SUSE-SU-2023:2783-2
- Source
- https://www.suse.com/support/update/announcement/2023/suse-su-20232783-2/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:2783-2.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:2783-2
- Related
- Published
- 2023-09-19T21:52:38Z
- Modified
- 2023-09-19T21:52:38Z
- Summary
- Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets
- Details
-
This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues:
grpc: - Update in SLE-15 (bsc#1197726, bsc#1144068)
protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681 - Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256 - Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530 - Add missing dependency of python subpackages on python-six (bsc#1177127) - Updated to version 3.9.2 (bsc#1162343) * Remove OSReadLittle* due to alignment requirements. * Don't use unions and instead use memcpy for the type swaps. - Disable LTO (bsc#1133277)
python-aiocontextvars:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)python-avro: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
python-cryptography:
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331) * SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242python-cryptography-vectors: - update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Support for OpenSSL 1.0.2 has been removed. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. - update to 3.3.2 (bsc#1198331)
python-Deprecated: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 1.2.13:
python-google-api-core: - Update to 1.14.2
python-googleapis-common-protos: - Update to 1.6.0
python-grpcio-gcp: - Initial spec for v0.2.2
python-humanfriendly: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 10.0
python-jsondiff: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.0
python-knack:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 0.9.0python-opencensus: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Disable Python2 build - Update to 0.8.0
python-opencensus-context:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)python-opencensus-ext-threading:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial build version 0.1.2python-opentelemetry-api: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Version update to 1.5.0
python-psutil: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 5.9.1 - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753) - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
python-PyGithub: - Update to 1.43.5:
python-pytest-asyncio:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial release of python-pytest-asyncio 0.8.0python-requests: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
python-websocket-client: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.2
python-websockets: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 9.1:
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20232783-2/
- https://bugzilla.suse.com/1099269
- https://bugzilla.suse.com/1133277
- https://bugzilla.suse.com/1144068
- https://bugzilla.suse.com/1162343
- https://bugzilla.suse.com/1177127
- https://bugzilla.suse.com/1178168
- https://bugzilla.suse.com/1182066
- https://bugzilla.suse.com/1184753
- https://bugzilla.suse.com/1194530
- https://bugzilla.suse.com/1197726
- https://bugzilla.suse.com/1198331
- https://bugzilla.suse.com/1199282
- https://bugzilla.suse.com/1203681
- https://bugzilla.suse.com/1204256
- https://www.suse.com/security/cve/CVE-2018-1000518
- https://www.suse.com/security/cve/CVE-2020-25659
- https://www.suse.com/security/cve/CVE-2020-36242
- https://www.suse.com/security/cve/CVE-2021-22569
- https://www.suse.com/security/cve/CVE-2021-22570
- https://www.suse.com/security/cve/CVE-2022-1941
- https://www.suse.com/security/cve/CVE-2022-3171
Affected packages
SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / protobuf
Package
- Name
- protobuf
- Purl
- purl:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.9.2-150100.8.3.3
Ecosystem specific
{
"binaries": [
{
"python3-psutil": "5.9.1-150100.6.6.3",
"python2-requests": "2.25.1-150100.6.13.3",
"python3-requests": "2.25.1-150100.6.13.3",
"python3-cryptography": "3.3.2-150100.7.15.3",
"python2-cryptography": "3.3.2-150100.7.15.3",
"python2-psutil": "5.9.1-150100.6.6.3",
"python3-websocket-client": "1.3.2-150100.6.7.3",
"libprotobuf-lite20": "3.9.2-150100.8.3.3"
}
]
}
SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / python-cryptography
Package
- Name
- python-cryptography
- Purl
- purl:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.3.2-150100.7.15.3
Ecosystem specific
{
"binaries": [
{
"python3-psutil": "5.9.1-150100.6.6.3",
"python2-requests": "2.25.1-150100.6.13.3",
"python3-requests": "2.25.1-150100.6.13.3",
"python3-cryptography": "3.3.2-150100.7.15.3",
"python2-cryptography": "3.3.2-150100.7.15.3",
"python2-psutil": "5.9.1-150100.6.6.3",
"python3-websocket-client": "1.3.2-150100.6.7.3",
"libprotobuf-lite20": "3.9.2-150100.8.3.3"
}
]
}
SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / python-psutil
Package
- Name
- python-psutil
- Purl
- purl:rpm/suse/python-psutil&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.9.1-150100.6.6.3
Ecosystem specific
{
"binaries": [
{
"python3-psutil": "5.9.1-150100.6.6.3",
"python2-requests": "2.25.1-150100.6.13.3",
"python3-requests": "2.25.1-150100.6.13.3",
"python3-cryptography": "3.3.2-150100.7.15.3",
"python2-cryptography": "3.3.2-150100.7.15.3",
"python2-psutil": "5.9.1-150100.6.6.3",
"python3-websocket-client": "1.3.2-150100.6.7.3",
"libprotobuf-lite20": "3.9.2-150100.8.3.3"
}
]
}
SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / python-requests
Package
- Name
- python-requests
- Purl
- purl:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.25.1-150100.6.13.3
Ecosystem specific
{
"binaries": [
{
"python3-psutil": "5.9.1-150100.6.6.3",
"python2-requests": "2.25.1-150100.6.13.3",
"python3-requests": "2.25.1-150100.6.13.3",
"python3-cryptography": "3.3.2-150100.7.15.3",
"python2-cryptography": "3.3.2-150100.7.15.3",
"python2-psutil": "5.9.1-150100.6.6.3",
"python3-websocket-client": "1.3.2-150100.6.7.3",
"libprotobuf-lite20": "3.9.2-150100.8.3.3"
}
]
}
SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / python-websocket-client
Package
- Name
- python-websocket-client
- Purl
- purl:rpm/suse/python-websocket-client&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.2-150100.6.7.3
Ecosystem specific
{
"binaries": [
{
"python3-psutil": "5.9.1-150100.6.6.3",
"python2-requests": "2.25.1-150100.6.13.3",
"python3-requests": "2.25.1-150100.6.13.3",
"python3-cryptography": "3.3.2-150100.7.15.3",
"python2-cryptography": "3.3.2-150100.7.15.3",
"python2-psutil": "5.9.1-150100.6.6.3",
"python3-websocket-client": "1.3.2-150100.6.7.3",
"libprotobuf-lite20": "3.9.2-150100.8.3.3"
}
]
}