Security update for python SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:14306-1 Final 1 1 2020-03-03T14:23:57Z current 2020-03-03T14:23:57Z 2020-03-03T14:23:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python This update for python fixes the following security issue: - CVE-2020-8492: Fixed a regular expression in urllib that was prone to denial of service via HTTP (bsc#1162367). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleposp3-python-14306,slessp4-python-14306 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-202014306-1/ Link for SUSE-SU-2020:14306-1 https://lists.suse.com/pipermail/sle-security-updates/2020-March/006570.html E-Mail link for SUSE-SU-2020:14306-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1162367 SUSE Bug 1162367 https://www.suse.com/security/cve/CVE-2020-8492/ SUSE CVE CVE-2020-8492 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP4-LTSS libpython2_6-1_0-2.6.9-40.35.1 python-2.6.9-40.35.2 python-base-2.6.9-40.35.1 python-curses-2.6.9-40.35.2 python-demo-2.6.9-40.35.2 python-doc-2.6-8.40.35.1 python-doc-pdf-2.6-8.40.35.1 python-gdbm-2.6.9-40.35.2 python-idle-2.6.9-40.35.2 python-tk-2.6.9-40.35.2 python-xml-2.6.9-40.35.1 libpython2_6-1_0-32bit-2.6.9-40.35.1 python-32bit-2.6.9-40.35.2 python-base-32bit-2.6.9-40.35.1 libpython2_6-1_0-2.6.9-40.35.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-base-2.6.9-40.35.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-curses-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-demo-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-doc-2.6-8.40.35.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-doc-pdf-2.6-8.40.35.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-gdbm-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-idle-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-tk-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-xml-2.6.9-40.35.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 libpython2_6-1_0-2.6.9-40.35.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libpython2_6-1_0-32bit-2.6.9-40.35.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-32bit-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-base-2.6.9-40.35.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-base-32bit-2.6.9-40.35.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-curses-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-demo-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-doc-2.6-8.40.35.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-doc-pdf-2.6-8.40.35.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-gdbm-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-idle-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-tk-2.6.9-40.35.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-xml-2.6.9-40.35.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVE-2020-8492 SUSE Linux Enterprise Point of Sale 11 SP3:libpython2_6-1_0-2.6.9-40.35.1 SUSE Linux Enterprise Point of Sale 11 SP3:python-2.6.9-40.35.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-base-2.6.9-40.35.1 SUSE Linux Enterprise Point of Sale 11 SP3:python-curses-2.6.9-40.35.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-demo-2.6.9-40.35.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-doc-2.6-8.40.35.1 SUSE Linux Enterprise Point of Sale 11 SP3:python-doc-pdf-2.6-8.40.35.1 SUSE Linux Enterprise Point of Sale 11 SP3:python-gdbm-2.6.9-40.35.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-idle-2.6.9-40.35.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-tk-2.6.9-40.35.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-xml-2.6.9-40.35.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libpython2_6-1_0-2.6.9-40.35.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libpython2_6-1_0-32bit-2.6.9-40.35.1 SUSE Linux Enterprise Server 11 SP4-LTSS:python-2.6.9-40.35.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-32bit-2.6.9-40.35.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-base-2.6.9-40.35.1 SUSE Linux Enterprise Server 11 SP4-LTSS:python-base-32bit-2.6.9-40.35.1 SUSE Linux Enterprise Server 11 SP4-LTSS:python-curses-2.6.9-40.35.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-demo-2.6.9-40.35.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-doc-2.6-8.40.35.1 SUSE Linux Enterprise Server 11 SP4-LTSS:python-doc-pdf-2.6-8.40.35.1 SUSE Linux Enterprise Server 11 SP4-LTSS:python-gdbm-2.6.9-40.35.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-idle-2.6.9-40.35.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-tk-2.6.9-40.35.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-xml-2.6.9-40.35.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-202014306-1/ https://www.suse.com/security/cve/CVE-2020-8492.html CVE-2020-8492 https://bugzilla.suse.com/1162367 SUSE Bug 1162367