Add missing test dependency pkgconfig


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Enterprise Storage 6:

zypper in -t patch SUSE-Storage-6-2021-48=1



Package List:

- SUSE Enterprise Storage 6 (aarch64 x86_64):

python3-xmlsec-1.3.6-1.5.1
python3-xmlsec-debuginfo-1.3.6-1.5.1

- SUSE Enterprise Storage 6 (noarch):

python3-defusedxml-0.6.0-1.5.1
python3-freezegun-0.3.12-1.5.1
python3-isodate-0.6.0-1.3.2
python3-pkgconfig-1.5.1-1.5.1
python3-python3-saml-1.9.0-1.5.2


References:

https://www.suse.com/security/cve/CVE-2017-11427.html
https://bugzilla.suse.com/1019074
https://bugzilla.suse.com/1041090
https://bugzilla.suse.com/1177200
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung