Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2023-28858 CVE-2023-28859 |
CWE-ID | CWE-362 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Public Cloud Module Operating systems & Components / Operating system Python 3 Module Operating systems & Components / Operating system SUSE Package Hub 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system python311-psutil Operating systems & Components / Operating system package or component python311-wrapt-debuginfo Operating systems & Components / Operating system package or component python311-yarl Operating systems & Components / Operating system package or component python311-multidict-debuginfo Operating systems & Components / Operating system package or component python-aiohttp-debugsource Operating systems & Components / Operating system package or component python311-zope.interface-debuginfo Operating systems & Components / Operating system package or component python-wrapt-debugsource Operating systems & Components / Operating system package or component python311-frozenlist Operating systems & Components / Operating system package or component python311-yarl-debuginfo Operating systems & Components / Operating system package or component python-psutil-debugsource Operating systems & Components / Operating system package or component python-yarl-debugsource Operating systems & Components / Operating system package or component python-multidict-debugsource Operating systems & Components / Operating system package or component python311-wrapt Operating systems & Components / Operating system package or component python311-zope.interface Operating systems & Components / Operating system package or component python311-aiohttp Operating systems & Components / Operating system package or component python-frozenlist-debugsource Operating systems & Components / Operating system package or component python311-psutil-debuginfo Operating systems & Components / Operating system package or component python311-frozenlist-debuginfo Operating systems & Components / Operating system package or component python-zope.interface-debugsource Operating systems & Components / Operating system package or component python311-aiohttp-debuginfo Operating systems & Components / Operating system package or component python311-multidict Operating systems & Components / Operating system package or component python311-jsondiff Operating systems & Components / Operating system package or component python311-argcomplete Operating systems & Components / Operating system package or component python311-docker Operating systems & Components / Operating system package or component python311-sure Operating systems & Components / Operating system package or component python311-Fabric Operating systems & Components / Operating system package or component python311-opencensus-context Operating systems & Components / Operating system package or component python311-pathspec Operating systems & Components / Operating system package or component python311-knack Operating systems & Components / Operating system package or component python311-avro Operating systems & Components / Operating system package or component python311-opentelemetry-sdk Operating systems & Components / Operating system package or component python311-retrying Operating systems & Components / Operating system package or component python311-importlib-metadata Operating systems & Components / Operating system package or component python311-pycomposefile Operating systems & Components / Operating system package or component python311-constantly Operating systems & Components / Operating system package or component python311-redis Operating systems & Components / Operating system package or component python311-fluidity-sm Operating systems & Components / Operating system package or component python311-PyJWT Operating systems & Components / Operating system package or component python311-pip Operating systems & Components / Operating system package or component python311-asgiref Operating systems & Components / Operating system package or component python311-invoke Operating systems & Components / Operating system package or component python311-Twisted-serial Operating systems & Components / Operating system package or component python311-Twisted-contextvars Operating systems & Components / Operating system package or component python311-async_timeout Operating systems & Components / Operating system package or component python311-portalocker Operating systems & Components / Operating system package or component python311-pkginfo Operating systems & Components / Operating system package or component python311-marshmallow Operating systems & Components / Operating system package or component python311-incremental Operating systems & Components / Operating system package or component python311-humanfriendly Operating systems & Components / Operating system package or component python311-aiosignal Operating systems & Components / Operating system package or component python311-Twisted-all_non_platform Operating systems & Components / Operating system package or component python311-distro Operating systems & Components / Operating system package or component python311-Twisted-conch_nacl Operating systems & Components / Operating system package or component python311-Pygments Operating systems & Components / Operating system package or component python311-hyperlink Operating systems & Components / Operating system package or component python311-tqdm Operating systems & Components / Operating system package or component python311-decorator Operating systems & Components / Operating system package or component python311-blinker Operating systems & Components / Operating system package or component python311-wheel Operating systems & Components / Operating system package or component python311-javaproperties Operating systems & Components / Operating system package or component python311-Twisted-conch Operating systems & Components / Operating system package or component python311-Automat Operating systems & Components / Operating system package or component python311-strictyaml Operating systems & Components / Operating system package or component python311-httplib2 Operating systems & Components / Operating system package or component python311-websocket-client Operating systems & Components / Operating system package or component python311-opentelemetry-api Operating systems & Components / Operating system package or component python311-zipp Operating systems & Components / Operating system package or component python311-xmltodict Operating systems & Components / Operating system package or component python311-sshtunnel Operating systems & Components / Operating system package or component python311-vcrpy Operating systems & Components / Operating system package or component python311-pyparsing Operating systems & Components / Operating system package or component python311-opentelemetry-test-utils Operating systems & Components / Operating system package or component python311-Deprecated Operating systems & Components / Operating system package or component python311-semver Operating systems & Components / Operating system package or component python311-Twisted Operating systems & Components / Operating system package or component python311-typing_extensions Operating systems & Components / Operating system package or component python-tqdm-bash-completion Operating systems & Components / Operating system package or component python-paramiko-doc Operating systems & Components / Operating system package or component python311-fixedint Operating systems & Components / Operating system package or component python311-PyGithub Operating systems & Components / Operating system package or component python311-Twisted-tls Operating systems & Components / Operating system package or component python311-antlr4-python3-runtime Operating systems & Components / Operating system package or component python311-opencensus Operating systems & Components / Operating system package or component python311-httpretty Operating systems & Components / Operating system package or component python311-oauthlib Operating systems & Components / Operating system package or component python311-opencensus-ext-threading Operating systems & Components / Operating system package or component python311-service_identity Operating systems & Components / Operating system package or component python311-pydash Operating systems & Components / Operating system package or component python311-chardet Operating systems & Components / Operating system package or component python311-tabulate Operating systems & Components / Operating system package or component python311-scp Operating systems & Components / Operating system package or component python311-paramiko Operating systems & Components / Operating system package or component python311-fakeredis Operating systems & Components / Operating system package or component python311-requests-oauthlib Operating systems & Components / Operating system package or component python311-opentelemetry-semantic-conventions Operating systems & Components / Operating system package or component python311-sortedcontainers Operating systems & Components / Operating system package or component python311-lexicon Operating systems & Components / Operating system package or component python311-isodate Operating systems & Components / Operating system package or component python311-Twisted-http2 Operating systems & Components / Operating system package or component Fix docs for client_kill_filter (#1584) Thanks\n @Andrew Operating systems & Components / Operating system package or component Fix grammar of get param in set command (#1588) Thanks\n @Andrew Operating systems & Components / Operating system package or component Update docs for multiple usernames for ACL DELUSER (#1595)\n Thanks @Andrew Operating systems & Components / Operating system package or component Normalize minid and maxlen docs (#1593) Thanks\n @Andrew Operating systems & Components / Operating system package or component Fix client_kill_filter docs for skimpy (#1596) Thanks\n @Andrew Operating systems & Components / Operating system package or component Geosearch test should use any=True (#1594) Thanks\n @Andrew Operating systems & Components / Operating system package or component Python 3.7 End Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU74187
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28858
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a race condition. A remote attacker can exploit the race and gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, pyth to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
Python 3 Module: 15-SP6
SUSE Package Hub 15: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
SUSE Linux Enterprise Desktop 15: SP6
python311-psutil: before 5.9.5-150400.6.9.4
python311-wrapt-debuginfo: before 1.15.0-150400.12.7.1
python311-yarl: before 1.9.2-150400.8.7.4
python311-multidict-debuginfo: before 6.0.4-150400.7.7.4
python-aiohttp-debugsource: before 3.9.3-150400.10.18.4
python311-zope.interface-debuginfo: before 6.0-150400.12.7.4
python-wrapt-debugsource: before 1.15.0-150400.12.7.1
python311-frozenlist: before 1.3.3-150400.9.7.2
python311-yarl-debuginfo: before 1.9.2-150400.8.7.4
python-psutil-debugsource: before 5.9.5-150400.6.9.4
python-yarl-debugsource: before 1.9.2-150400.8.7.4
python-multidict-debugsource: before 6.0.4-150400.7.7.4
python311-wrapt: before 1.15.0-150400.12.7.1
python311-zope.interface: before 6.0-150400.12.7.4
python311-aiohttp: before 3.9.3-150400.10.18.4
python-frozenlist-debugsource: before 1.3.3-150400.9.7.2
python311-psutil-debuginfo: before 5.9.5-150400.6.9.4
python311-frozenlist-debuginfo: before 1.3.3-150400.9.7.2
python-zope.interface-debugsource: before 6.0-150400.12.7.4
python311-aiohttp-debuginfo: before 3.9.3-150400.10.18.4
python311-multidict: before 6.0.4-150400.7.7.4
python311-jsondiff: before 2.0.0-150400.10.4.1
python311-argcomplete: before 3.3.0-150400.12.12.2
python311-docker: before 7.0.0-150400.8.4.4
python311-sure: before 2.0.1-150400.12.4.4
python311-Fabric: before 3.2.2-150400.10.4.1
python311-opencensus-context: before 0.1.3-150400.10.6.1
python311-pathspec: before 0.11.1-150400.9.7.2
python311-knack: before 0.11.0-150400.10.4.4
python311-avro: before 1.11.3-150400.10.4.1
python311-opentelemetry-sdk: before 1.23.0-150400.9.3.1
python311-retrying: before 1.3.4-150400.12.4.1
python311-importlib-metadata: before 6.8.0-150400.10.9.2
python311-pycomposefile: before 0.0.30-150400.9.3.1
python311-constantly: before 15.1.0-150400.12.7.2
python311-redis: before 5.0.1-150400.12.4.4
python311-fluidity-sm: before 0.2.0-150400.10.7.2
python311-PyJWT: before 2.8.0-150400.8.7.2
python311-pip: before 22.3.1-150400.17.16.4
python311-asgiref: before 3.6.0-150400.9.7.3
python311-invoke: before 2.1.2-150400.10.7.4
python311-Twisted-serial: before 22.10.0-150400.5.17.4
python311-Twisted-contextvars: before 22.10.0-150400.5.17.4
python311-async_timeout: before 4.0.2-150400.10.7.2
python311-portalocker: before 2.7.0-150400.10.7.4
python311-pkginfo: before 1.9.6-150400.7.7.1
python311-marshmallow: before 3.20.2-150400.9.7.1
python311-incremental: before 22.10.0-150400.3.7.2
python311-humanfriendly: before 10.0-150400.13.7.4
python311-aiosignal: before 1.3.1-150400.9.7.2
python311-Twisted-all_non_platform: before 22.10.0-150400.5.17.4
python311-distro: before 1.9.0-150400.12.4.1
python311-Twisted-conch_nacl: before 22.10.0-150400.5.17.4
python311-Pygments: before 2.15.1-150400.7.7.4
python311-hyperlink: before 21.0.0-150400.12.7.4
python311-tqdm: before 4.66.1-150400.9.7.4
python311-decorator: before 5.1.1-150400.12.7.4
python311-blinker: before 1.6.2-150400.12.7.4
python311-wheel: before 0.40.0-150400.13.7.4
python311-javaproperties: before 0.8.1-150400.10.4.4
python311-Twisted-conch: before 22.10.0-150400.5.17.4
python311-Automat: before 22.10.0-150400.3.7.2
python311-strictyaml: before 1.7.3-150400.9.3.4
python311-httplib2: before 0.22.0-150400.10.4.1
python311-websocket-client: before 1.5.1-150400.13.7.1
python311-opentelemetry-api: before 1.23.0-150400.10.7.1
python311-zipp: before 3.15.0-150400.10.7.1
python311-xmltodict: before 0.13.0-150400.12.4.1
python311-sshtunnel: before 0.4.0-150400.5.4.4
python311-vcrpy: before 6.0.1-150400.7.4.4
python311-pyparsing: before 3.0.9-150400.5.7.4
python311-opentelemetry-test-utils: before 0.44b0-150400.9.3.1
python311-Deprecated: before 1.2.14-150400.10.7.2
python311-semver: before 3.0.2-150400.10.4.1
python311-Twisted: before 22.10.0-150400.5.17.4
python311-typing_extensions: before 4.5.0-150400.3.9.1
python-tqdm-bash-completion: before 4.66.1-150400.9.7.4
python-paramiko-doc: before 3.4.0-150400.13.10.4
python311-fixedint: before 0.2.0-150400.9.3.1
python311-PyGithub: before 1.57-150400.10.4.4
python311-Twisted-tls: before 22.10.0-150400.5.17.4
python311-antlr4-python3-runtime: before 4.13.1-150400.10.4.1
python311-opencensus: before 0.11.4-150400.10.6.3
python311-httpretty: before 1.1.4-150400.11.4.1
python311-oauthlib: before 3.2.2-150400.12.7.4
python311-opencensus-ext-threading: before 0.1.2-150400.10.6.1
python311-service_identity: before 23.1.0-150400.8.7.1
python311-pydash: before 6.0.2-150400.9.4.1
python311-chardet: before 5.2.0-150400.13.7.2
python311-tabulate: before 0.9.0-150400.11.7.4
python311-scp: before 0.14.5-150400.12.7.4
python311-paramiko: before 3.4.0-150400.13.10.4
python311-fakeredis: before 2.21.0-150400.9.3.4
python311-requests-oauthlib: before 1.3.1-150400.12.7.1
python311-opentelemetry-semantic-conventions: before 0.44b0-150400.9.3.1
python311-sortedcontainers: before 2.4.0-150400.8.7.4
python311-lexicon: before 2.0.1-150400.10.7.1
python311-isodate: before 0.6.1-150400.12.7.2
python311-Twisted-http2: before 22.10.0-150400.5.17.4
Fix docs for client_kill_filter (#1584) Thanks\n @Andrew: before Chen-Wang
Fix grammar of get param in set command (#1588) Thanks\n @Andrew: before Chen-Wang
Update docs for multiple usernames for ACL DELUSER (#1595)\n Thanks @Andrew: before Chen-Wang
Normalize minid and maxlen docs (#1593) Thanks\n @Andrew: before Chen-Wang
Fix client_kill_filter docs for skimpy (#1596) Thanks\n @Andrew: before Chen-Wang
Geosearch test should use any=True (#1594) Thanks\n @Andrew: before Chen-Wang
Python 3.7 End: before of-Life
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241639-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74188
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28859
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a race condition. A remote attacker can exploit the race and gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, pyth to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP6
Python 3 Module: 15-SP6
SUSE Package Hub 15: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.5 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
SUSE Linux Enterprise Desktop 15: SP6
python311-psutil: before 5.9.5-150400.6.9.4
python311-wrapt-debuginfo: before 1.15.0-150400.12.7.1
python311-yarl: before 1.9.2-150400.8.7.4
python311-multidict-debuginfo: before 6.0.4-150400.7.7.4
python-aiohttp-debugsource: before 3.9.3-150400.10.18.4
python311-zope.interface-debuginfo: before 6.0-150400.12.7.4
python-wrapt-debugsource: before 1.15.0-150400.12.7.1
python311-frozenlist: before 1.3.3-150400.9.7.2
python311-yarl-debuginfo: before 1.9.2-150400.8.7.4
python-psutil-debugsource: before 5.9.5-150400.6.9.4
python-yarl-debugsource: before 1.9.2-150400.8.7.4
python-multidict-debugsource: before 6.0.4-150400.7.7.4
python311-wrapt: before 1.15.0-150400.12.7.1
python311-zope.interface: before 6.0-150400.12.7.4
python311-aiohttp: before 3.9.3-150400.10.18.4
python-frozenlist-debugsource: before 1.3.3-150400.9.7.2
python311-psutil-debuginfo: before 5.9.5-150400.6.9.4
python311-frozenlist-debuginfo: before 1.3.3-150400.9.7.2
python-zope.interface-debugsource: before 6.0-150400.12.7.4
python311-aiohttp-debuginfo: before 3.9.3-150400.10.18.4
python311-multidict: before 6.0.4-150400.7.7.4
python311-jsondiff: before 2.0.0-150400.10.4.1
python311-argcomplete: before 3.3.0-150400.12.12.2
python311-docker: before 7.0.0-150400.8.4.4
python311-sure: before 2.0.1-150400.12.4.4
python311-Fabric: before 3.2.2-150400.10.4.1
python311-opencensus-context: before 0.1.3-150400.10.6.1
python311-pathspec: before 0.11.1-150400.9.7.2
python311-knack: before 0.11.0-150400.10.4.4
python311-avro: before 1.11.3-150400.10.4.1
python311-opentelemetry-sdk: before 1.23.0-150400.9.3.1
python311-retrying: before 1.3.4-150400.12.4.1
python311-importlib-metadata: before 6.8.0-150400.10.9.2
python311-pycomposefile: before 0.0.30-150400.9.3.1
python311-constantly: before 15.1.0-150400.12.7.2
python311-redis: before 5.0.1-150400.12.4.4
python311-fluidity-sm: before 0.2.0-150400.10.7.2
python311-PyJWT: before 2.8.0-150400.8.7.2
python311-pip: before 22.3.1-150400.17.16.4
python311-asgiref: before 3.6.0-150400.9.7.3
python311-invoke: before 2.1.2-150400.10.7.4
python311-Twisted-serial: before 22.10.0-150400.5.17.4
python311-Twisted-contextvars: before 22.10.0-150400.5.17.4
python311-async_timeout: before 4.0.2-150400.10.7.2
python311-portalocker: before 2.7.0-150400.10.7.4
python311-pkginfo: before 1.9.6-150400.7.7.1
python311-marshmallow: before 3.20.2-150400.9.7.1
python311-incremental: before 22.10.0-150400.3.7.2
python311-humanfriendly: before 10.0-150400.13.7.4
python311-aiosignal: before 1.3.1-150400.9.7.2
python311-Twisted-all_non_platform: before 22.10.0-150400.5.17.4
python311-distro: before 1.9.0-150400.12.4.1
python311-Twisted-conch_nacl: before 22.10.0-150400.5.17.4
python311-Pygments: before 2.15.1-150400.7.7.4
python311-hyperlink: before 21.0.0-150400.12.7.4
python311-tqdm: before 4.66.1-150400.9.7.4
python311-decorator: before 5.1.1-150400.12.7.4
python311-blinker: before 1.6.2-150400.12.7.4
python311-wheel: before 0.40.0-150400.13.7.4
python311-javaproperties: before 0.8.1-150400.10.4.4
python311-Twisted-conch: before 22.10.0-150400.5.17.4
python311-Automat: before 22.10.0-150400.3.7.2
python311-strictyaml: before 1.7.3-150400.9.3.4
python311-httplib2: before 0.22.0-150400.10.4.1
python311-websocket-client: before 1.5.1-150400.13.7.1
python311-opentelemetry-api: before 1.23.0-150400.10.7.1
python311-zipp: before 3.15.0-150400.10.7.1
python311-xmltodict: before 0.13.0-150400.12.4.1
python311-sshtunnel: before 0.4.0-150400.5.4.4
python311-vcrpy: before 6.0.1-150400.7.4.4
python311-pyparsing: before 3.0.9-150400.5.7.4
python311-opentelemetry-test-utils: before 0.44b0-150400.9.3.1
python311-Deprecated: before 1.2.14-150400.10.7.2
python311-semver: before 3.0.2-150400.10.4.1
python311-Twisted: before 22.10.0-150400.5.17.4
python311-typing_extensions: before 4.5.0-150400.3.9.1
python-tqdm-bash-completion: before 4.66.1-150400.9.7.4
python-paramiko-doc: before 3.4.0-150400.13.10.4
python311-fixedint: before 0.2.0-150400.9.3.1
python311-PyGithub: before 1.57-150400.10.4.4
python311-Twisted-tls: before 22.10.0-150400.5.17.4
python311-antlr4-python3-runtime: before 4.13.1-150400.10.4.1
python311-opencensus: before 0.11.4-150400.10.6.3
python311-httpretty: before 1.1.4-150400.11.4.1
python311-oauthlib: before 3.2.2-150400.12.7.4
python311-opencensus-ext-threading: before 0.1.2-150400.10.6.1
python311-service_identity: before 23.1.0-150400.8.7.1
python311-pydash: before 6.0.2-150400.9.4.1
python311-chardet: before 5.2.0-150400.13.7.2
python311-tabulate: before 0.9.0-150400.11.7.4
python311-scp: before 0.14.5-150400.12.7.4
python311-paramiko: before 3.4.0-150400.13.10.4
python311-fakeredis: before 2.21.0-150400.9.3.4
python311-requests-oauthlib: before 1.3.1-150400.12.7.1
python311-opentelemetry-semantic-conventions: before 0.44b0-150400.9.3.1
python311-sortedcontainers: before 2.4.0-150400.8.7.4
python311-lexicon: before 2.0.1-150400.10.7.1
python311-isodate: before 0.6.1-150400.12.7.2
python311-Twisted-http2: before 22.10.0-150400.5.17.4
Fix docs for client_kill_filter (#1584) Thanks\n @Andrew: before Chen-Wang
Fix grammar of get param in set command (#1588) Thanks\n @Andrew: before Chen-Wang
Update docs for multiple usernames for ACL DELUSER (#1595)\n Thanks @Andrew: before Chen-Wang
Normalize minid and maxlen docs (#1593) Thanks\n @Andrew: before Chen-Wang
Fix client_kill_filter docs for skimpy (#1596) Thanks\n @Andrew: before Chen-Wang
Geosearch test should use any=True (#1594) Thanks\n @Andrew: before Chen-Wang
Python 3.7 End: before of-Life
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241639-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.