Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU74187
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28858
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a race condition. A remote attacker can exploit the race and gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, pyth to the latest version.
Vulnerable software versionsopenSUSE Leap: 15.4 - 15.6
Python 3 Module: 15-SP5
Public Cloud Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP5
SUSE Linux Enterprise Server 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5
SUSE Linux Enterprise Desktop 15: SP5
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
python311-psutil: before 5.9.5-150400.6.9.4
python311-wrapt-debuginfo: before 1.15.0-150400.12.7.1
python311-yarl: before 1.9.2-150400.8.7.4
python311-multidict-debuginfo: before 6.0.4-150400.7.7.4
python-aiohttp-debugsource: before 3.9.3-150400.10.18.4
python311-zope.interface-debuginfo: before 6.0-150400.12.7.4
python-wrapt-debugsource: before 1.15.0-150400.12.7.1
python311-frozenlist: before 1.3.3-150400.9.7.2
python311-yarl-debuginfo: before 1.9.2-150400.8.7.4
python-psutil-debugsource: before 5.9.5-150400.6.9.4
python-yarl-debugsource: before 1.9.2-150400.8.7.4
python-multidict-debugsource: before 6.0.4-150400.7.7.4
python311-wrapt: before 1.15.0-150400.12.7.1
python311-zope.interface: before 6.0-150400.12.7.4
python311-aiohttp: before 3.9.3-150400.10.18.4
python-frozenlist-debugsource: before 1.3.3-150400.9.7.2
python311-psutil-debuginfo: before 5.9.5-150400.6.9.4
python311-frozenlist-debuginfo: before 1.3.3-150400.9.7.2
python-zope.interface-debugsource: before 6.0-150400.12.7.4
python311-aiohttp-debuginfo: before 3.9.3-150400.10.18.4
python311-multidict: before 6.0.4-150400.7.7.4
python311-jsondiff: before 2.0.0-150400.10.4.1
python311-argcomplete: before 3.3.0-150400.12.12.2
python311-docker: before 7.0.0-150400.8.4.4
python311-sure: before 2.0.1-150400.12.4.4
python311-Fabric: before 3.2.2-150400.10.4.1
python311-opencensus-context: before 0.1.3-150400.10.6.1
python311-pathspec: before 0.11.1-150400.9.7.2
python311-knack: before 0.11.0-150400.10.4.4
python311-avro: before 1.11.3-150400.10.4.1
python311-opentelemetry-sdk: before 1.23.0-150400.9.3.1
python311-retrying: before 1.3.4-150400.12.4.1
python311-importlib-metadata: before 6.8.0-150400.10.9.2
python311-pycomposefile: before 0.0.30-150400.9.3.1
python311-constantly: before 15.1.0-150400.12.7.2
python311-redis: before 5.0.1-150400.12.4.4
python311-fluidity-sm: before 0.2.0-150400.10.7.2
python311-PyJWT: before 2.8.0-150400.8.7.2
python311-pip: before 22.3.1-150400.17.16.4
python311-asgiref: before 3.6.0-150400.9.7.3
python311-invoke: before 2.1.2-150400.10.7.4
python311-Twisted-serial: before 22.10.0-150400.5.17.4
python311-Twisted-contextvars: before 22.10.0-150400.5.17.4
python311-async_timeout: before 4.0.2-150400.10.7.2
python311-portalocker: before 2.7.0-150400.10.7.4
python311-pkginfo: before 1.9.6-150400.7.7.1
python311-marshmallow: before 3.20.2-150400.9.7.1
python311-incremental: before 22.10.0-150400.3.7.2
python311-humanfriendly: before 10.0-150400.13.7.4
python311-aiosignal: before 1.3.1-150400.9.7.2
python311-Twisted-all_non_platform: before 22.10.0-150400.5.17.4
python311-distro: before 1.9.0-150400.12.4.1
python311-Twisted-conch_nacl: before 22.10.0-150400.5.17.4
python311-Pygments: before 2.15.1-150400.7.7.4
python311-hyperlink: before 21.0.0-150400.12.7.4
python311-tqdm: before 4.66.1-150400.9.7.4
python311-decorator: before 5.1.1-150400.12.7.4
python311-blinker: before 1.6.2-150400.12.7.4
python311-wheel: before 0.40.0-150400.13.7.4
python311-javaproperties: before 0.8.1-150400.10.4.4
python311-Twisted-conch: before 22.10.0-150400.5.17.4
python311-Automat: before 22.10.0-150400.3.7.2
python311-strictyaml: before 1.7.3-150400.9.3.4
python311-httplib2: before 0.22.0-150400.10.4.1
python311-websocket-client: before 1.5.1-150400.13.7.1
python311-opentelemetry-api: before 1.23.0-150400.10.7.1
python311-zipp: before 3.15.0-150400.10.7.1
python311-xmltodict: before 0.13.0-150400.12.4.1
python311-sshtunnel: before 0.4.0-150400.5.4.4
python311-vcrpy: before 6.0.1-150400.7.4.4
python311-pyparsing: before 3.0.9-150400.5.7.4
python311-opentelemetry-test-utils: before 0.44b0-150400.9.3.1
python311-Deprecated: before 1.2.14-150400.10.7.2
python311-semver: before 3.0.2-150400.10.4.1
python311-Twisted: before 22.10.0-150400.5.17.4
python311-typing_extensions: before 4.5.0-150400.3.9.1
python-tqdm-bash-completion: before 4.66.1-150400.9.7.4
python-paramiko-doc: before 3.4.0-150400.13.10.4
python311-fixedint: before 0.2.0-150400.9.3.1
python311-PyGithub: before 1.57-150400.10.4.4
python311-Twisted-tls: before 22.10.0-150400.5.17.4
python311-antlr4-python3-runtime: before 4.13.1-150400.10.4.1
python311-opencensus: before 0.11.4-150400.10.6.3
python311-httpretty: before 1.1.4-150400.11.4.1
python311-oauthlib: before 3.2.2-150400.12.7.4
python311-opencensus-ext-threading: before 0.1.2-150400.10.6.1
python311-service_identity: before 23.1.0-150400.8.7.1
python311-pydash: before 6.0.2-150400.9.4.1
python311-chardet: before 5.2.0-150400.13.7.2
python311-tabulate: before 0.9.0-150400.11.7.4
python311-scp: before 0.14.5-150400.12.7.4
python311-paramiko: before 3.4.0-150400.13.10.4
python311-fakeredis: before 2.21.0-150400.9.3.4
python311-requests-oauthlib: before 1.3.1-150400.12.7.1
python311-opentelemetry-semantic-conventions: before 0.44b0-150400.9.3.1
python311-sortedcontainers: before 2.4.0-150400.8.7.4
python311-lexicon: before 2.0.1-150400.10.7.1
python311-isodate: before 0.6.1-150400.12.7.2
python311-Twisted-http2: before 22.10.0-150400.5.17.4
Fix docs for client_kill_filter (#1584) Thanks\n @Andrew: before Chen-Wang
Fix grammar of get param in set command (#1588) Thanks\n @Andrew: before Chen-Wang
Update docs for multiple usernames for ACL DELUSER (#1595)\n Thanks @Andrew: before Chen-Wang
Normalize minid and maxlen docs (#1593) Thanks\n @Andrew: before Chen-Wang
Fix client_kill_filter docs for skimpy (#1596) Thanks\n @Andrew: before Chen-Wang
Geosearch test should use any=True (#1594) Thanks\n @Andrew: before Chen-Wang
Python 3.7 End: before of-Life
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241639-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74188
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28859
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a race condition. A remote attacker can exploit the race and gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, pyth to the latest version.
Vulnerable software versionsopenSUSE Leap: 15.4 - 15.6
Python 3 Module: 15-SP5
Public Cloud Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP5
SUSE Linux Enterprise Server 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5
SUSE Linux Enterprise Desktop 15: SP5
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
python311-psutil: before 5.9.5-150400.6.9.4
python311-wrapt-debuginfo: before 1.15.0-150400.12.7.1
python311-yarl: before 1.9.2-150400.8.7.4
python311-multidict-debuginfo: before 6.0.4-150400.7.7.4
python-aiohttp-debugsource: before 3.9.3-150400.10.18.4
python311-zope.interface-debuginfo: before 6.0-150400.12.7.4
python-wrapt-debugsource: before 1.15.0-150400.12.7.1
python311-frozenlist: before 1.3.3-150400.9.7.2
python311-yarl-debuginfo: before 1.9.2-150400.8.7.4
python-psutil-debugsource: before 5.9.5-150400.6.9.4
python-yarl-debugsource: before 1.9.2-150400.8.7.4
python-multidict-debugsource: before 6.0.4-150400.7.7.4
python311-wrapt: before 1.15.0-150400.12.7.1
python311-zope.interface: before 6.0-150400.12.7.4
python311-aiohttp: before 3.9.3-150400.10.18.4
python-frozenlist-debugsource: before 1.3.3-150400.9.7.2
python311-psutil-debuginfo: before 5.9.5-150400.6.9.4
python311-frozenlist-debuginfo: before 1.3.3-150400.9.7.2
python-zope.interface-debugsource: before 6.0-150400.12.7.4
python311-aiohttp-debuginfo: before 3.9.3-150400.10.18.4
python311-multidict: before 6.0.4-150400.7.7.4
python311-jsondiff: before 2.0.0-150400.10.4.1
python311-argcomplete: before 3.3.0-150400.12.12.2
python311-docker: before 7.0.0-150400.8.4.4
python311-sure: before 2.0.1-150400.12.4.4
python311-Fabric: before 3.2.2-150400.10.4.1
python311-opencensus-context: before 0.1.3-150400.10.6.1
python311-pathspec: before 0.11.1-150400.9.7.2
python311-knack: before 0.11.0-150400.10.4.4
python311-avro: before 1.11.3-150400.10.4.1
python311-opentelemetry-sdk: before 1.23.0-150400.9.3.1
python311-retrying: before 1.3.4-150400.12.4.1
python311-importlib-metadata: before 6.8.0-150400.10.9.2
python311-pycomposefile: before 0.0.30-150400.9.3.1
python311-constantly: before 15.1.0-150400.12.7.2
python311-redis: before 5.0.1-150400.12.4.4
python311-fluidity-sm: before 0.2.0-150400.10.7.2
python311-PyJWT: before 2.8.0-150400.8.7.2
python311-pip: before 22.3.1-150400.17.16.4
python311-asgiref: before 3.6.0-150400.9.7.3
python311-invoke: before 2.1.2-150400.10.7.4
python311-Twisted-serial: before 22.10.0-150400.5.17.4
python311-Twisted-contextvars: before 22.10.0-150400.5.17.4
python311-async_timeout: before 4.0.2-150400.10.7.2
python311-portalocker: before 2.7.0-150400.10.7.4
python311-pkginfo: before 1.9.6-150400.7.7.1
python311-marshmallow: before 3.20.2-150400.9.7.1
python311-incremental: before 22.10.0-150400.3.7.2
python311-humanfriendly: before 10.0-150400.13.7.4
python311-aiosignal: before 1.3.1-150400.9.7.2
python311-Twisted-all_non_platform: before 22.10.0-150400.5.17.4
python311-distro: before 1.9.0-150400.12.4.1
python311-Twisted-conch_nacl: before 22.10.0-150400.5.17.4
python311-Pygments: before 2.15.1-150400.7.7.4
python311-hyperlink: before 21.0.0-150400.12.7.4
python311-tqdm: before 4.66.1-150400.9.7.4
python311-decorator: before 5.1.1-150400.12.7.4
python311-blinker: before 1.6.2-150400.12.7.4
python311-wheel: before 0.40.0-150400.13.7.4
python311-javaproperties: before 0.8.1-150400.10.4.4
python311-Twisted-conch: before 22.10.0-150400.5.17.4
python311-Automat: before 22.10.0-150400.3.7.2
python311-strictyaml: before 1.7.3-150400.9.3.4
python311-httplib2: before 0.22.0-150400.10.4.1
python311-websocket-client: before 1.5.1-150400.13.7.1
python311-opentelemetry-api: before 1.23.0-150400.10.7.1
python311-zipp: before 3.15.0-150400.10.7.1
python311-xmltodict: before 0.13.0-150400.12.4.1
python311-sshtunnel: before 0.4.0-150400.5.4.4
python311-vcrpy: before 6.0.1-150400.7.4.4
python311-pyparsing: before 3.0.9-150400.5.7.4
python311-opentelemetry-test-utils: before 0.44b0-150400.9.3.1
python311-Deprecated: before 1.2.14-150400.10.7.2
python311-semver: before 3.0.2-150400.10.4.1
python311-Twisted: before 22.10.0-150400.5.17.4
python311-typing_extensions: before 4.5.0-150400.3.9.1
python-tqdm-bash-completion: before 4.66.1-150400.9.7.4
python-paramiko-doc: before 3.4.0-150400.13.10.4
python311-fixedint: before 0.2.0-150400.9.3.1
python311-PyGithub: before 1.57-150400.10.4.4
python311-Twisted-tls: before 22.10.0-150400.5.17.4
python311-antlr4-python3-runtime: before 4.13.1-150400.10.4.1
python311-opencensus: before 0.11.4-150400.10.6.3
python311-httpretty: before 1.1.4-150400.11.4.1
python311-oauthlib: before 3.2.2-150400.12.7.4
python311-opencensus-ext-threading: before 0.1.2-150400.10.6.1
python311-service_identity: before 23.1.0-150400.8.7.1
python311-pydash: before 6.0.2-150400.9.4.1
python311-chardet: before 5.2.0-150400.13.7.2
python311-tabulate: before 0.9.0-150400.11.7.4
python311-scp: before 0.14.5-150400.12.7.4
python311-paramiko: before 3.4.0-150400.13.10.4
python311-fakeredis: before 2.21.0-150400.9.3.4
python311-requests-oauthlib: before 1.3.1-150400.12.7.1
python311-opentelemetry-semantic-conventions: before 0.44b0-150400.9.3.1
python311-sortedcontainers: before 2.4.0-150400.8.7.4
python311-lexicon: before 2.0.1-150400.10.7.1
python311-isodate: before 0.6.1-150400.12.7.2
python311-Twisted-http2: before 22.10.0-150400.5.17.4
Fix docs for client_kill_filter (#1584) Thanks\n @Andrew: before Chen-Wang
Fix grammar of get param in set command (#1588) Thanks\n @Andrew: before Chen-Wang
Update docs for multiple usernames for ACL DELUSER (#1595)\n Thanks @Andrew: before Chen-Wang
Normalize minid and maxlen docs (#1593) Thanks\n @Andrew: before Chen-Wang
Fix client_kill_filter docs for skimpy (#1596) Thanks\n @Andrew: before Chen-Wang
Geosearch test should use any=True (#1594) Thanks\n @Andrew: before Chen-Wang
Python 3.7 End: before of-Life
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241639-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.