Security update for python
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2019:14018-1
Final
1
1
2019-04-15T14:36:19Z
current
2019-04-15T14:36:19Z
2019-04-15T14:36:19Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for python
This update for python fixes the following issues:
Security issues fixed:
- CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847).
- CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution for Non-Commercial usage (CC-BY-NC-4.0)
https://www.suse.com/support/update/announcement/2019/suse-su-201914018-1/
Link for SUSE-SU-2019:14018-1
http://lists.suse.com/pipermail/sle-security-updates/2019-April/005340.html
E-Mail link for SUSE-SU-2019:14018-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP4-LTSS
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
libpython2_6-1_0-2.6.9-40.24.1
python-2.6.9-40.24.1
python-base-2.6.9-40.24.1
python-curses-2.6.9-40.24.1
python-demo-2.6.9-40.24.1
python-doc-2.6-8.40.24.1
python-doc-pdf-2.6-8.40.24.1
python-gdbm-2.6.9-40.24.1
python-idle-2.6.9-40.24.1
python-tk-2.6.9-40.24.1
python-xml-2.6.9-40.24.1
libpython2_6-1_0-32bit-2.6.9-40.24.1
python-32bit-2.6.9-40.24.1
python-base-32bit-2.6.9-40.24.1
libpython2_6-1_0-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3
python-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3
python-base-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3
python-curses-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3
python-demo-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3
python-doc-2.6-8.40.24.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3
python-doc-pdf-2.6-8.40.24.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3
python-gdbm-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3
python-idle-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3
python-tk-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3
python-xml-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3
libpython2_6-1_0-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
libpython2_6-1_0-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
libpython2_6-1_0-32bit-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
libpython2_6-1_0-32bit-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-32bit-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-32bit-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-base-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-base-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-base-32bit-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-base-32bit-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-curses-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-curses-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-demo-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-demo-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-doc-2.6-8.40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-doc-2.6-8.40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-doc-pdf-2.6-8.40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-doc-pdf-2.6-8.40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-gdbm-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-gdbm-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-idle-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-idle-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-tk-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-tk-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
python-xml-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS
python-xml-2.6.9-40.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.
CVE-2019-9636
SUSE Linux Enterprise Point of Sale 11 SP3:libpython2_6-1_0-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-base-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-curses-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-demo-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-doc-2.6-8.40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-doc-pdf-2.6-8.40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-gdbm-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-idle-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-tk-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-xml-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libpython2_6-1_0-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libpython2_6-1_0-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-base-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-base-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-curses-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-demo-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-doc-2.6-8.40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-doc-pdf-2.6-8.40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-gdbm-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-idle-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-tk-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-xml-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:libpython2_6-1_0-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:libpython2_6-1_0-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-base-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-base-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-curses-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-demo-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-doc-2.6-8.40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-doc-pdf-2.6-8.40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-gdbm-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-idle-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-tk-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-xml-2.6.9-40.24.1
important
Please Install the update.
https://www.suse.com/support/update/announcement/2019/suse-su-201914018-1/
https://www.suse.com/security/cve/CVE-2019-9636.html
CVE-2019-9636
https://bugzilla.suse.com/1129346
SUSE Bug 1129346
https://bugzilla.suse.com/1135433
SUSE Bug 1135433
https://bugzilla.suse.com/1138459
SUSE Bug 1138459
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
CVE-2019-9948
SUSE Linux Enterprise Point of Sale 11 SP3:libpython2_6-1_0-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-base-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-curses-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-demo-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-doc-2.6-8.40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-doc-pdf-2.6-8.40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-gdbm-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-idle-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-tk-2.6.9-40.24.1
SUSE Linux Enterprise Point of Sale 11 SP3:python-xml-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libpython2_6-1_0-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:libpython2_6-1_0-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-base-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-base-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-curses-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-demo-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-doc-2.6-8.40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-doc-pdf-2.6-8.40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-gdbm-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-idle-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-tk-2.6.9-40.24.1
SUSE Linux Enterprise Server 11 SP4-LTSS:python-xml-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:libpython2_6-1_0-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:libpython2_6-1_0-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-base-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-base-32bit-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-curses-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-demo-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-doc-2.6-8.40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-doc-pdf-2.6-8.40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-gdbm-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-idle-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-tk-2.6.9-40.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS:python-xml-2.6.9-40.24.1
low
Please Install the update.
https://www.suse.com/support/update/announcement/2019/suse-su-201914018-1/
https://www.suse.com/security/cve/CVE-2019-9948.html
CVE-2019-9948
https://bugzilla.suse.com/1130847
SUSE Bug 1130847
https://bugzilla.suse.com/1135433
SUSE Bug 1135433