[SUSE-SU-2022:0895-1] Security update for python-lxml
Severity
Moderate
Affected Packages
4
CVEs
4
Security update for python-lxml
This update for python-lxml fixes the following issues:
- CVE-2021-43818: Removed SVG image data URLs since they can embed script content (bsc#1193752).
- CVE-2021-28957: Fixed a potential XSS due to improper input sanitization (bsc#1184177).
- CVE-2020-27783: Fixed a potential XSS due to improper HTML parsing (bsc#1179534).
- CVE-2018-19787: Fixed a potential XSS due to improper input sanitization (bsc#1118088).
| Package | Affected Version |
|---|---|
 pkg:rpm/suse/python-lxml?arch=x86_64&distro=sles-12&sp=5
|
< 3.6.1-8.5.1 |
|
pkg:rpm/suse/python-lxml?arch=s390x&distro=sles-12&sp=5
|
< 3.6.1-8.5.1 |
|
pkg:rpm/suse/python-lxml?arch=ppc64le&distro=sles-12&sp=5
|
< 3.6.1-8.5.1 |
|
pkg:rpm/suse/python-lxml?arch=aarch64&distro=sles-12&sp=5
|
< 3.6.1-8.5.1 |
- ID
- SUSE-SU-2022:0895-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20220895-1/
- Published
-
2022-03-17T14:38:22
(2 years ago) - Modified
-
2022-03-17T14:38:22
(2 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALAS-2023-1709
-
ALAS2-2021-1666
-
ALAS2-2023-1956
-
ALAS2-2024-2620
-
ALPINE:CVE-2020-27783
-
ALPINE:CVE-2021-28957
-
ALPINE:CVE-2021-43818
-
ALSA-2021:1761
-
ALSA-2021:1879
-
ALSA-2021:4151
-
ALSA-2021:4158
-
ALSA-2021:4160
-
ALSA-2021:4162
-
ALSA-2022:1763
-
ALSA-2022:1764
-
ALSA-2022:1821
-
ALSA-2022:1932
-
ASA-202012-1
-
DSA-4810-1
-
DSA-4880-1
-
DSA-5043-1
-
ELSA-2021-1761
-
ELSA-2021-1879
-
ELSA-2021-1898
-
ELSA-2021-4151
-
ELSA-2021-4160
-
ELSA-2021-4162
-
ELSA-2022-1763
-
ELSA-2022-1764
-
ELSA-2022-1821
-
ELSA-2022-1932
-
ELSA-2022-9341
-
FEDORA-2018-4be0428ab2
-
FEDORA-2018-67e98d4b7a
-
FEDORA-2020-0e055ea503
-
FEDORA-2020-307946cfb6
-
FEDORA-2021-28723f9670
-
FEDORA-2021-4cdb0f68c7
-
FEDORA-2021-6e8fb79f90
-
FEDORA-2021-9f9e7c5c4f
-
FEDORA-2022-7129fbaeed
-
FEDORA-2022-96c79bf003
-
GLSA-202208-06
-
MS:CVE-2018-19787
-
MS:CVE-2020-27783
-
MS:CVE-2021-28957
-
MS:CVE-2021-43818
-
openSUSE-SU-2022:0803-1
-
PYSEC-2018-12
-
PYSEC-2020-62
-
PYSEC-2021-19
-
PYSEC-2021-852
-
RHSA-2021:1761
-
RHSA-2021:1879
-
RHSA-2021:1898
-
RHSA-2021:4151
-
RHSA-2021:4158
-
RHSA-2021:4160
-
RHSA-2021:4162
-
RHSA-2022:1763
-
RHSA-2022:1764
-
RHSA-2022:1821
-
RHSA-2022:1932
-
RLSA-2021:1761
-
RLSA-2021:1879
-
RLSA-2021:4151
-
RLSA-2021:4160
-
RLSA-2021:4162
-
RLSA-2022:1763
-
RLSA-2022:1764
-
RLSA-2022:1821
-
RLSA-2022:1932
-
RLSA-2022:5498
-
SUSE-SU-2022:0803-1
-
SUSE-SU-2022:1536-1
-
SUSE-SU-2022:1729-1
-
SUSE-SU-2022:3460-1
-
SUSE-SU-2022:3461-1
-
SUSE-SU-2022:3836-1
-
SUSE-SU-2022:3934-1
-
SUSE-SU-2022:3937-1
-
USN-3841-1
-
USN-3841-2
-
USN-4666-1
-
USN-4666-2
-
USN-4896-1
-
USN-4896-2
-
USN-5225-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Suse | SUSE ratings |
|
|
| Suse | URL of this CSAF notice |
|
|
| Suse | URL for SUSE-SU-2022:0895-1 |
|
|
| Suse | E-Mail link for SUSE-SU-2022:0895-1 |
|
|
| Bugzilla | SUSE Bug 1118088 |
|
|
| Bugzilla | SUSE Bug 1179534 |
|
|
| Bugzilla | SUSE Bug 1184177 |
|
|
| Bugzilla | SUSE Bug 1193752 |
|
|
| CVE | SUSE CVE CVE-2018-19787 page |
|
|
| CVE | SUSE CVE CVE-2020-27783 page |
|
|
| CVE | SUSE CVE CVE-2021-28957 page |
|
|
| CVE | SUSE CVE CVE-2021-43818 page |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/python-lxml?arch=x86_64&distro=sles-12&sp=5 | suse |
python-lxml
|
< 3.6.1-8.5.1 | sles-12 | x86_64 | |
| Affected | pkg:rpm/suse/python-lxml?arch=s390x&distro=sles-12&sp=5 | suse |
python-lxml
|
< 3.6.1-8.5.1 | sles-12 | s390x | |
| Affected | pkg:rpm/suse/python-lxml?arch=ppc64le&distro=sles-12&sp=5 | suse |
python-lxml
|
< 3.6.1-8.5.1 | sles-12 | ppc64le | |
| Affected | pkg:rpm/suse/python-lxml?arch=aarch64&distro=sles-12&sp=5 | suse |
python-lxml
|
< 3.6.1-8.5.1 | sles-12 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |