Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in protobuf, pyt, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-Deprecated, python-google-api-core, python-PyGithub und grpc
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in protobuf, pyt, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-Deprecated, python-google-api-core, python-PyGithub und grpc
ID: SUSE-SU-2023:2783-2
Distribution: SUSE
Plattformen: SUSE Linux Enterprise High Performance Computing 15 SP1, SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
Datum: Mi, 20. September 2023, 13:08
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22570
Applikationen: protobuf, pyt, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography-vectors, python-Deprecated, python-google-api-core, python-PyGithub, PyCA cryptography, gRPC

Originalnachricht

--===============8108065010908179925==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit



# Security update for grpc, protobuf, python-Deprecated, python-PyGithub,
python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-
cryptography-vectors, python-google-api-core, pyt

Announcement ID: SUSE-SU-2023:2783-2
Rating: important
References:

* #1099269
* #1133277
* #1144068
* #1162343
* #1177127
* #1178168
* #1182066
* #1184753
* #1194530
* #1197726
* #1198331
* #1199282
* #1203681
* #1204256
* PM-3243
* SLE-24629


Cross-References:

* CVE-2018-1000518
* CVE-2020-25659
* CVE-2020-36242
* CVE-2021-22569
* CVE-2021-22570
* CVE-2022-1941
* CVE-2022-3171


CVSS scores:

* CVE-2018-1000518 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2018-1000518 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-25659 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-25659 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-36242 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-36242 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2021-22569 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-22569 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-22570 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-22570 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-1941 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-1941 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-1941 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-1941 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-3171 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-3171 ( NVD ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L


Affected Products:

* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1



An update that solves seven vulnerabilities, contains two features and has
seven
security fixes can now be installed.

## Description:

This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-
aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-
cryptography-vectors, python-google-api-core, python-googleapis-common-protos,
python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-
opencensus, python-opencensus-context, python-opencensus-ext-threading, python-
opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests,
python-websocket-client, python-websockets fixes the following issues:

grpc: \- Update in SLE-15 (bsc#1197726, bsc#1144068)

protobuf: \- Fix a potential DoS issue in protobuf-cpp and protobuf-python,
CVE-2022-1941, bsc#1203681 \- Fix a potential DoS issue when parsing with
binary
data in protobuf-java, CVE-2022-3171, bsc#1204256 \- Fix potential Denial of
Service in protobuf-java in the parsing procedure for binary data,
CVE-2021-22569, bsc#1194530 \- Add missing dependency of python subpackages on
python-six (bsc#1177127) \- Updated to version 3.9.2 (bsc#1162343) * Remove
OSReadLittle* due to alignment requirements. * Don't use unions and instead
use
memcpy for the type swaps. \- Disable LTO (bsc#1133277)

python-aiocontextvars:
\- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-avro: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \-
Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-cryptography:
\- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331) * SECURITY ISSUE:
Fixed a bug where certain sequences of update() calls when symmetrically
encrypting very large payloads (>2GB) could result in an integer overflow,
leading to buffer overflows. CVE-2020-36242

python-cryptography-vectors: \- update to 3.2 (bsc#1178168, CVE-2020-25659): *
CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
by
our API, we cannot completely mitigate this vulnerability. * Support for
OpenSSL
1.0.2 has been removed. * Added basic support for PKCS7 signing (including
SMIME) via PKCS7SignatureBuilder. \- update to 3.3.2 (bsc#1198331)

python-Deprecated: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243,
jsc#SLE-24629) \- update to 1.2.13:

python-google-api-core: \- Update to 1.14.2

python-googleapis-common-protos: \- Update to 1.6.0

python-grpcio-gcp: \- Initial spec for v0.2.2

python-humanfriendly: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243,
jsc#SLE-24629) \- Update to 10.0

python-jsondiff: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
\- Update to version 1.3.0

python-knack:
\- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Update to
version 0.9.0

python-opencensus: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243,
jsc#SLE-24629) \- Disable Python2 build \- Update to 0.8.0

python-opencensus-context:
\- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-opencensus-ext-threading:
\- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Initial build
version 0.1.2

python-opentelemetry-api: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243,
jsc#SLE-24629) \- Version update to 1.5.0

python-psutil: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \-
update to 5.9.1 \- remove the dependency on net-tools, since it conflicts with
busybox-hostnmame which is default on MicroOS. (bsc#1184753) \- Include in
SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-PyGithub: \- Update to 1.43.5:

python-pytest-asyncio:
\- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) \- Initial
release of python-pytest-asyncio 0.8.0

python-requests: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

python-websocket-client: \- Update in SLE-15 (bsc#1199282, jsc#PM-3243,
jsc#SLE-24629) \- Update to version 1.3.2

python-websockets: \- Include in SLE-15 (bsc#1199282, jsc#PM-3243,
jsc#SLE-24629) \- update to 9.1:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2783=1

## Package List:

* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
(aarch64
x86_64)
* python-cryptography-debugsource-3.3.2-150100.7.15.3
* python3-cryptography-debuginfo-3.3.2-150100.7.15.3
* python3-psutil-debuginfo-5.9.1-150100.6.6.3
* libprotobuf-lite20-3.9.2-150100.8.3.3
* python2-psutil-debuginfo-5.9.1-150100.6.6.3
* python-psutil-debuginfo-5.9.1-150100.6.6.3
* python2-cryptography-3.3.2-150100.7.15.3
* python2-psutil-5.9.1-150100.6.6.3
* python3-psutil-5.9.1-150100.6.6.3
* python-psutil-debugsource-5.9.1-150100.6.6.3
* python-cryptography-debuginfo-3.3.2-150100.7.15.3
* python2-cryptography-debuginfo-3.3.2-150100.7.15.3
* python3-cryptography-3.3.2-150100.7.15.3
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
(noarch)
* python3-websocket-client-1.3.2-150100.6.7.3
* python2-requests-2.25.1-150100.6.13.3
* python3-requests-2.25.1-150100.6.13.3

## References:

* https://www.suse.com/security/cve/CVE-2018-1000518.html
* https://www.suse.com/security/cve/CVE-2020-25659.html
* https://www.suse.com/security/cve/CVE-2020-36242.html
* https://www.suse.com/security/cve/CVE-2021-22569.html
* https://www.suse.com/security/cve/CVE-2021-22570.html
* https://www.suse.com/security/cve/CVE-2022-1941.html
* https://www.suse.com/security/cve/CVE-2022-3171.html
* https://bugzilla.suse.com/show_bug.cgi?id=1099269
* https://bugzilla.suse.com/show_bug.cgi?id=1133277
* https://bugzilla.suse.com/show_bug.cgi?id=1144068
* https://bugzilla.suse.com/show_bug.cgi?id=1162343
* https://bugzilla.suse.com/show_bug.cgi?id=1177127
* https://bugzilla.suse.com/show_bug.cgi?id=1178168
* https://bugzilla.suse.com/show_bug.cgi?id=1182066
* https://bugzilla.suse.com/show_bug.cgi?id=1184753
* https://bugzilla.suse.com/show_bug.cgi?id=1194530
* https://bugzilla.suse.com/show_bug.cgi?id=1197726
* https://bugzilla.suse.com/show_bug.cgi?id=1198331
* https://bugzilla.suse.com/show_bug.cgi?id=1199282
* https://bugzilla.suse.com/show_bug.cgi?id=1203681
* https://bugzilla.suse.com/show_bug.cgi?id=1204256
* https://jira.suse.com/browse/PM-3243
* https://jira.suse.com/browse/SLE-24629


--===============8108065010908179925==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit




<div class="container">
<h1>Security update for grpc, protobuf, python-Deprecated,
python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, pyt</h1>

<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:2783-2</td>
</tr>

<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1099269">#1099269</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1133277">#1133277</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1144068">#1144068</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1162343">#1162343</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1177127">#1177127</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1178168">#1178168</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1182066">#1182066</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1184753">#1184753</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1194530">#1194530</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1197726">#1197726</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1198331">#1198331</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1199282">#1199282</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203681">#1203681</a>
</li>

<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204256">#1204256</a>
</li>


<li style="display: inline;">
<a href="https://jira.suse.com/browse/PM-3243">PM-3243</a>
</li>

<li style="display: inline;">
<a href="https://jira.suse.com/browse/SLE-24629">SLE-24629</a>
</li>

</ul>
</td>
</tr>

<tr>
<th>
Cross-References:
</th>
<td>
<ul>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2018-1000518.html">CVE-2018-1000518</a>
</li>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2020-25659.html">CVE-2020-25659</a>
</li>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2020-36242.html">CVE-2020-36242</a>
</li>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2021-22569.html">CVE-2021-22569</a>
</li>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2021-22570.html">CVE-2021-22570</a>
</li>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-1941.html">CVE-2022-1941</a>
</li>

<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-3171.html">CVE-2022-3171</a>
</li>

</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">

<li class="list-group-item">
<span
class="cvss-reference">CVE-2018-1000518</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2018-1000518</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2020-25659</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">5.9</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2020-25659</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">5.9</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2020-36242</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2020-36242</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">9.1</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2021-22569</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">5.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2021-22569</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2021-22570</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">5.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2021-22570</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2022-1941</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2022-1941</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2022-1941</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2022-1941</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2022-3171</span>
<span class="cvss-source">
(

SUSE

):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>

<li class="list-group-item">
<span
class="cvss-reference">CVE-2022-3171</span>
<span class="cvss-source">
(

NVD

):
</span>
<span
class="cvss-score">4.3</span>
<span
class="cvss-vector">CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>

</ul>
</td>
</tr>

<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">

<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP1</li>

<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP1 LTSS 15-SP1</li>

</ul>
</td>
</tr>
</tbody>
</table>

<p>An update that solves seven vulnerabilities, contains two features
and has seven security fixes can now be installed.</p>





<h2>Description:</h2>

<p>This update for grpc, protobuf, python-Deprecated,
python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues:</p>
<p>grpc:
- Update in SLE-15 (bsc#1197726, bsc#1144068)</p>
<p>protobuf:
- Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941,
bsc#1203681
- Fix a potential DoS issue when parsing with binary data in protobuf-java,
CVE-2022-3171, bsc#1204256
- Fix potential Denial of Service in protobuf-java in the parsing procedure for
binary data, CVE-2021-22569, bsc#1194530
- Add missing dependency of python subpackages on python-six (bsc#1177127)
- Updated to version 3.9.2 (bsc#1162343)
* Remove OSReadLittle* due to alignment requirements.
* Don&#x27;t use unions and instead use memcpy for the type swaps.
- Disable LTO (bsc#1133277)</p>
<p>python-aiocontextvars:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-avro:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-cryptography:<br />
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331)
* SECURITY ISSUE: Fixed a bug where certain sequences of update()
calls when symmetrically encrypting very large payloads (&gt;2GB) could
result in an integer overflow, leading to buffer overflows.
CVE-2020-36242</p>
<p>python-cryptography-vectors:
- update to 3.2 (bsc#1178168, CVE-2020-25659):
* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant
time,
to protect against Bleichenbacher vulnerabilities. Due to limitations
imposed
by our API, we cannot completely mitigate this vulnerability.
* Support for OpenSSL 1.0.2 has been removed.
* Added basic support for PKCS7 signing (including SMIME) via
PKCS7SignatureBuilder.
- update to 3.3.2 (bsc#1198331)</p>
<p>python-Deprecated:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 1.2.13:</p>
<p>python-google-api-core:
- Update to 1.14.2</p>
<p>python-googleapis-common-protos:
- Update to 1.6.0</p>
<p>python-grpcio-gcp:
- Initial spec for v0.2.2</p>
<p>python-humanfriendly:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to 10.0</p>
<p>python-jsondiff:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.0</p>
<p>python-knack:<br />
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 0.9.0</p>
<p>python-opencensus:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Disable Python2 build
- Update to 0.8.0</p>
<p>python-opencensus-context:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-opencensus-ext-threading:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial build version 0.1.2</p>
<p>python-opentelemetry-api:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Version update to 1.5.0</p>
<p>python-psutil:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 5.9.1
- remove the dependency on net-tools, since it conflicts with busybox-hostnmame
which is default on MicroOS. (bsc#1184753)
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-PyGithub:
- Update to 1.43.5:</p>
<p>python-pytest-asyncio:<br />
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial release of python-pytest-asyncio 0.8.0 </p>
<p>python-requests:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)</p>
<p>python-websocket-client:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.2</p>
<p>python-websockets:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 9.1:</p>





<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper
patch".<br/>

Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">

<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS
15-SP1


<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2783=1</code>



</li>

</ul>

<h2>Package List:</h2>
<ul>


<li>
SUSE Linux Enterprise High Performance Computing 15 SP1
LTSS 15-SP1 (aarch64 x86_64)
<ul>


<li>python-cryptography-debugsource-3.3.2-150100.7.15.3</li>


<li>python3-cryptography-debuginfo-3.3.2-150100.7.15.3</li>


<li>python3-psutil-debuginfo-5.9.1-150100.6.6.3</li>


<li>libprotobuf-lite20-3.9.2-150100.8.3.3</li>


<li>python2-psutil-debuginfo-5.9.1-150100.6.6.3</li>


<li>python-psutil-debuginfo-5.9.1-150100.6.6.3</li>


<li>python2-cryptography-3.3.2-150100.7.15.3</li>


<li>python2-psutil-5.9.1-150100.6.6.3</li>


<li>python3-psutil-5.9.1-150100.6.6.3</li>


<li>python-psutil-debugsource-5.9.1-150100.6.6.3</li>


<li>python-cryptography-debuginfo-3.3.2-150100.7.15.3</li>


<li>python2-cryptography-debuginfo-3.3.2-150100.7.15.3</li>


<li>python3-cryptography-3.3.2-150100.7.15.3</li>

</ul>
</li>

<li>
SUSE Linux Enterprise High Performance Computing 15 SP1
LTSS 15-SP1 (noarch)
<ul>


<li>python3-websocket-client-1.3.2-150100.6.7.3</li>


<li>python2-requests-2.25.1-150100.6.13.3</li>


<li>python3-requests-2.25.1-150100.6.13.3</li>

</ul>
</li>


</ul>


<h2>References:</h2>
<ul>


<li>
<a href="https://www.suse.com/security/cve/CVE-2018-1000518.html">https://www.suse.com/security/cve/CVE-2018-1000518.html</a>
</li>



<li>
<a href="https://www.suse.com/security/cve/CVE-2020-25659.html">https://www.suse.com/security/cve/CVE-2020-25659.html</a>
</li>



<li>
<a href="https://www.suse.com/security/cve/CVE-2020-36242.html">https://www.suse.com/security/cve/CVE-2020-36242.html</a>
</li>



<li>
<a href="https://www.suse.com/security/cve/CVE-2021-22569.html">https://www.suse.com/security/cve/CVE-2021-22569.html</a>
</li>



<li>
<a href="https://www.suse.com/security/cve/CVE-2021-22570.html">https://www.suse.com/security/cve/CVE-2021-22570.html</a>
</li>



<li>
<a href="https://www.suse.com/security/cve/CVE-2022-1941.html">https://www.suse.com/security/cve/CVE-2022-1941.html</a>
</li>



<li>
<a href="https://www.suse.com/security/cve/CVE-2022-3171.html">https://www.suse.com/security/cve/CVE-2022-3171.html</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1099269">https://bugzilla.suse.com/show_bug.cgi?id=1099269</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1133277">https://bugzilla.suse.com/show_bug.cgi?id=1133277</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1144068">https://bugzilla.suse.com/show_bug.cgi?id=1144068</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1162343">https://bugzilla.suse.com/show_bug.cgi?id=1162343</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1177127">https://bugzilla.suse.com/show_bug.cgi?id=1177127</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1178168">https://bugzilla.suse.com/show_bug.cgi?id=1178168</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1182066">https://bugzilla.suse.com/show_bug.cgi?id=1182066</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1184753">https://bugzilla.suse.com/show_bug.cgi?id=1184753</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1194530">https://bugzilla.suse.com/show_bug.cgi?id=1194530</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1197726">https://bugzilla.suse.com/show_bug.cgi?id=1197726</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1198331">https://bugzilla.suse.com/show_bug.cgi?id=1198331</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1199282">https://bugzilla.suse.com/show_bug.cgi?id=1199282</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1203681">https://bugzilla.suse.com/show_bug.cgi?id=1203681</a>
</li>



<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204256">https://bugzilla.suse.com/show_bug.cgi?id=1204256</a>
</li>



<li>
<a href="https://jira.suse.com/browse/PM-3243">https://jira.suse.com/browse/PM-3243</a>
</li>



<li>
<a href="https://jira.suse.com/browse/SLE-24629">https://jira.suse.com/browse/SLE-24629</a>
</li>


</ul>

</div>

--===============8108065010908179925==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung