Security update for python SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:14198-1 Final 1 1 2021-01-05T08:20:49Z current 2021-01-05T08:20:49Z 2021-01-05T08:20:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleposp3-python-14198,slessp4-python-14198 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-202114198-1/ Link for SUSE-SU-2021:14198-1 https://lists.suse.com/pipermail/sle-security-updates/2021-January/008150.html E-Mail link for SUSE-SU-2021:14198-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1149955 SUSE Bug 1149955 https://www.suse.com/security/cve/CVE-2019-16056/ SUSE CVE CVE-2019-16056 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP4-LTSS libpython2_6-1_0-2.6.9-40.32.1 python-2.6.9-40.32.2 python-base-2.6.9-40.32.1 python-curses-2.6.9-40.32.2 python-demo-2.6.9-40.32.2 python-doc-2.6-8.40.32.1 python-doc-pdf-2.6-8.40.32.1 python-gdbm-2.6.9-40.32.2 python-idle-2.6.9-40.32.2 python-tk-2.6.9-40.32.2 python-xml-2.6.9-40.32.1 libpython2_6-1_0-32bit-2.6.9-40.32.1 python-32bit-2.6.9-40.32.2 python-base-32bit-2.6.9-40.32.1 libpython2_6-1_0-2.6.9-40.32.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-base-2.6.9-40.32.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-curses-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-demo-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-doc-2.6-8.40.32.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-doc-pdf-2.6-8.40.32.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-gdbm-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-idle-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-tk-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 python-xml-2.6.9-40.32.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 libpython2_6-1_0-2.6.9-40.32.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS libpython2_6-1_0-32bit-2.6.9-40.32.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-32bit-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-base-2.6.9-40.32.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-base-32bit-2.6.9-40.32.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-curses-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-demo-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-doc-2.6-8.40.32.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-doc-pdf-2.6-8.40.32.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-gdbm-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-idle-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-tk-2.6.9-40.32.2 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS python-xml-2.6.9-40.32.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. CVE-2019-16056 SUSE Linux Enterprise Point of Sale 11 SP3:libpython2_6-1_0-2.6.9-40.32.1 SUSE Linux Enterprise Point of Sale 11 SP3:python-2.6.9-40.32.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-base-2.6.9-40.32.1 SUSE Linux Enterprise Point of Sale 11 SP3:python-curses-2.6.9-40.32.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-demo-2.6.9-40.32.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-doc-2.6-8.40.32.1 SUSE Linux Enterprise Point of Sale 11 SP3:python-doc-pdf-2.6-8.40.32.1 SUSE Linux Enterprise Point of Sale 11 SP3:python-gdbm-2.6.9-40.32.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-idle-2.6.9-40.32.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-tk-2.6.9-40.32.2 SUSE Linux Enterprise Point of Sale 11 SP3:python-xml-2.6.9-40.32.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libpython2_6-1_0-2.6.9-40.32.1 SUSE Linux Enterprise Server 11 SP4-LTSS:libpython2_6-1_0-32bit-2.6.9-40.32.1 SUSE Linux Enterprise Server 11 SP4-LTSS:python-2.6.9-40.32.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-32bit-2.6.9-40.32.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-base-2.6.9-40.32.1 SUSE Linux Enterprise Server 11 SP4-LTSS:python-base-32bit-2.6.9-40.32.1 SUSE Linux Enterprise Server 11 SP4-LTSS:python-curses-2.6.9-40.32.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-demo-2.6.9-40.32.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-doc-2.6-8.40.32.1 SUSE Linux Enterprise Server 11 SP4-LTSS:python-doc-pdf-2.6-8.40.32.1 SUSE Linux Enterprise Server 11 SP4-LTSS:python-gdbm-2.6.9-40.32.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-idle-2.6.9-40.32.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-tk-2.6.9-40.32.2 SUSE Linux Enterprise Server 11 SP4-LTSS:python-xml-2.6.9-40.32.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114198-1/ https://www.suse.com/security/cve/CVE-2019-16056.html CVE-2019-16056 https://bugzilla.suse.com/1149955 SUSE Bug 1149955