Feature update for python-M2Crypto SUSE Patch security@suse.de SUSE Security Team SUSE-FU-2024:1448-1 Final 1 1 2024-04-26T09:45:59Z current 2024-04-26T09:45:59Z 2024-04-26T09:45:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Feature update for python-M2Crypto This update for python-M2Crypto fixes the following issue: - Build for modern python stack - Adds python311-M2Crypto The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:latest-2024-1448,Container suse/multi-linux-manager/5.1/x86_64/server:latest-2024-1448,Image SLES15-SP7-BYOS-Azure-2024-1448,Image SLES15-SP7-BYOS-EC2-2024-1448,Image SLES15-SP7-BYOS-GCE-2024-1448,Image SLES15-SP7-HPC-BYOS-Azure-2024-1448,Image SLES15-SP7-HPC-BYOS-EC2-2024-1448,Image SLES15-SP7-HPC-BYOS-GCE-2024-1448,Image SLES15-SP7-Hardened-BYOS-Azure-2024-1448,Image SLES15-SP7-Hardened-BYOS-EC2-2024-1448,Image SLES15-SP7-Hardened-BYOS-GCE-2024-1448,Image SLES15-SP7-SAP-BYOS-Azure-2024-1448,Image SLES15-SP7-SAP-BYOS-EC2-2024-1448,Image SLES15-SP7-SAP-BYOS-GCE-2024-1448,Image SLES15-SP7-SAP-Hardened-BYOS-Azure-2024-1448,Image SLES15-SP7-SAP-Hardened-BYOS-EC2-2024-1448,Image SLES15-SP7-SAP-Hardened-BYOS-GCE-2024-1448,Image proxy-salt-broker-image-2024-1448,Image server-image-2024-1448,SUSE-2024-1448,SUSE-SLE-Module-Python3-15-SP5-2024-1448,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1448,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1448,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1448,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1448,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1448,openSUSE-SLE-15.5-2024-1448 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement//suse-fu-20241448-1/ Link for SUSE-FU-2024:1448-1 https://lists.suse.com/pipermail/sle-updates/2024-April/035107.html E-Mail link for SUSE-FU-2024:1448-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1205042 SUSE Bug 1205042 https://bugzilla.suse.com/1212757 SUSE Bug 1212757 https://bugzilla.suse.com/1217782 SUSE Bug 1217782 https://www.suse.com/security/cve/CVE-2020-25657/ SUSE CVE CVE-2020-25657 page Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:latest Container suse/multi-linux-manager/5.1/x86_64/server:latest Image SLES15-SP7-BYOS-Azure Image SLES15-SP7-BYOS-EC2 Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-HPC-BYOS-Azure Image SLES15-SP7-HPC-BYOS-EC2 Image SLES15-SP7-HPC-BYOS-GCE Image SLES15-SP7-Hardened-BYOS-Azure Image SLES15-SP7-Hardened-BYOS-EC2 Image SLES15-SP7-Hardened-BYOS-GCE Image SLES15-SP7-SAP-BYOS-Azure Image SLES15-SP7-SAP-BYOS-EC2 Image SLES15-SP7-SAP-BYOS-GCE Image SLES15-SP7-SAP-Hardened-BYOS-Azure Image SLES15-SP7-SAP-Hardened-BYOS-EC2 Image SLES15-SP7-SAP-Hardened-BYOS-GCE Image proxy-salt-broker-image Image server-image SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Module for Python 3 15 SP5 SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 openSUSE Leap 15.5 python311-M2Crypto-0.40.0-150400.3.9.1 python-M2Crypto-doc-0.40.0-150400.3.9.1 python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:latest python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Container suse/multi-linux-manager/5.1/x86_64/server:latest python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-BYOS-Azure python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-BYOS-EC2 python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-BYOS-GCE python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-HPC-BYOS-Azure python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-HPC-BYOS-EC2 python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-HPC-BYOS-GCE python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-Hardened-BYOS-Azure python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-Hardened-BYOS-EC2 python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-Hardened-BYOS-GCE python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-SAP-BYOS-Azure python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-SAP-BYOS-EC2 python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-SAP-BYOS-GCE python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-SAP-Hardened-BYOS-Azure python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-SAP-Hardened-BYOS-EC2 python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image SLES15-SP7-SAP-Hardened-BYOS-GCE python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image proxy-salt-broker-image python311-M2Crypto-0.40.0-150400.3.9.1 as a component of Image server-image python-M2Crypto-doc-0.40.0-150400.3.9.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS python311-M2Crypto-0.40.0-150400.3.9.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS python-M2Crypto-doc-0.40.0-150400.3.9.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS python311-M2Crypto-0.40.0-150400.3.9.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS python-M2Crypto-doc-0.40.0-150400.3.9.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP5 python311-M2Crypto-0.40.0-150400.3.9.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP5 python-M2Crypto-doc-0.40.0-150400.3.9.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS python311-M2Crypto-0.40.0-150400.3.9.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS python-M2Crypto-doc-0.40.0-150400.3.9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 python311-M2Crypto-0.40.0-150400.3.9.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 python-M2Crypto-doc-0.40.0-150400.3.9.1 as a component of openSUSE Leap 15.5 python311-M2Crypto-0.40.0-150400.3.9.1 as a component of openSUSE Leap 15.5 A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. CVE-2020-25657 Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:latest:python311-M2Crypto-0.40.0-150400.3.9.1 Container suse/multi-linux-manager/5.1/x86_64/server:latest:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-BYOS-Azure:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-BYOS-EC2:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-BYOS-GCE:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-HPC-BYOS-Azure:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-HPC-BYOS-EC2:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-HPC-BYOS-GCE:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-Hardened-BYOS-Azure:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-Hardened-BYOS-EC2:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-Hardened-BYOS-GCE:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-SAP-BYOS-Azure:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-SAP-BYOS-EC2:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-SAP-BYOS-GCE:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-SAP-Hardened-BYOS-Azure:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-SAP-Hardened-BYOS-EC2:python311-M2Crypto-0.40.0-150400.3.9.1 Image SLES15-SP7-SAP-Hardened-BYOS-GCE:python311-M2Crypto-0.40.0-150400.3.9.1 Image proxy-salt-broker-image:python311-M2Crypto-0.40.0-150400.3.9.1 Image server-image:python311-M2Crypto-0.40.0-150400.3.9.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python-M2Crypto-doc-0.40.0-150400.3.9.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-M2Crypto-0.40.0-150400.3.9.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python-M2Crypto-doc-0.40.0-150400.3.9.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-M2Crypto-0.40.0-150400.3.9.1 SUSE Linux Enterprise Module for Python 3 15 SP5:python-M2Crypto-doc-0.40.0-150400.3.9.1 SUSE Linux Enterprise Module for Python 3 15 SP5:python311-M2Crypto-0.40.0-150400.3.9.1 SUSE Linux Enterprise Server 15 SP4-LTSS:python-M2Crypto-doc-0.40.0-150400.3.9.1 SUSE Linux Enterprise Server 15 SP4-LTSS:python311-M2Crypto-0.40.0-150400.3.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:python-M2Crypto-doc-0.40.0-150400.3.9.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-M2Crypto-0.40.0-150400.3.9.1 openSUSE Leap 15.5:python-M2Crypto-doc-0.40.0-150400.3.9.1 openSUSE Leap 15.5:python311-M2Crypto-0.40.0-150400.3.9.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-fu-20241448-1/ https://www.suse.com/security/cve/CVE-2020-25657.html CVE-2020-25657 https://bugzilla.suse.com/1178829 SUSE Bug 1178829 https://bugzilla.suse.com/1218044 SUSE Bug 1218044