Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU67583
Risk: High
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2007-4559
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The
vulnerability exists due to improper validation of filenames in the
tarfile module in Python. A remote attacker can
create a specially crafted archive with symbolic links inside or
filenames that contain directory traversal characters (e.g. "..") and
overwrite arbitrary files on the system.
Update the affected package python311 to the latest version.
Vulnerable software versionsPython 3 Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP5
SUSE Linux Enterprise Server 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
openSUSE Leap: 15.4 - 15.5
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
libpython3_11-1_0-64bit-debuginfo: before 3.11.4-150400.9.15.3
python311-64bit-debuginfo: before 3.11.4-150400.9.15.1
libpython3_11-1_0-64bit: before 3.11.4-150400.9.15.3
python311-base-64bit: before 3.11.4-150400.9.15.3
python311-64bit: before 3.11.4-150400.9.15.1
python311-base-64bit-debuginfo: before 3.11.4-150400.9.15.3
libpython3_11-1_0-32bit: before 3.11.4-150400.9.15.3
python311-32bit-debuginfo: before 3.11.4-150400.9.15.1
python311-32bit: before 3.11.4-150400.9.15.1
python311-base-32bit: before 3.11.4-150400.9.15.3
libpython3_11-1_0-32bit-debuginfo: before 3.11.4-150400.9.15.3
python311-base-32bit-debuginfo: before 3.11.4-150400.9.15.3
python311-curses-debuginfo: before 3.11.4-150400.9.15.1
python311-tools: before 3.11.4-150400.9.15.3
python311-base-debuginfo: before 3.11.4-150400.9.15.3
python311-dbm-debuginfo: before 3.11.4-150400.9.15.1
python311-debugsource: before 3.11.4-150400.9.15.1
python311-tk-debuginfo: before 3.11.4-150400.9.15.1
python311-idle: before 3.11.4-150400.9.15.1
python311-tk: before 3.11.4-150400.9.15.1
python311-core-debugsource: before 3.11.4-150400.9.15.3
libpython3_11-1_0: before 3.11.4-150400.9.15.3
python311-dbm: before 3.11.4-150400.9.15.1
python311-debuginfo: before 3.11.4-150400.9.15.1
python311-doc-devhelp: before 3.11.4-150400.9.15.2
python311-testsuite: before 3.11.4-150400.9.15.3
python311-doc: before 3.11.4-150400.9.15.2
python311-testsuite-debuginfo: before 3.11.4-150400.9.15.3
python311-devel: before 3.11.4-150400.9.15.3
python311-curses: before 3.11.4-150400.9.15.1
python311-base: before 3.11.4-150400.9.15.3
python311: before 3.11.4-150400.9.15.1
libpython3_11-1_0-debuginfo: before 3.11.4-150400.9.15.3
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20232937-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU72618
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24329
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented filters.
The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.
MitigationUpdate the affected package python311 to the latest version.
Vulnerable software versionsPython 3 Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP5
SUSE Linux Enterprise Server 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
openSUSE Leap: 15.4 - 15.5
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
libpython3_11-1_0-64bit-debuginfo: before 3.11.4-150400.9.15.3
python311-64bit-debuginfo: before 3.11.4-150400.9.15.1
libpython3_11-1_0-64bit: before 3.11.4-150400.9.15.3
python311-base-64bit: before 3.11.4-150400.9.15.3
python311-64bit: before 3.11.4-150400.9.15.1
python311-base-64bit-debuginfo: before 3.11.4-150400.9.15.3
libpython3_11-1_0-32bit: before 3.11.4-150400.9.15.3
python311-32bit-debuginfo: before 3.11.4-150400.9.15.1
python311-32bit: before 3.11.4-150400.9.15.1
python311-base-32bit: before 3.11.4-150400.9.15.3
libpython3_11-1_0-32bit-debuginfo: before 3.11.4-150400.9.15.3
python311-base-32bit-debuginfo: before 3.11.4-150400.9.15.3
python311-curses-debuginfo: before 3.11.4-150400.9.15.1
python311-tools: before 3.11.4-150400.9.15.3
python311-base-debuginfo: before 3.11.4-150400.9.15.3
python311-dbm-debuginfo: before 3.11.4-150400.9.15.1
python311-debugsource: before 3.11.4-150400.9.15.1
python311-tk-debuginfo: before 3.11.4-150400.9.15.1
python311-idle: before 3.11.4-150400.9.15.1
python311-tk: before 3.11.4-150400.9.15.1
python311-core-debugsource: before 3.11.4-150400.9.15.3
libpython3_11-1_0: before 3.11.4-150400.9.15.3
python311-dbm: before 3.11.4-150400.9.15.1
python311-debuginfo: before 3.11.4-150400.9.15.1
python311-doc-devhelp: before 3.11.4-150400.9.15.2
python311-testsuite: before 3.11.4-150400.9.15.3
python311-doc: before 3.11.4-150400.9.15.2
python311-testsuite-debuginfo: before 3.11.4-150400.9.15.3
python311-devel: before 3.11.4-150400.9.15.3
python311-curses: before 3.11.4-150400.9.15.1
python311-base: before 3.11.4-150400.9.15.3
python311: before 3.11.4-150400.9.15.1
libpython3_11-1_0-debuginfo: before 3.11.4-150400.9.15.3
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20232937-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.