SUSE update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, pyth

Published: 2024-05-14

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2023-28858 CVE-2023-28859
CWE-ID	CWE-362
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	openSUSE Leap Operating systems & Components / Operating system Python 3 Module Operating systems & Components / Operating system Public Cloud Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system python311-psutil Operating systems & Components / Operating system package or component python311-wrapt-debuginfo Operating systems & Components / Operating system package or component python311-yarl Operating systems & Components / Operating system package or component python311-multidict-debuginfo Operating systems & Components / Operating system package or component python-aiohttp-debugsource Operating systems & Components / Operating system package or component python311-zope.interface-debuginfo Operating systems & Components / Operating system package or component python-wrapt-debugsource Operating systems & Components / Operating system package or component python311-frozenlist Operating systems & Components / Operating system package or component python311-yarl-debuginfo Operating systems & Components / Operating system package or component python-psutil-debugsource Operating systems & Components / Operating system package or component python-yarl-debugsource Operating systems & Components / Operating system package or component python-multidict-debugsource Operating systems & Components / Operating system package or component python311-wrapt Operating systems & Components / Operating system package or component python311-zope.interface Operating systems & Components / Operating system package or component python311-aiohttp Operating systems & Components / Operating system package or component python-frozenlist-debugsource Operating systems & Components / Operating system package or component python311-psutil-debuginfo Operating systems & Components / Operating system package or component python311-frozenlist-debuginfo Operating systems & Components / Operating system package or component python-zope.interface-debugsource Operating systems & Components / Operating system package or component python311-aiohttp-debuginfo Operating systems & Components / Operating system package or component python311-multidict Operating systems & Components / Operating system package or component python311-jsondiff Operating systems & Components / Operating system package or component python311-argcomplete Operating systems & Components / Operating system package or component python311-docker Operating systems & Components / Operating system package or component python311-sure Operating systems & Components / Operating system package or component python311-Fabric Operating systems & Components / Operating system package or component python311-opencensus-context Operating systems & Components / Operating system package or component python311-pathspec Operating systems & Components / Operating system package or component python311-knack Operating systems & Components / Operating system package or component python311-avro Operating systems & Components / Operating system package or component python311-opentelemetry-sdk Operating systems & Components / Operating system package or component python311-retrying Operating systems & Components / Operating system package or component python311-importlib-metadata Operating systems & Components / Operating system package or component python311-pycomposefile Operating systems & Components / Operating system package or component python311-constantly Operating systems & Components / Operating system package or component python311-redis Operating systems & Components / Operating system package or component python311-fluidity-sm Operating systems & Components / Operating system package or component python311-PyJWT Operating systems & Components / Operating system package or component python311-pip Operating systems & Components / Operating system package or component python311-asgiref Operating systems & Components / Operating system package or component python311-invoke Operating systems & Components / Operating system package or component python311-Twisted-serial Operating systems & Components / Operating system package or component python311-Twisted-contextvars Operating systems & Components / Operating system package or component python311-async_timeout Operating systems & Components / Operating system package or component python311-portalocker Operating systems & Components / Operating system package or component python311-pkginfo Operating systems & Components / Operating system package or component python311-marshmallow Operating systems & Components / Operating system package or component python311-incremental Operating systems & Components / Operating system package or component python311-humanfriendly Operating systems & Components / Operating system package or component python311-aiosignal Operating systems & Components / Operating system package or component python311-Twisted-all_non_platform Operating systems & Components / Operating system package or component python311-distro Operating systems & Components / Operating system package or component python311-Twisted-conch_nacl Operating systems & Components / Operating system package or component python311-Pygments Operating systems & Components / Operating system package or component python311-hyperlink Operating systems & Components / Operating system package or component python311-tqdm Operating systems & Components / Operating system package or component python311-decorator Operating systems & Components / Operating system package or component python311-blinker Operating systems & Components / Operating system package or component python311-wheel Operating systems & Components / Operating system package or component python311-javaproperties Operating systems & Components / Operating system package or component python311-Twisted-conch Operating systems & Components / Operating system package or component python311-Automat Operating systems & Components / Operating system package or component python311-strictyaml Operating systems & Components / Operating system package or component python311-httplib2 Operating systems & Components / Operating system package or component python311-websocket-client Operating systems & Components / Operating system package or component python311-opentelemetry-api Operating systems & Components / Operating system package or component python311-zipp Operating systems & Components / Operating system package or component python311-xmltodict Operating systems & Components / Operating system package or component python311-sshtunnel Operating systems & Components / Operating system package or component python311-vcrpy Operating systems & Components / Operating system package or component python311-pyparsing Operating systems & Components / Operating system package or component python311-opentelemetry-test-utils Operating systems & Components / Operating system package or component python311-Deprecated Operating systems & Components / Operating system package or component python311-semver Operating systems & Components / Operating system package or component python311-Twisted Operating systems & Components / Operating system package or component python311-typing_extensions Operating systems & Components / Operating system package or component python-tqdm-bash-completion Operating systems & Components / Operating system package or component python-paramiko-doc Operating systems & Components / Operating system package or component python311-fixedint Operating systems & Components / Operating system package or component python311-PyGithub Operating systems & Components / Operating system package or component python311-Twisted-tls Operating systems & Components / Operating system package or component python311-antlr4-python3-runtime Operating systems & Components / Operating system package or component python311-opencensus Operating systems & Components / Operating system package or component python311-httpretty Operating systems & Components / Operating system package or component python311-oauthlib Operating systems & Components / Operating system package or component python311-opencensus-ext-threading Operating systems & Components / Operating system package or component python311-service_identity Operating systems & Components / Operating system package or component python311-pydash Operating systems & Components / Operating system package or component python311-chardet Operating systems & Components / Operating system package or component python311-tabulate Operating systems & Components / Operating system package or component python311-scp Operating systems & Components / Operating system package or component python311-paramiko Operating systems & Components / Operating system package or component python311-fakeredis Operating systems & Components / Operating system package or component python311-requests-oauthlib Operating systems & Components / Operating system package or component python311-opentelemetry-semantic-conventions Operating systems & Components / Operating system package or component python311-sortedcontainers Operating systems & Components / Operating system package or component python311-lexicon Operating systems & Components / Operating system package or component python311-isodate Operating systems & Components / Operating system package or component python311-Twisted-http2 Operating systems & Components / Operating system package or component Fix docs for client_kill_filter (#1584) Thanks\n @Andrew Operating systems & Components / Operating system package or component Fix grammar of get param in set command (#1588) Thanks\n @Andrew Operating systems & Components / Operating system package or component Update docs for multiple usernames for ACL DELUSER (#1595)\n Thanks @Andrew Operating systems & Components / Operating system package or component Normalize minid and maxlen docs (#1593) Thanks\n @Andrew Operating systems & Components / Operating system package or component Fix client_kill_filter docs for skimpy (#1596) Thanks\n @Andrew Operating systems & Components / Operating system package or component Geosearch test should use any=True (#1594) Thanks\n @Andrew Operating systems & Components / Operating system package or component Python 3.7 End Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Race condition

EUVDB-ID: #VU74187

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28858

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a race condition. A remote attacker can exploit the race and gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, pyth to the latest version.

Vulnerable software versions

openSUSE Leap: 15.4 - 15.6

Python 3 Module: 15-SP5

Public Cloud Module: 15-SP4 - 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP5

SUSE Linux Enterprise Server 15: SP4 - SP5

SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5

SUSE Linux Enterprise Desktop 15: SP5

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

python311-psutil: before 5.9.5-150400.6.9.4

python311-wrapt-debuginfo: before 1.15.0-150400.12.7.1

python311-yarl: before 1.9.2-150400.8.7.4

python311-multidict-debuginfo: before 6.0.4-150400.7.7.4

python-aiohttp-debugsource: before 3.9.3-150400.10.18.4

python311-zope.interface-debuginfo: before 6.0-150400.12.7.4

python-wrapt-debugsource: before 1.15.0-150400.12.7.1

python311-frozenlist: before 1.3.3-150400.9.7.2

python311-yarl-debuginfo: before 1.9.2-150400.8.7.4

python-psutil-debugsource: before 5.9.5-150400.6.9.4

python-yarl-debugsource: before 1.9.2-150400.8.7.4

python-multidict-debugsource: before 6.0.4-150400.7.7.4

python311-wrapt: before 1.15.0-150400.12.7.1

python311-zope.interface: before 6.0-150400.12.7.4

python311-aiohttp: before 3.9.3-150400.10.18.4

python-frozenlist-debugsource: before 1.3.3-150400.9.7.2

python311-psutil-debuginfo: before 5.9.5-150400.6.9.4

python311-frozenlist-debuginfo: before 1.3.3-150400.9.7.2

python-zope.interface-debugsource: before 6.0-150400.12.7.4

python311-aiohttp-debuginfo: before 3.9.3-150400.10.18.4

python311-multidict: before 6.0.4-150400.7.7.4

python311-jsondiff: before 2.0.0-150400.10.4.1

python311-argcomplete: before 3.3.0-150400.12.12.2

python311-docker: before 7.0.0-150400.8.4.4

python311-sure: before 2.0.1-150400.12.4.4

python311-Fabric: before 3.2.2-150400.10.4.1

python311-opencensus-context: before 0.1.3-150400.10.6.1

python311-pathspec: before 0.11.1-150400.9.7.2

python311-knack: before 0.11.0-150400.10.4.4

python311-avro: before 1.11.3-150400.10.4.1

python311-opentelemetry-sdk: before 1.23.0-150400.9.3.1

python311-retrying: before 1.3.4-150400.12.4.1

python311-importlib-metadata: before 6.8.0-150400.10.9.2

python311-pycomposefile: before 0.0.30-150400.9.3.1

python311-constantly: before 15.1.0-150400.12.7.2

python311-redis: before 5.0.1-150400.12.4.4

python311-fluidity-sm: before 0.2.0-150400.10.7.2

python311-PyJWT: before 2.8.0-150400.8.7.2

python311-pip: before 22.3.1-150400.17.16.4

python311-asgiref: before 3.6.0-150400.9.7.3

python311-invoke: before 2.1.2-150400.10.7.4

python311-Twisted-serial: before 22.10.0-150400.5.17.4

python311-Twisted-contextvars: before 22.10.0-150400.5.17.4

python311-async_timeout: before 4.0.2-150400.10.7.2

python311-portalocker: before 2.7.0-150400.10.7.4

python311-pkginfo: before 1.9.6-150400.7.7.1

python311-marshmallow: before 3.20.2-150400.9.7.1

python311-incremental: before 22.10.0-150400.3.7.2

python311-humanfriendly: before 10.0-150400.13.7.4

python311-aiosignal: before 1.3.1-150400.9.7.2

python311-Twisted-all_non_platform: before 22.10.0-150400.5.17.4

python311-distro: before 1.9.0-150400.12.4.1

python311-Twisted-conch_nacl: before 22.10.0-150400.5.17.4

python311-Pygments: before 2.15.1-150400.7.7.4

python311-hyperlink: before 21.0.0-150400.12.7.4

python311-tqdm: before 4.66.1-150400.9.7.4

python311-decorator: before 5.1.1-150400.12.7.4

python311-blinker: before 1.6.2-150400.12.7.4

python311-wheel: before 0.40.0-150400.13.7.4

python311-javaproperties: before 0.8.1-150400.10.4.4

python311-Twisted-conch: before 22.10.0-150400.5.17.4

python311-Automat: before 22.10.0-150400.3.7.2

python311-strictyaml: before 1.7.3-150400.9.3.4

python311-httplib2: before 0.22.0-150400.10.4.1

python311-websocket-client: before 1.5.1-150400.13.7.1

python311-opentelemetry-api: before 1.23.0-150400.10.7.1

python311-zipp: before 3.15.0-150400.10.7.1

python311-xmltodict: before 0.13.0-150400.12.4.1

python311-sshtunnel: before 0.4.0-150400.5.4.4

python311-vcrpy: before 6.0.1-150400.7.4.4

python311-pyparsing: before 3.0.9-150400.5.7.4

python311-opentelemetry-test-utils: before 0.44b0-150400.9.3.1

python311-Deprecated: before 1.2.14-150400.10.7.2

python311-semver: before 3.0.2-150400.10.4.1

python311-Twisted: before 22.10.0-150400.5.17.4

python311-typing_extensions: before 4.5.0-150400.3.9.1

python-tqdm-bash-completion: before 4.66.1-150400.9.7.4

python-paramiko-doc: before 3.4.0-150400.13.10.4

python311-fixedint: before 0.2.0-150400.9.3.1

python311-PyGithub: before 1.57-150400.10.4.4

python311-Twisted-tls: before 22.10.0-150400.5.17.4

python311-antlr4-python3-runtime: before 4.13.1-150400.10.4.1

python311-opencensus: before 0.11.4-150400.10.6.3

python311-httpretty: before 1.1.4-150400.11.4.1

python311-oauthlib: before 3.2.2-150400.12.7.4

python311-opencensus-ext-threading: before 0.1.2-150400.10.6.1

python311-service_identity: before 23.1.0-150400.8.7.1

python311-pydash: before 6.0.2-150400.9.4.1

python311-chardet: before 5.2.0-150400.13.7.2

python311-tabulate: before 0.9.0-150400.11.7.4

python311-scp: before 0.14.5-150400.12.7.4

python311-paramiko: before 3.4.0-150400.13.10.4

python311-fakeredis: before 2.21.0-150400.9.3.4

python311-requests-oauthlib: before 1.3.1-150400.12.7.1

python311-opentelemetry-semantic-conventions: before 0.44b0-150400.9.3.1

python311-sortedcontainers: before 2.4.0-150400.8.7.4

python311-lexicon: before 2.0.1-150400.10.7.1

python311-isodate: before 0.6.1-150400.12.7.2

python311-Twisted-http2: before 22.10.0-150400.5.17.4

Fix docs for client_kill_filter (#1584) Thanks\n @Andrew: before Chen-Wang

Fix grammar of get param in set command (#1588) Thanks\n @Andrew: before Chen-Wang

Update docs for multiple usernames for ACL DELUSER (#1595)\n Thanks @Andrew: before Chen-Wang

Normalize minid and maxlen docs (#1593) Thanks\n @Andrew: before Chen-Wang

Fix client_kill_filter docs for skimpy (#1596) Thanks\n @Andrew: before Chen-Wang

Geosearch test should use any=True (#1594) Thanks\n @Andrew: before Chen-Wang

Python 3.7 End: before of-Life

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241639-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU74188