Feature update for venv-salt-minion SUSE Patch security@suse.de SUSE Security Team SUSE-FU-2022:0444-1 Final 1 1 2022-02-16T15:20:54Z current 2022-02-16T15:20:54Z 2022-02-16T15:20:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Feature update for venv-salt-minion This feature update for venv-salt-minion provides the following changes: - Introduce `venv-salt-minion`. - Track already fixed issues. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-444,SUSE-SLE-Manager-Tools-15-BETA-2022-444 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ Link for SUSE-FU-2022:0444-1 https://lists.suse.com/pipermail/sle-updates/2022-February/021718.html E-Mail link for SUSE-FU-2022:0444-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1000080 SUSE Bug 1000080 https://bugzilla.suse.com/1000117 SUSE Bug 1000117 https://bugzilla.suse.com/1000194 SUSE Bug 1000194 https://bugzilla.suse.com/1000742 SUSE Bug 1000742 https://bugzilla.suse.com/1002895 SUSE Bug 1002895 https://bugzilla.suse.com/1003091 SUSE Bug 1003091 https://bugzilla.suse.com/1005246 SUSE Bug 1005246 https://bugzilla.suse.com/1010874 SUSE Bug 1010874 https://bugzilla.suse.com/1010966 SUSE Bug 1010966 https://bugzilla.suse.com/1011936 SUSE Bug 1011936 https://bugzilla.suse.com/1015549 SUSE Bug 1015549 https://bugzilla.suse.com/1027610 SUSE Bug 1027610 https://bugzilla.suse.com/1027705 SUSE Bug 1027705 https://bugzilla.suse.com/1029902 SUSE Bug 1029902 https://bugzilla.suse.com/1030038 SUSE Bug 1030038 https://bugzilla.suse.com/1032118 SUSE Bug 1032118 https://bugzilla.suse.com/1032119 SUSE Bug 1032119 https://bugzilla.suse.com/1035604 SUSE Bug 1035604 https://bugzilla.suse.com/1039469 SUSE Bug 1039469 https://bugzilla.suse.com/1040164 SUSE Bug 1040164 https://bugzilla.suse.com/1040256 SUSE Bug 1040256 https://bugzilla.suse.com/1041090 SUSE Bug 1041090 https://bugzilla.suse.com/1042670 SUSE Bug 1042670 https://bugzilla.suse.com/1049186 SUSE Bug 1049186 https://bugzilla.suse.com/1049304 SUSE Bug 1049304 https://bugzilla.suse.com/1050653 SUSE Bug 1050653 https://bugzilla.suse.com/1050665 SUSE Bug 1050665 https://bugzilla.suse.com/1055478 SUSE Bug 1055478 https://bugzilla.suse.com/1055542 SUSE Bug 1055542 https://bugzilla.suse.com/1056951 SUSE Bug 1056951 https://bugzilla.suse.com/1057496 SUSE Bug 1057496 https://bugzilla.suse.com/1062237 SUSE Bug 1062237 https://bugzilla.suse.com/1066873 SUSE Bug 1066873 https://bugzilla.suse.com/1068790 SUSE Bug 1068790 https://bugzilla.suse.com/1070737 SUSE Bug 1070737 https://bugzilla.suse.com/1070738 SUSE Bug 1070738 https://bugzilla.suse.com/1070853 SUSE Bug 1070853 https://bugzilla.suse.com/1071941 SUSE Bug 1071941 https://bugzilla.suse.com/1073310 SUSE Bug 1073310 https://bugzilla.suse.com/1073845 SUSE Bug 1073845 https://bugzilla.suse.com/1073879 SUSE Bug 1073879 https://bugzilla.suse.com/1074247 SUSE Bug 1074247 https://bugzilla.suse.com/1076519 SUSE Bug 1076519 https://bugzilla.suse.com/1077096 SUSE Bug 1077096 https://bugzilla.suse.com/1077230 SUSE Bug 1077230 https://bugzilla.suse.com/1078329 SUSE Bug 1078329 https://bugzilla.suse.com/1079761 SUSE Bug 1079761 https://bugzilla.suse.com/1080301 SUSE Bug 1080301 https://bugzilla.suse.com/1081005 SUSE Bug 1081005 https://bugzilla.suse.com/1081750 SUSE Bug 1081750 https://bugzilla.suse.com/1081751 SUSE Bug 1081751 https://bugzilla.suse.com/1082155 SUSE Bug 1082155 https://bugzilla.suse.com/1082163 SUSE Bug 1082163 https://bugzilla.suse.com/1082318 SUSE Bug 1082318 https://bugzilla.suse.com/1083826 SUSE Bug 1083826 https://bugzilla.suse.com/1084117 SUSE Bug 1084117 https://bugzilla.suse.com/1084157 SUSE Bug 1084157 https://bugzilla.suse.com/1085276 SUSE Bug 1085276 https://bugzilla.suse.com/1085529 SUSE Bug 1085529 https://bugzilla.suse.com/1085661 SUSE Bug 1085661 https://bugzilla.suse.com/1087104 SUSE Bug 1087104 https://bugzilla.suse.com/1088573 SUSE Bug 1088573 https://bugzilla.suse.com/1090427 SUSE Bug 1090427 https://bugzilla.suse.com/1090953 SUSE Bug 1090953 https://bugzilla.suse.com/1093518 SUSE Bug 1093518 https://bugzilla.suse.com/1093917 SUSE Bug 1093917 https://bugzilla.suse.com/1094788 SUSE Bug 1094788 https://bugzilla.suse.com/1094814 SUSE Bug 1094814 https://bugzilla.suse.com/1094883 SUSE Bug 1094883 https://bugzilla.suse.com/1095267 SUSE Bug 1095267 https://bugzilla.suse.com/1096738 SUSE Bug 1096738 https://bugzilla.suse.com/1096937 SUSE Bug 1096937 https://bugzilla.suse.com/1097531 SUSE Bug 1097531 https://bugzilla.suse.com/1098535 SUSE Bug 1098535 https://bugzilla.suse.com/1099308 SUSE Bug 1099308 https://bugzilla.suse.com/1099569 SUSE Bug 1099569 https://bugzilla.suse.com/1102868 SUSE Bug 1102868 https://bugzilla.suse.com/1108508 SUSE Bug 1108508 https://bugzilla.suse.com/1109882 SUSE Bug 1109882 https://bugzilla.suse.com/1109998 SUSE Bug 1109998 https://bugzilla.suse.com/1110435 SUSE Bug 1110435 https://bugzilla.suse.com/1110869 SUSE Bug 1110869 https://bugzilla.suse.com/1110871 SUSE Bug 1110871 https://bugzilla.suse.com/1111493 SUSE Bug 1111493 https://bugzilla.suse.com/1111622 SUSE Bug 1111622 https://bugzilla.suse.com/1111657 SUSE Bug 1111657 https://bugzilla.suse.com/1112357 SUSE Bug 1112357 https://bugzilla.suse.com/1115769 SUSE Bug 1115769 https://bugzilla.suse.com/1118611 SUSE Bug 1118611 https://bugzilla.suse.com/1119376 SUSE Bug 1119376 https://bugzilla.suse.com/1119416 SUSE Bug 1119416 https://bugzilla.suse.com/1119792 SUSE Bug 1119792 https://bugzilla.suse.com/1121717 SUSE Bug 1121717 https://bugzilla.suse.com/1121852 SUSE Bug 1121852 https://bugzilla.suse.com/1122191 SUSE Bug 1122191 https://bugzilla.suse.com/1123064 SUSE Bug 1123064 https://bugzilla.suse.com/1123185 SUSE Bug 1123185 https://bugzilla.suse.com/1123186 SUSE Bug 1123186 https://bugzilla.suse.com/1123558 SUSE Bug 1123558 https://bugzilla.suse.com/1124885 SUSE Bug 1124885 https://bugzilla.suse.com/1125815 SUSE Bug 1125815 https://bugzilla.suse.com/1126283 SUSE Bug 1126283 https://bugzilla.suse.com/1126318 SUSE Bug 1126318 https://bugzilla.suse.com/1127173 SUSE Bug 1127173 https://bugzilla.suse.com/1128146 SUSE Bug 1128146 https://bugzilla.suse.com/1128323 SUSE Bug 1128323 https://bugzilla.suse.com/1128355 SUSE Bug 1128355 https://bugzilla.suse.com/1129071 SUSE Bug 1129071 https://bugzilla.suse.com/1129566 SUSE Bug 1129566 https://bugzilla.suse.com/1130840 SUSE Bug 1130840 https://bugzilla.suse.com/1132174 SUSE Bug 1132174 https://bugzilla.suse.com/1132323 SUSE Bug 1132323 https://bugzilla.suse.com/1132455 SUSE Bug 1132455 https://bugzilla.suse.com/1132663 SUSE Bug 1132663 https://bugzilla.suse.com/1132900 SUSE Bug 1132900 https://bugzilla.suse.com/1135009 SUSE Bug 1135009 https://bugzilla.suse.com/1136444 SUSE Bug 1136444 https://bugzilla.suse.com/1138666 SUSE Bug 1138666 https://bugzilla.suse.com/1138715 SUSE Bug 1138715 https://bugzilla.suse.com/1138746 SUSE Bug 1138746 https://bugzilla.suse.com/1139915 SUSE Bug 1139915 https://bugzilla.suse.com/1140255 SUSE Bug 1140255 https://bugzilla.suse.com/1141168 SUSE Bug 1141168 https://bugzilla.suse.com/1142899 SUSE Bug 1142899 https://bugzilla.suse.com/1143033 SUSE Bug 1143033 https://bugzilla.suse.com/1143454 SUSE Bug 1143454 https://bugzilla.suse.com/1143893 SUSE Bug 1143893 https://bugzilla.suse.com/1144506 SUSE Bug 1144506 https://bugzilla.suse.com/1149686 SUSE Bug 1149686 https://bugzilla.suse.com/1149792 SUSE Bug 1149792 https://bugzilla.suse.com/1150190 SUSE Bug 1150190 https://bugzilla.suse.com/1150895 SUSE Bug 1150895 https://bugzilla.suse.com/1153830 SUSE Bug 1153830 https://bugzilla.suse.com/1155815 SUSE Bug 1155815 https://bugzilla.suse.com/1156677 SUSE Bug 1156677 https://bugzilla.suse.com/1156694 SUSE Bug 1156694 https://bugzilla.suse.com/1156908 SUSE Bug 1156908 https://bugzilla.suse.com/1157104 SUSE Bug 1157104 https://bugzilla.suse.com/1157354 SUSE Bug 1157354 https://bugzilla.suse.com/1159235 SUSE Bug 1159235 https://bugzilla.suse.com/1159538 SUSE Bug 1159538 https://bugzilla.suse.com/1161557 SUSE Bug 1161557 https://bugzilla.suse.com/1161770 SUSE Bug 1161770 https://bugzilla.suse.com/1162224 SUSE Bug 1162224 https://bugzilla.suse.com/1162367 SUSE Bug 1162367 https://bugzilla.suse.com/1162743 SUSE Bug 1162743 https://bugzilla.suse.com/1163978 SUSE Bug 1163978 https://bugzilla.suse.com/1164310 SUSE Bug 1164310 https://bugzilla.suse.com/1165439 SUSE Bug 1165439 https://bugzilla.suse.com/1165578 SUSE Bug 1165578 https://bugzilla.suse.com/1165730 SUSE Bug 1165730 https://bugzilla.suse.com/1165823 SUSE Bug 1165823 https://bugzilla.suse.com/1165960 SUSE Bug 1165960 https://bugzilla.suse.com/1166139 SUSE Bug 1166139 https://bugzilla.suse.com/1166758 SUSE Bug 1166758 https://bugzilla.suse.com/1167008 SUSE Bug 1167008 https://bugzilla.suse.com/1167501 SUSE Bug 1167501 https://bugzilla.suse.com/1167732 SUSE Bug 1167732 https://bugzilla.suse.com/1167746 SUSE Bug 1167746 https://bugzilla.suse.com/1168480 SUSE Bug 1168480 https://bugzilla.suse.com/1168973 SUSE Bug 1168973 https://bugzilla.suse.com/1169489 SUSE Bug 1169489 https://bugzilla.suse.com/1170175 SUSE Bug 1170175 https://bugzilla.suse.com/1170863 SUSE Bug 1170863 https://bugzilla.suse.com/1171368 SUSE Bug 1171368 https://bugzilla.suse.com/1171561 SUSE Bug 1171561 https://bugzilla.suse.com/1172226 SUSE Bug 1172226 https://bugzilla.suse.com/1172908 SUSE Bug 1172908 https://bugzilla.suse.com/1172928 SUSE Bug 1172928 https://bugzilla.suse.com/1173226 SUSE Bug 1173226 https://bugzilla.suse.com/1173356 SUSE Bug 1173356 https://bugzilla.suse.com/1174009 SUSE Bug 1174009 https://bugzilla.suse.com/1174091 SUSE Bug 1174091 https://bugzilla.suse.com/1174514 SUSE Bug 1174514 https://bugzilla.suse.com/1175729 SUSE Bug 1175729 https://bugzilla.suse.com/1176116 SUSE Bug 1176116 https://bugzilla.suse.com/1176129 SUSE Bug 1176129 https://bugzilla.suse.com/1176134 SUSE Bug 1176134 https://bugzilla.suse.com/1176232 SUSE Bug 1176232 https://bugzilla.suse.com/1176256 SUSE Bug 1176256 https://bugzilla.suse.com/1176257 SUSE Bug 1176257 https://bugzilla.suse.com/1176258 SUSE Bug 1176258 https://bugzilla.suse.com/1176259 SUSE Bug 1176259 https://bugzilla.suse.com/1176262 SUSE Bug 1176262 https://bugzilla.suse.com/1176389 SUSE Bug 1176389 https://bugzilla.suse.com/1176785 SUSE Bug 1176785 https://bugzilla.suse.com/1176977 SUSE Bug 1176977 https://bugzilla.suse.com/1177120 SUSE Bug 1177120 https://bugzilla.suse.com/1177127 SUSE Bug 1177127 https://bugzilla.suse.com/1177559 SUSE Bug 1177559 https://bugzilla.suse.com/1178168 SUSE Bug 1178168 https://bugzilla.suse.com/1178341 SUSE Bug 1178341 https://bugzilla.suse.com/1178670 SUSE Bug 1178670 https://bugzilla.suse.com/1179562 SUSE Bug 1179562 https://bugzilla.suse.com/1179630 SUSE Bug 1179630 https://bugzilla.suse.com/1179805 SUSE Bug 1179805 https://bugzilla.suse.com/1180125 SUSE Bug 1180125 https://bugzilla.suse.com/1180781 SUSE Bug 1180781 https://bugzilla.suse.com/1181126 SUSE Bug 1181126 https://bugzilla.suse.com/1181324 SUSE Bug 1181324 https://bugzilla.suse.com/1181944 SUSE Bug 1181944 https://bugzilla.suse.com/1182066 SUSE Bug 1182066 https://bugzilla.suse.com/1182211 SUSE Bug 1182211 https://bugzilla.suse.com/1182244 SUSE Bug 1182244 https://bugzilla.suse.com/1182264 SUSE Bug 1182264 https://bugzilla.suse.com/1182379 SUSE Bug 1182379 https://bugzilla.suse.com/1182963 SUSE Bug 1182963 https://bugzilla.suse.com/1183059 SUSE Bug 1183059 https://bugzilla.suse.com/1183374 SUSE Bug 1183374 https://bugzilla.suse.com/1183858 SUSE Bug 1183858 https://bugzilla.suse.com/1184505 SUSE Bug 1184505 https://bugzilla.suse.com/1185588 SUSE Bug 1185588 https://bugzilla.suse.com/1185706 SUSE Bug 1185706 https://bugzilla.suse.com/1185748 SUSE Bug 1185748 https://bugzilla.suse.com/1186738 SUSE Bug 1186738 https://bugzilla.suse.com/1187045 SUSE Bug 1187045 https://bugzilla.suse.com/1190781 SUSE Bug 1190781 https://bugzilla.suse.com/1193357 SUSE Bug 1193357 https://bugzilla.suse.com/428177 SUSE Bug 428177 https://bugzilla.suse.com/431945 SUSE Bug 431945 https://bugzilla.suse.com/637176 SUSE Bug 637176 https://bugzilla.suse.com/657698 SUSE Bug 657698 https://bugzilla.suse.com/658604 SUSE Bug 658604 https://bugzilla.suse.com/673071 SUSE Bug 673071 https://bugzilla.suse.com/715423 SUSE Bug 715423 https://bugzilla.suse.com/743787 SUSE Bug 743787 https://bugzilla.suse.com/747125 SUSE Bug 747125 https://bugzilla.suse.com/750618 SUSE Bug 750618 https://bugzilla.suse.com/751718 SUSE Bug 751718 https://bugzilla.suse.com/754447 SUSE Bug 754447 https://bugzilla.suse.com/754677 SUSE Bug 754677 https://bugzilla.suse.com/761500 SUSE Bug 761500 https://bugzilla.suse.com/784670 SUSE Bug 784670 https://bugzilla.suse.com/787526 SUSE Bug 787526 https://bugzilla.suse.com/799119 SUSE Bug 799119 https://bugzilla.suse.com/809831 SUSE Bug 809831 https://bugzilla.suse.com/811890 SUSE Bug 811890 https://bugzilla.suse.com/825221 SUSE Bug 825221 https://bugzilla.suse.com/828513 SUSE Bug 828513 https://bugzilla.suse.com/831629 SUSE Bug 831629 https://bugzilla.suse.com/834601 SUSE Bug 834601 https://bugzilla.suse.com/835687 SUSE Bug 835687 https://bugzilla.suse.com/839107 SUSE Bug 839107 https://bugzilla.suse.com/84331 SUSE Bug 84331 https://bugzilla.suse.com/855666 SUSE Bug 855666 https://bugzilla.suse.com/858239 SUSE Bug 858239 https://bugzilla.suse.com/867887 SUSE Bug 867887 https://bugzilla.suse.com/871152 SUSE Bug 871152 https://bugzilla.suse.com/885662 SUSE Bug 885662 https://bugzilla.suse.com/885882 SUSE Bug 885882 https://bugzilla.suse.com/889363 SUSE Bug 889363 https://bugzilla.suse.com/892480 SUSE Bug 892480 https://bugzilla.suse.com/898917 SUSE Bug 898917 https://bugzilla.suse.com/907584 SUSE Bug 907584 https://bugzilla.suse.com/912460 SUSE Bug 912460 https://bugzilla.suse.com/913229 SUSE Bug 913229 https://bugzilla.suse.com/915479 SUSE Bug 915479 https://bugzilla.suse.com/917607 SUSE Bug 917607 https://bugzilla.suse.com/917759 SUSE Bug 917759 https://bugzilla.suse.com/917815 SUSE Bug 917815 https://bugzilla.suse.com/922448 SUSE Bug 922448 https://bugzilla.suse.com/929736 SUSE Bug 929736 https://bugzilla.suse.com/930189 SUSE Bug 930189 https://bugzilla.suse.com/931978 SUSE Bug 931978 https://bugzilla.suse.com/935856 SUSE Bug 935856 https://bugzilla.suse.com/937912 SUSE Bug 937912 https://bugzilla.suse.com/939456 SUSE Bug 939456 https://bugzilla.suse.com/940608 SUSE Bug 940608 https://bugzilla.suse.com/942385 SUSE Bug 942385 https://bugzilla.suse.com/942751 SUSE Bug 942751 https://bugzilla.suse.com/944204 SUSE Bug 944204 https://bugzilla.suse.com/945455 SUSE Bug 945455 https://bugzilla.suse.com/946648 SUSE Bug 946648 https://bugzilla.suse.com/947357 SUSE Bug 947357 https://bugzilla.suse.com/947679 SUSE Bug 947679 https://bugzilla.suse.com/948198 SUSE Bug 948198 https://bugzilla.suse.com/954486 SUSE Bug 954486 https://bugzilla.suse.com/954690 SUSE Bug 954690 https://bugzilla.suse.com/961334 SUSE Bug 961334 https://bugzilla.suse.com/962291 SUSE Bug 962291 https://bugzilla.suse.com/963974 SUSE Bug 963974 https://bugzilla.suse.com/964204 SUSE Bug 964204 https://bugzilla.suse.com/964472 SUSE Bug 964472 https://bugzilla.suse.com/964474 SUSE Bug 964474 https://bugzilla.suse.com/965830 SUSE Bug 965830 https://bugzilla.suse.com/967128 SUSE Bug 967128 https://bugzilla.suse.com/968270 SUSE Bug 968270 https://bugzilla.suse.com/968601 SUSE Bug 968601 https://bugzilla.suse.com/975875 SUSE Bug 975875 https://bugzilla.suse.com/981848 SUSE Bug 981848 https://bugzilla.suse.com/988086 SUSE Bug 988086 https://bugzilla.suse.com/992988 SUSE Bug 992988 https://bugzilla.suse.com/992989 SUSE Bug 992989 https://bugzilla.suse.com/992992 SUSE Bug 992992 https://bugzilla.suse.com/993130 SUSE Bug 993130 https://bugzilla.suse.com/993825 SUSE Bug 993825 https://bugzilla.suse.com/993968 SUSE Bug 993968 https://bugzilla.suse.com/994910 SUSE Bug 994910 https://bugzilla.suse.com/996255 SUSE Bug 996255 https://bugzilla.suse.com/997614 SUSE Bug 997614 https://www.suse.com/security/cve/CVE-2011-3389/ SUSE CVE CVE-2011-3389 page https://www.suse.com/security/cve/CVE-2011-4944/ SUSE CVE CVE-2011-4944 page https://www.suse.com/security/cve/CVE-2012-0845/ SUSE CVE CVE-2012-0845 page https://www.suse.com/security/cve/CVE-2012-1150/ SUSE CVE CVE-2012-1150 page https://www.suse.com/security/cve/CVE-2013-1752/ SUSE CVE CVE-2013-1752 page https://www.suse.com/security/cve/CVE-2013-4238/ SUSE CVE CVE-2013-4238 page https://www.suse.com/security/cve/CVE-2013-4314/ SUSE CVE CVE-2013-4314 page https://www.suse.com/security/cve/CVE-2014-0012/ SUSE CVE CVE-2014-0012 page https://www.suse.com/security/cve/CVE-2014-1829/ SUSE CVE CVE-2014-1829 page https://www.suse.com/security/cve/CVE-2014-1830/ SUSE CVE CVE-2014-1830 page https://www.suse.com/security/cve/CVE-2014-2667/ SUSE CVE CVE-2014-2667 page https://www.suse.com/security/cve/CVE-2014-4650/ SUSE CVE CVE-2014-4650 page https://www.suse.com/security/cve/CVE-2014-7202/ SUSE CVE CVE-2014-7202 page https://www.suse.com/security/cve/CVE-2014-7203/ SUSE CVE CVE-2014-7203 page https://www.suse.com/security/cve/CVE-2014-9721/ SUSE CVE CVE-2014-9721 page https://www.suse.com/security/cve/CVE-2015-2296/ SUSE CVE CVE-2015-2296 page https://www.suse.com/security/cve/CVE-2016-10745/ SUSE CVE CVE-2016-10745 page https://www.suse.com/security/cve/CVE-2016-9015/ SUSE CVE CVE-2016-9015 page https://www.suse.com/security/cve/CVE-2017-18342/ SUSE CVE CVE-2017-18342 page https://www.suse.com/security/cve/CVE-2018-18074/ SUSE CVE CVE-2018-18074 page https://www.suse.com/security/cve/CVE-2018-20060/ SUSE CVE CVE-2018-20060 page https://www.suse.com/security/cve/CVE-2018-7750/ SUSE CVE CVE-2018-7750 page https://www.suse.com/security/cve/CVE-2019-10906/ SUSE CVE CVE-2019-10906 page https://www.suse.com/security/cve/CVE-2019-11236/ SUSE CVE CVE-2019-11236 page https://www.suse.com/security/cve/CVE-2019-11324/ SUSE CVE CVE-2019-11324 page https://www.suse.com/security/cve/CVE-2019-13132/ SUSE CVE CVE-2019-13132 page https://www.suse.com/security/cve/CVE-2019-20907/ SUSE CVE CVE-2019-20907 page https://www.suse.com/security/cve/CVE-2019-20916/ SUSE CVE CVE-2019-20916 page https://www.suse.com/security/cve/CVE-2019-5010/ SUSE CVE CVE-2019-5010 page https://www.suse.com/security/cve/CVE-2019-6250/ SUSE CVE CVE-2019-6250 page https://www.suse.com/security/cve/CVE-2019-8341/ SUSE CVE CVE-2019-8341 page https://www.suse.com/security/cve/CVE-2019-9740/ SUSE CVE CVE-2019-9740 page https://www.suse.com/security/cve/CVE-2019-9947/ SUSE CVE CVE-2019-9947 page https://www.suse.com/security/cve/CVE-2020-14343/ SUSE CVE CVE-2020-14343 page https://www.suse.com/security/cve/CVE-2020-15166/ SUSE CVE CVE-2020-15166 page https://www.suse.com/security/cve/CVE-2020-15523/ SUSE CVE CVE-2020-15523 page https://www.suse.com/security/cve/CVE-2020-15801/ SUSE CVE CVE-2020-15801 page https://www.suse.com/security/cve/CVE-2020-1747/ SUSE CVE CVE-2020-1747 page https://www.suse.com/security/cve/CVE-2020-25659/ SUSE CVE CVE-2020-25659 page https://www.suse.com/security/cve/CVE-2020-26137/ SUSE CVE CVE-2020-26137 page https://www.suse.com/security/cve/CVE-2020-27783/ SUSE CVE CVE-2020-27783 page https://www.suse.com/security/cve/CVE-2020-28493/ SUSE CVE CVE-2020-28493 page https://www.suse.com/security/cve/CVE-2020-29651/ SUSE CVE CVE-2020-29651 page https://www.suse.com/security/cve/CVE-2020-36242/ SUSE CVE CVE-2020-36242 page https://www.suse.com/security/cve/CVE-2020-8492/ SUSE CVE CVE-2020-8492 page https://www.suse.com/security/cve/CVE-2021-23336/ SUSE CVE CVE-2021-23336 page https://www.suse.com/security/cve/CVE-2021-28957/ SUSE CVE CVE-2021-28957 page https://www.suse.com/security/cve/CVE-2021-29921/ SUSE CVE CVE-2021-29921 page https://www.suse.com/security/cve/CVE-2021-3177/ SUSE CVE CVE-2021-3177 page https://www.suse.com/security/cve/CVE-2021-33503/ SUSE CVE CVE-2021-33503 page https://www.suse.com/security/cve/CVE-2021-3426/ SUSE CVE CVE-2021-3426 page saltbundle-libsodium-1.0.16-159000.3.3.3 saltbundle-libsodium-devel-1.0.16-159000.3.3.3 saltbundle-libzmq-4.2.3-159000.3.3.2 saltbundle-swig-4.0.2-159000.3.3.2 saltbundle-swig-doc-4.0.2-159000.3.3.2 saltbundle-swig-examples-4.0.2-159000.3.3.2 saltbundle-zeromq-devel-4.2.3-159000.3.3.2 saltbundle-zeromq-tools-4.2.3-159000.3.3.2 saltbundlepy-3.9.6-159000.3.3.2 saltbundlepy-appdirs-1.4.3-159000.3.3.2 saltbundlepy-asn1crypto-0.24.0-159000.3.3.2 saltbundlepy-atomicwrites-1.1.5-159000.3.3.2 saltbundlepy-attrs-19.3.0-159000.3.3.2 saltbundlepy-base-3.9.6-159000.3.3.2 saltbundlepy-bcrypt-3.2.0-159000.3.3.2 saltbundlepy-certifi-2018.1.18-159000.3.3.2 saltbundlepy-cffi-1.13.2-159000.3.3.2 saltbundlepy-chardet-3.0.4-159000.3.3.2 saltbundlepy-cryptography-2.8-159000.3.3.2 saltbundlepy-cryptography-vectors-2.8-159000.3.3.2 saltbundlepy-cssselect-1.0.3-159000.3.3.2 saltbundlepy-curses-3.9.6-159000.3.3.2 saltbundlepy-cython-0.29.24-159000.3.3.2 saltbundlepy-dbm-3.9.6-159000.3.3.2 saltbundlepy-devel-3.9.6-159000.3.3.2 saltbundlepy-distro-1.5.0-159000.3.3.2 saltbundlepy-docker-4.2.0-159000.3.3.2 saltbundlepy-docker-pycreds-0.4.0-159000.3.3.2 saltbundlepy-docopt-0.6.2-159000.3.3.2 saltbundlepy-idna-2.6-159000.3.3.2 saltbundlepy-importlib-metadata-1.5.0-159000.3.3.2 saltbundlepy-jinja2-2.10.1-159000.3.3.2 saltbundlepy-jinja2-emacs-2.10.1-159000.3.3.2 saltbundlepy-jinja2-vim-2.10.1-159000.3.3.2 saltbundlepy-kiwi-9.23.20-159000.3.3.2 saltbundlepy-libs-3.9.6-159000.3.3.2 saltbundlepy-libvirt-8.0.0-159000.3.3.2 saltbundlepy-lxml-4.6.3-159000.3.3.2 saltbundlepy-lxml-devel-4.6.3-159000.3.3.2 saltbundlepy-lxml-doc-4.6.3-159000.3.3.2 saltbundlepy-m2crypto-0.35.2-159000.3.3.2 saltbundlepy-m2crypto-doc-0.35.2-159000.3.3.2 saltbundlepy-markupsafe-1.0-159000.3.3.2 saltbundlepy-more-itertools-4.2.0-159000.3.3.2 saltbundlepy-msgpack-0.5.6-159000.3.3.2 saltbundlepy-netaddr-0.7.19-159000.3.3.2 saltbundlepy-packaging-20.3-159000.3.3.2 saltbundlepy-paramiko-2.4.2-159000.3.3.2 saltbundlepy-paramiko-doc-2.4.2-159000.3.3.2 saltbundlepy-pluggy-0.13.1-159000.3.3.2 saltbundlepy-psutil-5.8.0-159000.3.3.2 saltbundlepy-ptyprocess-0.5.2-159000.3.3.2 saltbundlepy-py-1.8.1-159000.3.3.2 saltbundlepy-pyasn1-0.4.2-159000.3.3.2 saltbundlepy-pyasn1-modules-0.2.1-159000.3.3.2 saltbundlepy-pycparser-2.17-159000.3.3.2 saltbundlepy-pycurl-7.43.0.2-159000.3.3.2 saltbundlepy-pycurl-doc-7.43.0.2-159000.3.3.2 saltbundlepy-pyinotify-0.9.6-159000.3.3.2 saltbundlepy-pynacl-1.2.1-159000.3.3.2 saltbundlepy-pyopenssl-19.0.0-159000.3.3.2 saltbundlepy-pyparsing-2.4.7-159000.3.3.2 saltbundlepy-pysocks-1.6.8-159000.3.3.2 saltbundlepy-pytest-3.10.1-159000.3.3.2 saltbundlepy-pytz-2021.1-159000.3.3.2 saltbundlepy-pyxattr-0.7.2-159000.3.3.2 saltbundlepy-pyyaml-5.4.1-159000.3.3.2 saltbundlepy-pyzmq-22.2.1-159000.3.3.2 saltbundlepy-pyzmq-devel-22.2.1-159000.3.3.2 saltbundlepy-requests-2.24.0-159000.3.3.2 saltbundlepy-rpm-generators-20211001.fc6c04e-159000.3.3.3 saltbundlepy-rpm-macros-20211001.fc6c04e-159000.3.3.3 saltbundlepy-rpm-vercmp-0.1.2-159000.3.3.2 saltbundlepy-setuptools-44.1.1-159000.3.3.2 saltbundlepy-setuptools-scm-3.5.0-159000.3.3.2 saltbundlepy-simplejson-3.17.2-159000.3.3.2 saltbundlepy-six-1.14.0-159000.3.3.2 saltbundlepy-testsuite-3.9.6-159000.3.3.2 saltbundlepy-tk-3.9.6-159000.3.3.2 saltbundlepy-tools-3.9.6-159000.3.3.2 saltbundlepy-tornado-4.5.3-159000.3.3.2 saltbundlepy-urllib3-1.25.10-159000.3.3.2 saltbundlepy-venvjail-0.2.git.1634900618.b13fb73-159000.3.3.2 saltbundlepy-websocket-client-0.57.0-159000.3.3.2 saltbundlepy-zipp-0.6.0-159000.3.3.2 saltbundlepy-zypp-plugin-0.6.3-159000.3.3.2 venv-salt-minion-3002.2-159000.3.3.2 The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. CVE-2011-3389 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2011-3389.html CVE-2011-3389 https://bugzilla.suse.com/716002 SUSE Bug 716002 https://bugzilla.suse.com/719047 SUSE Bug 719047 https://bugzilla.suse.com/725167 SUSE Bug 725167 https://bugzilla.suse.com/726096 SUSE Bug 726096 https://bugzilla.suse.com/739248 SUSE Bug 739248 https://bugzilla.suse.com/739256 SUSE Bug 739256 https://bugzilla.suse.com/742306 SUSE Bug 742306 https://bugzilla.suse.com/751718 SUSE Bug 751718 https://bugzilla.suse.com/759666 SUSE Bug 759666 https://bugzilla.suse.com/763598 SUSE Bug 763598 https://bugzilla.suse.com/814655 SUSE Bug 814655 Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. CVE-2011-4944 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2011-4944.html CVE-2011-4944 https://bugzilla.suse.com/754447 SUSE Bug 754447 SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. CVE-2012-0845 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2012-0845.html CVE-2012-0845 https://bugzilla.suse.com/747125 SUSE Bug 747125 Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. CVE-2012-1150 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2012-1150.html CVE-2012-1150 https://bugzilla.suse.com/751718 SUSE Bug 751718 https://bugzilla.suse.com/755383 SUSE Bug 755383 https://bugzilla.suse.com/826682 SUSE Bug 826682 Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 "Independently Fixable" in the CVE Counting Decisions CVE-2013-1752 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2013-1752.html CVE-2013-1752 https://bugzilla.suse.com/856835 SUSE Bug 856835 https://bugzilla.suse.com/856836 SUSE Bug 856836 https://bugzilla.suse.com/863741 SUSE Bug 863741 https://bugzilla.suse.com/885882 SUSE Bug 885882 https://bugzilla.suse.com/898572 SUSE Bug 898572 https://bugzilla.suse.com/912739 SUSE Bug 912739 The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVE-2013-4238 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2013-4238.html CVE-2013-4238 https://bugzilla.suse.com/834601 SUSE Bug 834601 https://bugzilla.suse.com/839107 SUSE Bug 839107 https://bugzilla.suse.com/882915 SUSE Bug 882915 https://bugzilla.suse.com/912739 SUSE Bug 912739 The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2013-4314 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2013-4314.html CVE-2013-4314 https://bugzilla.suse.com/839107 SUSE Bug 839107 FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402. CVE-2014-0012 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2014-0012.html CVE-2014-0012 https://bugzilla.suse.com/858239 SUSE Bug 858239 Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. CVE-2014-1829 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2014-1829.html CVE-2014-1829 https://bugzilla.suse.com/897658 SUSE Bug 897658 Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. CVE-2014-1830 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2014-1830.html CVE-2014-1830 https://bugzilla.suse.com/897658 SUSE Bug 897658 Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. CVE-2014-2667 moderate 3.3 AV:L/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2014-2667.html CVE-2014-2667 https://bugzilla.suse.com/871152 SUSE Bug 871152 The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. CVE-2014-4650 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2014-4650.html CVE-2014-4650 https://bugzilla.suse.com/856835 SUSE Bug 856835 https://bugzilla.suse.com/856836 SUSE Bug 856836 https://bugzilla.suse.com/863741 SUSE Bug 863741 https://bugzilla.suse.com/885882 SUSE Bug 885882 https://bugzilla.suse.com/898572 SUSE Bug 898572 https://bugzilla.suse.com/912739 SUSE Bug 912739 stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. CVE-2014-7202 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2014-7202.html CVE-2014-7202 https://bugzilla.suse.com/898917 SUSE Bug 898917 libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. CVE-2014-7203 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2014-7203.html CVE-2014-7203 https://bugzilla.suse.com/898917 SUSE Bug 898917 libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. CVE-2014-9721 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2014-9721.html CVE-2014-9721 https://bugzilla.suse.com/931978 SUSE Bug 931978 The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. CVE-2015-2296 low 1.8 AV:A/AC:H/Au:N/C:P/I:N/A:N 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2015-2296.html CVE-2015-2296 https://bugzilla.suse.com/922448 SUSE Bug 922448 https://bugzilla.suse.com/926396 SUSE Bug 926396 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. CVE-2016-10745 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2016-10745.html CVE-2016-10745 https://bugzilla.suse.com/1132174 SUSE Bug 1132174 Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. CVE-2016-9015 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2016-9015.html CVE-2016-9015 https://bugzilla.suse.com/1023502 SUSE Bug 1023502 https://bugzilla.suse.com/1024540 SUSE Bug 1024540 In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function. CVE-2017-18342 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2017-18342.html CVE-2017-18342 https://bugzilla.suse.com/1099308 SUSE Bug 1099308 https://bugzilla.suse.com/1164453 SUSE Bug 1164453 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. CVE-2018-18074 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2018-18074.html CVE-2018-18074 https://bugzilla.suse.com/1111622 SUSE Bug 1111622 urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. CVE-2018-20060 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2018-20060.html CVE-2018-20060 https://bugzilla.suse.com/1119376 SUSE Bug 1119376 https://bugzilla.suse.com/1216275 SUSE Bug 1216275 transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. CVE-2018-7750 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2018-7750.html CVE-2018-7750 https://bugzilla.suse.com/1085276 SUSE Bug 1085276 https://bugzilla.suse.com/1111151 SUSE Bug 1111151 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. CVE-2019-10906 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2019-10906.html CVE-2019-10906 https://bugzilla.suse.com/1132323 SUSE Bug 1132323 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2019-11236.html CVE-2019-11236 https://bugzilla.suse.com/1129071 SUSE Bug 1129071 https://bugzilla.suse.com/1132663 SUSE Bug 1132663 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. CVE-2019-11324 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2019-11324.html CVE-2019-11324 https://bugzilla.suse.com/1132900 SUSE Bug 1132900 In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. CVE-2019-13132 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2019-13132.html CVE-2019-13132 https://bugzilla.suse.com/1140255 SUSE Bug 1140255 In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. CVE-2019-20907 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2019-20907.html CVE-2019-20907 https://bugzilla.suse.com/1174091 SUSE Bug 1174091 The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. CVE-2019-20916 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2019-20916.html CVE-2019-20916 https://bugzilla.suse.com/1176262 SUSE Bug 1176262 An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. CVE-2019-5010 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2019-5010.html CVE-2019-5010 https://bugzilla.suse.com/1122191 SUSE Bug 1122191 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control). CVE-2019-6250 moderate 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2019-6250.html CVE-2019-6250 https://bugzilla.suse.com/1121717 SUSE Bug 1121717 https://bugzilla.suse.com/1122012 SUSE Bug 1122012 An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing CVE-2019-8341 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2019-8341.html CVE-2019-8341 https://bugzilla.suse.com/1125815 SUSE Bug 1125815 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVE-2019-9740 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2019-9740.html CVE-2019-9740 https://bugzilla.suse.com/1129071 SUSE Bug 1129071 https://bugzilla.suse.com/1130840 SUSE Bug 1130840 https://bugzilla.suse.com/1132663 SUSE Bug 1132663 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVE-2019-9947 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2019-9947.html CVE-2019-9947 https://bugzilla.suse.com/1130840 SUSE Bug 1130840 https://bugzilla.suse.com/1136184 SUSE Bug 1136184 https://bugzilla.suse.com/1155094 SUSE Bug 1155094 https://bugzilla.suse.com/1201559 SUSE Bug 1201559 A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. CVE-2020-14343 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-14343.html CVE-2020-14343 https://bugzilla.suse.com/1174514 SUSE Bug 1174514 In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3. CVE-2020-15166 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-15166.html CVE-2020-15166 https://bugzilla.suse.com/1176116 SUSE Bug 1176116 In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. CVE-2020-15523 moderate 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-15523.html CVE-2020-15523 https://bugzilla.suse.com/1173745 SUSE Bug 1173745 In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. CVE-2020-15801 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-15801.html CVE-2020-15801 https://bugzilla.suse.com/1174241 SUSE Bug 1174241 A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. CVE-2020-1747 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-1747.html CVE-2020-1747 https://bugzilla.suse.com/1165439 SUSE Bug 1165439 https://bugzilla.suse.com/1174514 SUSE Bug 1174514 python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. CVE-2020-25659 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-25659.html CVE-2020-25659 https://bugzilla.suse.com/1178168 SUSE Bug 1178168 https://bugzilla.suse.com/1183152 SUSE Bug 1183152 https://bugzilla.suse.com/1218043 SUSE Bug 1218043 urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. CVE-2020-26137 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-26137.html CVE-2020-26137 https://bugzilla.suse.com/1177120 SUSE Bug 1177120 https://bugzilla.suse.com/1177211 SUSE Bug 1177211 A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. CVE-2020-27783 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-27783.html CVE-2020-27783 https://bugzilla.suse.com/1179534 SUSE Bug 1179534 This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. CVE-2020-28493 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-28493.html CVE-2020-28493 https://bugzilla.suse.com/1181944 SUSE Bug 1181944 A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. CVE-2020-29651 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-29651.html CVE-2020-29651 https://bugzilla.suse.com/1179805 SUSE Bug 1179805 In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. CVE-2020-36242 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-36242.html CVE-2020-36242 https://bugzilla.suse.com/1182066 SUSE Bug 1182066 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVE-2020-8492 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2020-8492.html CVE-2020-8492 https://bugzilla.suse.com/1162367 SUSE Bug 1162367 The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. CVE-2021-23336 moderate 4 AV:N/AC:H/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2021-23336.html CVE-2021-23336 https://bugzilla.suse.com/1182179 SUSE Bug 1182179 https://bugzilla.suse.com/1182379 SUSE Bug 1182379 https://bugzilla.suse.com/1182433 SUSE Bug 1182433 An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. CVE-2021-28957 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2021-28957.html CVE-2021-28957 https://bugzilla.suse.com/1184177 SUSE Bug 1184177 In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. CVE-2021-29921 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2021-29921.html CVE-2021-29921 https://bugzilla.suse.com/1185706 SUSE Bug 1185706 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. CVE-2021-3177 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2021-3177.html CVE-2021-3177 https://bugzilla.suse.com/1181126 SUSE Bug 1181126 An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. CVE-2021-33503 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2021-33503.html CVE-2021-33503 https://bugzilla.suse.com/1187045 SUSE Bug 1187045 There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. CVE-2021-3426 moderate 2.7 AV:A/AC:L/Au:S/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2022-444/suse-fu-20220444-1/ https://www.suse.com/security/cve/CVE-2021-3426.html CVE-2021-3426 https://bugzilla.suse.com/1183374 SUSE Bug 1183374