Vulnerability from csaf_opensuse
Published
2024-10-28 00:00
Modified
2024-10-28 00:00
Summary
python314-3.14.0~a1-1.1 on GA media
Notes
Title of the patch
python314-3.14.0~a1-1.1 on GA media
Description of the patch
These are all security issues fixed in the python314-3.14.0~a1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14434
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "python314-3.14.0~a1-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the python314-3.14.0~a1-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14434", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14434-1.json", }, { category: "self", summary: "SUSE CVE CVE-2011-3389 page", url: "https://www.suse.com/security/cve/CVE-2011-3389/", }, { category: "self", summary: "SUSE CVE CVE-2011-4944 page", url: "https://www.suse.com/security/cve/CVE-2011-4944/", }, { category: "self", summary: "SUSE CVE CVE-2012-0845 page", url: "https://www.suse.com/security/cve/CVE-2012-0845/", }, { category: "self", summary: "SUSE CVE CVE-2012-1150 page", url: "https://www.suse.com/security/cve/CVE-2012-1150/", }, { category: "self", summary: "SUSE CVE CVE-2013-1752 page", url: "https://www.suse.com/security/cve/CVE-2013-1752/", }, { category: "self", summary: "SUSE CVE CVE-2013-4238 page", url: "https://www.suse.com/security/cve/CVE-2013-4238/", }, { category: "self", summary: "SUSE CVE CVE-2014-2667 page", url: "https://www.suse.com/security/cve/CVE-2014-2667/", }, { category: "self", summary: "SUSE CVE CVE-2014-4650 page", url: "https://www.suse.com/security/cve/CVE-2014-4650/", }, { category: "self", summary: "SUSE CVE CVE-2019-20907 page", url: "https://www.suse.com/security/cve/CVE-2019-20907/", }, { category: "self", summary: "SUSE CVE CVE-2019-5010 page", url: "https://www.suse.com/security/cve/CVE-2019-5010/", }, { category: "self", summary: "SUSE CVE CVE-2019-9947 page", url: "https://www.suse.com/security/cve/CVE-2019-9947/", }, { category: "self", summary: "SUSE CVE CVE-2020-10735 page", url: "https://www.suse.com/security/cve/CVE-2020-10735/", }, { category: "self", summary: "SUSE CVE CVE-2020-15523 page", url: "https://www.suse.com/security/cve/CVE-2020-15523/", }, { category: "self", summary: "SUSE CVE CVE-2020-15801 page", url: "https://www.suse.com/security/cve/CVE-2020-15801/", }, { category: "self", summary: "SUSE CVE CVE-2020-8492 page", url: "https://www.suse.com/security/cve/CVE-2020-8492/", }, { category: "self", summary: "SUSE CVE CVE-2021-23336 page", url: "https://www.suse.com/security/cve/CVE-2021-23336/", }, { category: "self", summary: "SUSE CVE CVE-2021-3177 page", url: "https://www.suse.com/security/cve/CVE-2021-3177/", }, { category: "self", summary: "SUSE CVE CVE-2021-3426 page", url: "https://www.suse.com/security/cve/CVE-2021-3426/", }, { category: "self", summary: "SUSE CVE CVE-2022-25236 page", url: "https://www.suse.com/security/cve/CVE-2022-25236/", }, { category: "self", summary: "SUSE CVE CVE-2022-42919 page", url: "https://www.suse.com/security/cve/CVE-2022-42919/", }, { category: "self", summary: "SUSE CVE CVE-2022-45061 page", url: "https://www.suse.com/security/cve/CVE-2022-45061/", }, { category: "self", summary: "SUSE CVE CVE-2023-0286 page", url: "https://www.suse.com/security/cve/CVE-2023-0286/", }, { category: "self", summary: "SUSE CVE CVE-2023-24329 page", url: "https://www.suse.com/security/cve/CVE-2023-24329/", }, { category: "self", summary: "SUSE CVE CVE-2023-2650 page", url: "https://www.suse.com/security/cve/CVE-2023-2650/", }, { category: "self", summary: "SUSE CVE CVE-2023-27043 page", url: "https://www.suse.com/security/cve/CVE-2023-27043/", }, { category: "self", summary: "SUSE CVE CVE-2023-40217 page", url: "https://www.suse.com/security/cve/CVE-2023-40217/", }, { category: "self", summary: "SUSE CVE CVE-2023-52425 page", url: "https://www.suse.com/security/cve/CVE-2023-52425/", }, { category: "self", summary: "SUSE CVE CVE-2024-4030 page", url: "https://www.suse.com/security/cve/CVE-2024-4030/", }, { category: "self", summary: "SUSE CVE CVE-2024-4032 page", url: "https://www.suse.com/security/cve/CVE-2024-4032/", }, { category: "self", summary: "SUSE CVE CVE-2024-6232 page", url: "https://www.suse.com/security/cve/CVE-2024-6232/", }, { category: "self", summary: "SUSE CVE CVE-2024-6923 page", url: "https://www.suse.com/security/cve/CVE-2024-6923/", }, { category: "self", summary: "SUSE CVE CVE-2024-7592 page", url: "https://www.suse.com/security/cve/CVE-2024-7592/", }, { category: "self", summary: "SUSE CVE CVE-2024-8088 page", url: "https://www.suse.com/security/cve/CVE-2024-8088/", }, ], title: "python314-3.14.0~a1-1.1 on GA media", tracking: { current_release_date: "2024-10-28T00:00:00Z", generator: { date: "2024-10-28T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14434-1", initial_release_date: "2024-10-28T00:00:00Z", revision_history: [ { date: "2024-10-28T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "python314-3.14.0~a1-1.1.aarch64", product: { name: "python314-3.14.0~a1-1.1.aarch64", product_id: "python314-3.14.0~a1-1.1.aarch64", }, }, { category: "product_version", name: "python314-curses-3.14.0~a1-1.1.aarch64", product: { name: "python314-curses-3.14.0~a1-1.1.aarch64", product_id: "python314-curses-3.14.0~a1-1.1.aarch64", }, }, { category: "product_version", name: "python314-dbm-3.14.0~a1-1.1.aarch64", product: { name: "python314-dbm-3.14.0~a1-1.1.aarch64", product_id: "python314-dbm-3.14.0~a1-1.1.aarch64", }, }, { category: "product_version", name: "python314-idle-3.14.0~a1-1.1.aarch64", product: { name: "python314-idle-3.14.0~a1-1.1.aarch64", product_id: "python314-idle-3.14.0~a1-1.1.aarch64", }, }, { category: "product_version", name: "python314-tk-3.14.0~a1-1.1.aarch64", product: { name: "python314-tk-3.14.0~a1-1.1.aarch64", product_id: "python314-tk-3.14.0~a1-1.1.aarch64", }, }, { category: "product_version", name: "python314-x86-64-v3-3.14.0~a1-1.1.aarch64", product: { name: "python314-x86-64-v3-3.14.0~a1-1.1.aarch64", product_id: "python314-x86-64-v3-3.14.0~a1-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "python314-3.14.0~a1-1.1.ppc64le", product: { name: "python314-3.14.0~a1-1.1.ppc64le", product_id: "python314-3.14.0~a1-1.1.ppc64le", }, }, { category: "product_version", name: "python314-curses-3.14.0~a1-1.1.ppc64le", product: { name: "python314-curses-3.14.0~a1-1.1.ppc64le", product_id: "python314-curses-3.14.0~a1-1.1.ppc64le", }, }, { category: "product_version", name: "python314-dbm-3.14.0~a1-1.1.ppc64le", product: { name: "python314-dbm-3.14.0~a1-1.1.ppc64le", product_id: "python314-dbm-3.14.0~a1-1.1.ppc64le", }, }, { category: "product_version", name: "python314-idle-3.14.0~a1-1.1.ppc64le", product: { name: "python314-idle-3.14.0~a1-1.1.ppc64le", product_id: "python314-idle-3.14.0~a1-1.1.ppc64le", }, }, { category: "product_version", name: "python314-tk-3.14.0~a1-1.1.ppc64le", product: { name: "python314-tk-3.14.0~a1-1.1.ppc64le", product_id: "python314-tk-3.14.0~a1-1.1.ppc64le", }, }, { category: "product_version", name: "python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", product: { name: "python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", product_id: "python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "python314-3.14.0~a1-1.1.s390x", product: { name: "python314-3.14.0~a1-1.1.s390x", product_id: "python314-3.14.0~a1-1.1.s390x", }, }, { category: "product_version", name: "python314-curses-3.14.0~a1-1.1.s390x", product: { name: "python314-curses-3.14.0~a1-1.1.s390x", product_id: "python314-curses-3.14.0~a1-1.1.s390x", }, }, { category: "product_version", name: "python314-dbm-3.14.0~a1-1.1.s390x", product: { name: "python314-dbm-3.14.0~a1-1.1.s390x", product_id: "python314-dbm-3.14.0~a1-1.1.s390x", }, }, { category: "product_version", name: "python314-idle-3.14.0~a1-1.1.s390x", product: { name: "python314-idle-3.14.0~a1-1.1.s390x", product_id: "python314-idle-3.14.0~a1-1.1.s390x", }, }, { category: "product_version", name: "python314-tk-3.14.0~a1-1.1.s390x", product: { name: "python314-tk-3.14.0~a1-1.1.s390x", product_id: "python314-tk-3.14.0~a1-1.1.s390x", }, }, { category: "product_version", name: "python314-x86-64-v3-3.14.0~a1-1.1.s390x", product: { name: "python314-x86-64-v3-3.14.0~a1-1.1.s390x", product_id: "python314-x86-64-v3-3.14.0~a1-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "python314-3.14.0~a1-1.1.x86_64", product: { name: "python314-3.14.0~a1-1.1.x86_64", product_id: "python314-3.14.0~a1-1.1.x86_64", }, }, { category: "product_version", name: "python314-curses-3.14.0~a1-1.1.x86_64", product: { name: "python314-curses-3.14.0~a1-1.1.x86_64", product_id: "python314-curses-3.14.0~a1-1.1.x86_64", }, }, { category: "product_version", name: "python314-dbm-3.14.0~a1-1.1.x86_64", product: { name: "python314-dbm-3.14.0~a1-1.1.x86_64", product_id: "python314-dbm-3.14.0~a1-1.1.x86_64", }, }, { category: "product_version", name: "python314-idle-3.14.0~a1-1.1.x86_64", product: { name: "python314-idle-3.14.0~a1-1.1.x86_64", product_id: "python314-idle-3.14.0~a1-1.1.x86_64", }, }, { category: "product_version", name: "python314-tk-3.14.0~a1-1.1.x86_64", product: { name: "python314-tk-3.14.0~a1-1.1.x86_64", product_id: "python314-tk-3.14.0~a1-1.1.x86_64", }, }, { category: "product_version", name: "python314-x86-64-v3-3.14.0~a1-1.1.x86_64", product: { name: "python314-x86-64-v3-3.14.0~a1-1.1.x86_64", product_id: "python314-x86-64-v3-3.14.0~a1-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "python314-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", }, product_reference: "python314-3.14.0~a1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", }, product_reference: "python314-3.14.0~a1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", }, product_reference: "python314-3.14.0~a1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", }, product_reference: "python314-3.14.0~a1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-curses-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", }, product_reference: "python314-curses-3.14.0~a1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-curses-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", }, product_reference: "python314-curses-3.14.0~a1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-curses-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", }, product_reference: "python314-curses-3.14.0~a1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-curses-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", }, product_reference: "python314-curses-3.14.0~a1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-dbm-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", }, product_reference: "python314-dbm-3.14.0~a1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-dbm-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", }, product_reference: "python314-dbm-3.14.0~a1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-dbm-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", }, product_reference: "python314-dbm-3.14.0~a1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-dbm-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", }, product_reference: "python314-dbm-3.14.0~a1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-idle-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", }, product_reference: "python314-idle-3.14.0~a1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-idle-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", }, product_reference: "python314-idle-3.14.0~a1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-idle-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", }, product_reference: "python314-idle-3.14.0~a1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-idle-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", }, product_reference: "python314-idle-3.14.0~a1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-tk-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", }, product_reference: "python314-tk-3.14.0~a1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-tk-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", }, product_reference: "python314-tk-3.14.0~a1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-tk-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", }, product_reference: "python314-tk-3.14.0~a1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-tk-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", }, product_reference: "python314-tk-3.14.0~a1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-x86-64-v3-3.14.0~a1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", }, product_reference: "python314-x86-64-v3-3.14.0~a1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-x86-64-v3-3.14.0~a1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", }, product_reference: "python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-x86-64-v3-3.14.0~a1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", }, product_reference: "python314-x86-64-v3-3.14.0~a1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "python314-x86-64-v3-3.14.0~a1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", }, product_reference: "python314-x86-64-v3-3.14.0~a1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2011-3389", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-3389", }, ], notes: [ { category: "general", text: "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-3389", url: "https://www.suse.com/security/cve/CVE-2011-3389", }, { category: "external", summary: "SUSE Bug 716002 for CVE-2011-3389", url: "https://bugzilla.suse.com/716002", }, { category: "external", summary: "SUSE Bug 719047 for CVE-2011-3389", url: "https://bugzilla.suse.com/719047", }, { category: "external", summary: "SUSE Bug 725167 for CVE-2011-3389", url: "https://bugzilla.suse.com/725167", }, { category: "external", summary: "SUSE Bug 726096 for CVE-2011-3389", url: "https://bugzilla.suse.com/726096", }, { category: "external", summary: "SUSE Bug 739248 for CVE-2011-3389", url: "https://bugzilla.suse.com/739248", }, { category: "external", summary: "SUSE Bug 739256 for CVE-2011-3389", url: "https://bugzilla.suse.com/739256", }, { category: "external", summary: "SUSE Bug 742306 for CVE-2011-3389", url: "https://bugzilla.suse.com/742306", }, { category: "external", summary: "SUSE Bug 751718 for CVE-2011-3389", url: "https://bugzilla.suse.com/751718", }, { category: "external", summary: "SUSE Bug 759666 for CVE-2011-3389", url: "https://bugzilla.suse.com/759666", }, { category: "external", summary: "SUSE Bug 763598 for CVE-2011-3389", url: "https://bugzilla.suse.com/763598", }, { category: "external", summary: "SUSE Bug 814655 for CVE-2011-3389", url: "https://bugzilla.suse.com/814655", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2011-3389", }, { cve: "CVE-2011-4944", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2011-4944", }, ], notes: [ { category: "general", text: "Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2011-4944", url: "https://www.suse.com/security/cve/CVE-2011-4944", }, { category: "external", summary: "SUSE Bug 754447 for CVE-2011-4944", url: "https://bugzilla.suse.com/754447", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "low", }, ], title: "CVE-2011-4944", }, { cve: "CVE-2012-0845", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-0845", }, ], notes: [ { category: "general", text: "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-0845", url: "https://www.suse.com/security/cve/CVE-2012-0845", }, { category: "external", summary: "SUSE Bug 747125 for CVE-2012-0845", url: "https://bugzilla.suse.com/747125", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-0845", }, { cve: "CVE-2012-1150", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-1150", }, ], notes: [ { category: "general", text: "Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-1150", url: "https://www.suse.com/security/cve/CVE-2012-1150", }, { category: "external", summary: "SUSE Bug 751718 for CVE-2012-1150", url: "https://bugzilla.suse.com/751718", }, { category: "external", summary: "SUSE Bug 755383 for CVE-2012-1150", url: "https://bugzilla.suse.com/755383", }, { category: "external", summary: "SUSE Bug 826682 for CVE-2012-1150", url: "https://bugzilla.suse.com/826682", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-1150", }, { cve: "CVE-2013-1752", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-1752", }, ], notes: [ { category: "general", text: "** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-1752", url: "https://www.suse.com/security/cve/CVE-2013-1752", }, { category: "external", summary: "SUSE Bug 856835 for CVE-2013-1752", url: "https://bugzilla.suse.com/856835", }, { category: "external", summary: "SUSE Bug 856836 for CVE-2013-1752", url: "https://bugzilla.suse.com/856836", }, { category: "external", summary: "SUSE Bug 863741 for CVE-2013-1752", url: "https://bugzilla.suse.com/863741", }, { category: "external", summary: "SUSE Bug 885882 for CVE-2013-1752", url: "https://bugzilla.suse.com/885882", }, { category: "external", summary: "SUSE Bug 898572 for CVE-2013-1752", url: "https://bugzilla.suse.com/898572", }, { category: "external", summary: "SUSE Bug 912739 for CVE-2013-1752", url: "https://bugzilla.suse.com/912739", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-1752", }, { cve: "CVE-2013-4238", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-4238", }, ], notes: [ { category: "general", text: "The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-4238", url: "https://www.suse.com/security/cve/CVE-2013-4238", }, { category: "external", summary: "SUSE Bug 834601 for CVE-2013-4238", url: "https://bugzilla.suse.com/834601", }, { category: "external", summary: "SUSE Bug 839107 for CVE-2013-4238", url: "https://bugzilla.suse.com/839107", }, { category: "external", summary: "SUSE Bug 882915 for CVE-2013-4238", url: "https://bugzilla.suse.com/882915", }, { category: "external", summary: "SUSE Bug 912739 for CVE-2013-4238", url: "https://bugzilla.suse.com/912739", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-4238", }, { cve: "CVE-2014-2667", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-2667", }, ], notes: [ { category: "general", text: "Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-2667", url: "https://www.suse.com/security/cve/CVE-2014-2667", }, { category: "external", summary: "SUSE Bug 871152 for CVE-2014-2667", url: "https://bugzilla.suse.com/871152", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-2667", }, { cve: "CVE-2014-4650", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-4650", }, ], notes: [ { category: "general", text: "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-4650", url: "https://www.suse.com/security/cve/CVE-2014-4650", }, { category: "external", summary: "SUSE Bug 856835 for CVE-2014-4650", url: "https://bugzilla.suse.com/856835", }, { category: "external", summary: "SUSE Bug 856836 for CVE-2014-4650", url: "https://bugzilla.suse.com/856836", }, { category: "external", summary: "SUSE Bug 863741 for CVE-2014-4650", url: "https://bugzilla.suse.com/863741", }, { category: "external", summary: "SUSE Bug 885882 for CVE-2014-4650", url: "https://bugzilla.suse.com/885882", }, { category: "external", summary: "SUSE Bug 898572 for CVE-2014-4650", url: "https://bugzilla.suse.com/898572", }, { category: "external", summary: "SUSE Bug 912739 for CVE-2014-4650", url: "https://bugzilla.suse.com/912739", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2014-4650", }, { cve: "CVE-2019-20907", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-20907", }, ], notes: [ { category: "general", text: "In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-20907", url: "https://www.suse.com/security/cve/CVE-2019-20907", }, { category: "external", summary: "SUSE Bug 1174091 for CVE-2019-20907", url: "https://bugzilla.suse.com/1174091", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-20907", }, { cve: "CVE-2019-5010", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-5010", }, ], notes: [ { category: "general", text: "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-5010", url: "https://www.suse.com/security/cve/CVE-2019-5010", }, { category: "external", summary: "SUSE Bug 1122191 for CVE-2019-5010", url: "https://bugzilla.suse.com/1122191", }, { category: "external", summary: "SUSE Bug 1126909 for CVE-2019-5010", url: "https://bugzilla.suse.com/1126909", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "important", }, ], title: "CVE-2019-5010", }, { cve: "CVE-2019-9947", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-9947", }, ], notes: [ { category: "general", text: "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-9947", url: "https://www.suse.com/security/cve/CVE-2019-9947", }, { category: "external", summary: "SUSE Bug 1130840 for CVE-2019-9947", url: "https://bugzilla.suse.com/1130840", }, { category: "external", summary: "SUSE Bug 1136184 for CVE-2019-9947", url: "https://bugzilla.suse.com/1136184", }, { category: "external", summary: "SUSE Bug 1155094 for CVE-2019-9947", url: "https://bugzilla.suse.com/1155094", }, { category: "external", summary: "SUSE Bug 1201559 for CVE-2019-9947", url: "https://bugzilla.suse.com/1201559", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-9947", }, { cve: "CVE-2020-10735", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-10735", }, ], notes: [ { category: "general", text: "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-10735", url: "https://www.suse.com/security/cve/CVE-2020-10735", }, { category: "external", summary: "SUSE Bug 1203125 for CVE-2020-10735", url: "https://bugzilla.suse.com/1203125", }, { category: "external", summary: "SUSE Bug 1204077 for CVE-2020-10735", url: "https://bugzilla.suse.com/1204077", }, { category: "external", summary: "SUSE Bug 1204096 for CVE-2020-10735", url: "https://bugzilla.suse.com/1204096", }, { category: "external", summary: "SUSE Bug 1204097 for CVE-2020-10735", url: "https://bugzilla.suse.com/1204097", }, { category: "external", summary: "SUSE Bug 1205075 for CVE-2020-10735", url: "https://bugzilla.suse.com/1205075", }, { category: "external", summary: "SUSE Bug 1208131 for CVE-2020-10735", url: "https://bugzilla.suse.com/1208131", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "important", }, ], title: "CVE-2020-10735", }, { cve: "CVE-2020-15523", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15523", }, ], notes: [ { category: "general", text: "In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-15523", url: "https://www.suse.com/security/cve/CVE-2020-15523", }, { category: "external", summary: "SUSE Bug 1173745 for CVE-2020-15523", url: "https://bugzilla.suse.com/1173745", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "important", }, ], title: "CVE-2020-15523", }, { cve: "CVE-2020-15801", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-15801", }, ], notes: [ { category: "general", text: "In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-15801", url: "https://www.suse.com/security/cve/CVE-2020-15801", }, { category: "external", summary: "SUSE Bug 1174241 for CVE-2020-15801", url: "https://bugzilla.suse.com/1174241", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "critical", }, ], title: "CVE-2020-15801", }, { cve: "CVE-2020-8492", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-8492", }, ], notes: [ { category: "general", text: "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-8492", url: "https://www.suse.com/security/cve/CVE-2020-8492", }, { category: "external", summary: "SUSE Bug 1162367 for CVE-2020-8492", url: "https://bugzilla.suse.com/1162367", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-8492", }, { cve: "CVE-2021-23336", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-23336", }, ], notes: [ { category: "general", text: "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-23336", url: "https://www.suse.com/security/cve/CVE-2021-23336", }, { category: "external", summary: "SUSE Bug 1182179 for CVE-2021-23336", url: "https://bugzilla.suse.com/1182179", }, { category: "external", summary: "SUSE Bug 1182379 for CVE-2021-23336", url: "https://bugzilla.suse.com/1182379", }, { category: "external", summary: "SUSE Bug 1182433 for CVE-2021-23336", url: "https://bugzilla.suse.com/1182433", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-23336", }, { cve: "CVE-2021-3177", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3177", }, ], notes: [ { category: "general", text: "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3177", url: "https://www.suse.com/security/cve/CVE-2021-3177", }, { category: "external", summary: "SUSE Bug 1181126 for CVE-2021-3177", url: "https://bugzilla.suse.com/1181126", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3177", }, { cve: "CVE-2021-3426", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3426", }, ], notes: [ { category: "general", text: "There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3426", url: "https://www.suse.com/security/cve/CVE-2021-3426", }, { category: "external", summary: "SUSE Bug 1183374 for CVE-2021-3426", url: "https://bugzilla.suse.com/1183374", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3426", }, { cve: "CVE-2022-25236", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-25236", }, ], notes: [ { category: "general", text: "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-25236", url: "https://www.suse.com/security/cve/CVE-2022-25236", }, { category: "external", summary: "SUSE Bug 1196025 for CVE-2022-25236", url: "https://bugzilla.suse.com/1196025", }, { category: "external", summary: "SUSE Bug 1196784 for CVE-2022-25236", url: "https://bugzilla.suse.com/1196784", }, { category: "external", summary: "SUSE Bug 1197217 for CVE-2022-25236", url: "https://bugzilla.suse.com/1197217", }, { category: "external", summary: "SUSE Bug 1200038 for CVE-2022-25236", url: "https://bugzilla.suse.com/1200038", }, { category: "external", summary: "SUSE Bug 1201735 for CVE-2022-25236", url: "https://bugzilla.suse.com/1201735", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "important", }, ], title: "CVE-2022-25236", }, { cve: "CVE-2022-42919", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-42919", }, ], notes: [ { category: "general", text: "Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-42919", url: "https://www.suse.com/security/cve/CVE-2022-42919", }, { category: "external", summary: "SUSE Bug 1204886 for CVE-2022-42919", url: "https://bugzilla.suse.com/1204886", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "important", }, ], title: "CVE-2022-42919", }, { cve: "CVE-2022-45061", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-45061", }, ], notes: [ { category: "general", text: "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-45061", url: "https://www.suse.com/security/cve/CVE-2022-45061", }, { category: "external", summary: "SUSE Bug 1205244 for CVE-2022-45061", url: "https://bugzilla.suse.com/1205244", }, { category: "external", summary: "SUSE Bug 1211488 for CVE-2022-45061", url: "https://bugzilla.suse.com/1211488", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-45061", }, { cve: "CVE-2023-0286", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-0286", }, ], notes: [ { category: "general", text: "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-0286", url: "https://www.suse.com/security/cve/CVE-2023-0286", }, { category: "external", summary: "SUSE Bug 1207533 for CVE-2023-0286", url: "https://bugzilla.suse.com/1207533", }, { category: "external", summary: "SUSE Bug 1207569 for CVE-2023-0286", url: "https://bugzilla.suse.com/1207569", }, { category: "external", summary: "SUSE Bug 1211136 for CVE-2023-0286", url: "https://bugzilla.suse.com/1211136", }, { category: "external", summary: "SUSE Bug 1211503 for CVE-2023-0286", url: "https://bugzilla.suse.com/1211503", }, { category: "external", summary: "SUSE Bug 1213146 for CVE-2023-0286", url: "https://bugzilla.suse.com/1213146", }, { category: "external", summary: "SUSE Bug 1214269 for CVE-2023-0286", url: "https://bugzilla.suse.com/1214269", }, { category: "external", summary: "SUSE Bug 1218477 for CVE-2023-0286", url: "https://bugzilla.suse.com/1218477", }, { category: "external", summary: "SUSE Bug 1218967 for CVE-2023-0286", url: "https://bugzilla.suse.com/1218967", }, { category: "external", summary: "SUSE Bug 1225677 for CVE-2023-0286", url: "https://bugzilla.suse.com/1225677", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "important", }, ], title: "CVE-2023-0286", }, { cve: "CVE-2023-24329", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-24329", }, ], notes: [ { category: "general", text: "An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-24329", url: "https://www.suse.com/security/cve/CVE-2023-24329", }, { category: "external", summary: "SUSE Bug 1208471 for CVE-2023-24329", url: "https://bugzilla.suse.com/1208471", }, { category: "external", summary: "SUSE Bug 1213553 for CVE-2023-24329", url: "https://bugzilla.suse.com/1213553", }, { category: "external", summary: "SUSE Bug 1213554 for CVE-2023-24329", url: "https://bugzilla.suse.com/1213554", }, { category: "external", summary: "SUSE Bug 1213839 for CVE-2023-24329", url: "https://bugzilla.suse.com/1213839", }, { category: "external", summary: "SUSE Bug 1225672 for CVE-2023-24329", url: "https://bugzilla.suse.com/1225672", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "important", }, ], title: "CVE-2023-24329", }, { cve: "CVE-2023-2650", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-2650", }, ], notes: [ { category: "general", text: "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-2650", url: "https://www.suse.com/security/cve/CVE-2023-2650", }, { category: "external", summary: "SUSE Bug 1211430 for CVE-2023-2650", url: "https://bugzilla.suse.com/1211430", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-2650", }, { cve: "CVE-2023-27043", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-27043", }, ], notes: [ { category: "general", text: "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-27043", url: "https://www.suse.com/security/cve/CVE-2023-27043", }, { category: "external", summary: "SUSE Bug 1210638 for CVE-2023-27043", url: "https://bugzilla.suse.com/1210638", }, { category: "external", summary: "SUSE Bug 1222537 for CVE-2023-27043", url: "https://bugzilla.suse.com/1222537", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-27043", }, { cve: "CVE-2023-40217", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-40217", }, ], notes: [ { category: "general", text: "An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-40217", url: "https://www.suse.com/security/cve/CVE-2023-40217", }, { category: "external", summary: "SUSE Bug 1214692 for CVE-2023-40217", url: "https://bugzilla.suse.com/1214692", }, { category: "external", summary: "SUSE Bug 1217524 for CVE-2023-40217", url: "https://bugzilla.suse.com/1217524", }, { category: "external", summary: "SUSE Bug 1218319 for CVE-2023-40217", url: "https://bugzilla.suse.com/1218319", }, { category: "external", summary: "SUSE Bug 1218476 for CVE-2023-40217", url: "https://bugzilla.suse.com/1218476", }, { category: "external", summary: "SUSE Bug 1218965 for CVE-2023-40217", url: "https://bugzilla.suse.com/1218965", }, { category: "external", summary: "SUSE Bug 1219472 for CVE-2023-40217", url: "https://bugzilla.suse.com/1219472", }, { category: "external", summary: "SUSE Bug 1219713 for CVE-2023-40217", url: "https://bugzilla.suse.com/1219713", }, { category: "external", summary: "SUSE Bug 1221582 for CVE-2023-40217", url: "https://bugzilla.suse.com/1221582", }, { category: "external", summary: "SUSE Bug 1224883 for CVE-2023-40217", url: "https://bugzilla.suse.com/1224883", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "important", }, ], title: "CVE-2023-40217", }, { cve: "CVE-2023-52425", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-52425", }, ], notes: [ { category: "general", text: "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-52425", url: "https://www.suse.com/security/cve/CVE-2023-52425", }, { category: "external", summary: "SUSE Bug 1219559 for CVE-2023-52425", url: "https://bugzilla.suse.com/1219559", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-52425", }, { cve: "CVE-2024-4030", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-4030", }, ], notes: [ { category: "general", text: "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you're not using Windows or haven't changed the temporary directory location then you aren't affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix \"700\" for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-4030", url: "https://www.suse.com/security/cve/CVE-2024-4030", }, { category: "external", summary: "SUSE Bug 1227152 for CVE-2024-4030", url: "https://bugzilla.suse.com/1227152", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-4030", }, { cve: "CVE-2024-4032", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-4032", }, ], notes: [ { category: "general", text: "The \"ipaddress\" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \"globally reachable\" or \"private\". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-4032", url: "https://www.suse.com/security/cve/CVE-2024-4032", }, { category: "external", summary: "SUSE Bug 1226448 for CVE-2024-4032", url: "https://bugzilla.suse.com/1226448", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "low", }, ], title: "CVE-2024-4032", }, { cve: "CVE-2024-6232", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-6232", }, ], notes: [ { category: "general", text: "There is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-6232", url: "https://www.suse.com/security/cve/CVE-2024-6232", }, { category: "external", summary: "SUSE Bug 1230227 for CVE-2024-6232", url: "https://bugzilla.suse.com/1230227", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-6232", }, { cve: "CVE-2024-6923", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-6923", }, ], notes: [ { category: "general", text: "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn't properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-6923", url: "https://www.suse.com/security/cve/CVE-2024-6923", }, { category: "external", summary: "SUSE Bug 1228780 for CVE-2024-6923", url: "https://bugzilla.suse.com/1228780", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "important", }, ], title: "CVE-2024-6923", }, { cve: "CVE-2024-7592", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-7592", }, ], notes: [ { category: "general", text: "There is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-7592", url: "https://www.suse.com/security/cve/CVE-2024-7592", }, { category: "external", summary: "SUSE Bug 1229596 for CVE-2024-7592", url: "https://bugzilla.suse.com/1229596", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 2.6, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-7592", }, { cve: "CVE-2024-8088", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-8088", }, ], notes: [ { category: "general", text: "There is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected.\n\n\n\n\n\nWhen iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-8088", url: "https://www.suse.com/security/cve/CVE-2024-8088", }, { category: "external", summary: "SUSE Bug 1229704 for CVE-2024-8088", url: "https://bugzilla.suse.com/1229704", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-curses-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-dbm-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-idle-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-tk-3.14.0~a1-1.1.x86_64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.aarch64", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.ppc64le", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.s390x", "openSUSE Tumbleweed:python314-x86-64-v3-3.14.0~a1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-28T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-8088", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.