Security update for python36

SUSE Security Update: Security update for python36
Announcement ID: SUSE-SU-2020:0302-1
Rating: important
References: #1027282 #1029377 #1081750 #1083507 #1086001 #1088009 #1094814 #1109663 #1137942 #1138459 #1141853 #1149121 #1149429 #1149792 #1149955 #1151490 #1159035 #1159622 #709442 #951166 #983582
Cross-References:CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-20852 CVE-2019-10160 CVE-2019-15903 CVE-2019-16056 CVE-2019-5010 CVE-2019-9636 CVE-2019-9947
Affected Products:
  • SUSE Linux Enterprise Server 12-SP5

An update that solves 10 vulnerabilities and has 11 fixes is now available.

Description:

This update for python36 to version 3.6.10 fixes the following issues:

  • CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).
  • CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs (bsc#1149955).
  • CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-302=1

Package List:

  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • libpython3_6m1_0-3.6.10-4.3.5
    • libpython3_6m1_0-debuginfo-3.6.10-4.3.5
    • python36-3.6.10-4.3.5
    • python36-base-3.6.10-4.3.5
    • python36-base-debuginfo-3.6.10-4.3.5
    • python36-base-debugsource-3.6.10-4.3.5
    • python36-debuginfo-3.6.10-4.3.5
    • python36-debugsource-3.6.10-4.3.5

References: