SUSE-SU-2024:2982-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20242982-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:2982-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:2982-1
- Upstream
- Related
- Published
- 2024-08-20T09:08:55Z
- Modified
- 2026-02-04T22:45:56.779044Z
- Summary
- Security update for python311
- Details
-
This update for python311 fixes the following issues:
Security issues fixed:
- CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780)
- CVE-2024-5642: Removed support for anything but OpenSSL 1.1.1 or newer (bsc#1227233)
- CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448)
Non-security issues fixed:
- Fixed executable bits for /usr/bin/idle* (bsc#1227378).
- Improve python reproducible builds (bsc#1227999)
- Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660)
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999)
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20242982-1/
- https://bugzilla.suse.com/1225660
- https://bugzilla.suse.com/1226447
- https://bugzilla.suse.com/1226448
- https://bugzilla.suse.com/1227378
- https://bugzilla.suse.com/1227999
- https://bugzilla.suse.com/1228780
- https://www.suse.com/security/cve/CVE-2023-27043
- https://www.suse.com/security/cve/CVE-2024-0397
- https://www.suse.com/security/cve/CVE-2024-4032
- https://www.suse.com/security/cve/CVE-2024-6923