[SUSE-SU-2023:2783-2] Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets
Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets
This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues:
grpc:
- Update in SLE-15 (bsc#1197726, bsc#1144068)
protobuf:
- Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681
- Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256
- Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530
- Add missing dependency of python subpackages on python-six (bsc#1177127)
- Updated to version 3.9.2 (bsc#1162343)
* Remove OSReadLittle* due to alignment requirements.
* Don't use unions and instead use memcpy for the type swaps.
- Disable LTO (bsc#1133277)
python-aiocontextvars:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
python-avro:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
python-cryptography:
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331)
* SECURITY ISSUE: Fixed a bug where certain sequences of update()
calls when symmetrically encrypting very large payloads (>2GB) could
result in an integer overflow, leading to buffer overflows.
CVE-2020-36242
python-cryptography-vectors:
- update to 3.2 (bsc#1178168, CVE-2020-25659):
* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
by our API, we cannot completely mitigate this vulnerability.
* Support for OpenSSL 1.0.2 has been removed.
* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
- update to 3.3.2 (bsc#1198331)
python-Deprecated:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 1.2.13:
python-google-api-core:
- Update to 1.14.2
python-googleapis-common-protos:
- Update to 1.6.0
python-grpcio-gcp:
- Initial spec for v0.2.2
python-humanfriendly:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to 10.0
python-jsondiff:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.0
python-knack:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 0.9.0
python-opencensus:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Disable Python2 build
- Update to 0.8.0
python-opencensus-context:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
python-opencensus-ext-threading:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial build version 0.1.2
python-opentelemetry-api:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Version update to 1.5.0
python-psutil:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 5.9.1
- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753)
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
python-PyGithub:
- Update to 1.43.5:
python-pytest-asyncio:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Initial release of python-pytest-asyncio 0.8.0
python-requests:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
python-websocket-client:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update to version 1.3.2
python-websockets:
- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- update to 9.1:
- ID
- SUSE-SU-2023:2783-2
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20232783-2/
- Published
-
2023-09-19T21:52:38
(12 months ago) - Modified
-
2023-09-19T21:52:38
(12 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2023-1676
- ALAS2-2023-1948
- ALAS2-2023-1973
- ALPINE:CVE-2020-25659
- ALPINE:CVE-2020-36242
- ALSA-2021:1608
- ALSA-2022:7464
- ALSA-2022:7970
- ASA-202102-36
- ELSA-2021-1608
- ELSA-2022-7464
- ELSA-2022-7970
- FEDORA-2018-4dd851152c
- FEDORA-2021-8e36e7ed1a
- FEDORA-2022-15729fa33d
- FEDORA-2022-25f35ed634
- FEDORA-2022-2d3e6eb9e4
- FEDORA-2022-486d5f349d
- FEDORA-2022-49b52819a4
- FEDORA-2022-57923346cf
- FEDORA-2022-d1a15f9cdb
- FEDORA-2022-fedff53e4e
- FEDORA-2022-ffe4a1cedd
- FREEBSD:ADD683BE-BD76-11EC-A06F-D4C9EF517024
- FREEBSD:DC49F6DC-99D2-11ED-86E9-D4C9EF517024
- GLSA-202301-09
- GLSA-202407-06
- MAVEN:GHSA-77RM-9X9H-XJ3G
- MAVEN:GHSA-H4H5-3HR4-J3G2
- MAVEN:GHSA-WRVW-HG22-4M67
- MS:CVE-2020-25659
- MS:CVE-2020-36242
- MS:CVE-2021-22570
- openSUSE-SU-2020:2173-1
- openSUSE-SU-2021:0349-1
- openSUSE-SU-2022:0823-1
- openSUSE-SU-2022:1040-1
- PYSEC-2018-79
- PYSEC-2021-62
- PYSEC-2021-63
- PYSEC-2022-48
- RHSA-2021:1608
- RHSA-2022:7464
- RHSA-2022:7970
- RLSA-2022:7464
- RLSA-2022:7970
- RUBYSEC:GOOGLE-PROTOBUF-2021-22569
- RUBYSEC:GOOGLE-PROTOBUF-2022-3171
- SUSE-SU-2020:3592-1
- SUSE-SU-2020:3629-1
- SUSE-SU-2021:0594-1
- SUSE-SU-2021:0668-1
- SUSE-SU-2021:0669-1
- SUSE-SU-2021:0675-1
- SUSE-SU-2021:0696-1
- SUSE-SU-2022:1040-1
- SUSE-SU-2022:1040-2
- SUSE-SU-2022:1040-3
- SUSE-SU-2022:3922-1
- SUSE-SU-2023:0604-1
- SUSE-SU-2023:1838-1
- SUSE-SU-2023:2783-1
- USN-4613-1
- USN-5490-1
- USN-5769-1
- USN-5945-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |