Security update for python312

Announcement ID:	SUSE-SU-2024:3303-1
Rating:	important
References:	bsc#1227999 bsc#1228780 bsc#1229596 bsc#1229704 bsc#1230227
Cross-References:	CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 CVE-2024-8088
CVSS scores:	CVE-2024-6232 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H CVE-2024-6232 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-6232 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-6923 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2024-7592 ( SUSE ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2024-7592 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-8088 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-8088 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:	openSUSE Leap 15.6 Python 3 Module 15-SP6 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves four vulnerabilities and has one security fix can now be installed.

Description:

This update for python312 fixes the following issues:

• Update to 3.12.6
• CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module. (bsc#1228780).
• CVE-2024-7592: Fixed Email header injection due to unquoted newlines. (bsc#1229596)
• CVE-2024-6232: Fixed ReDos via excessive backtracking while parsing header values. (bsc#1230227)
• CVE-2024-8088: Fixed denial of service in zipfile. (bsc#1229704)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.6
  zypper in -t patch SUSE-2024-3303=1 openSUSE-SLE-15.6-2024-3303=1
• Python 3 Module 15-SP6
  zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-3303=1

Package List:

• openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
  • python312-tk-3.12.6-150600.3.6.1
  • python312-curses-debuginfo-3.12.6-150600.3.6.1
  • python312-idle-3.12.6-150600.3.6.1
  • libpython3_12-1_0-3.12.6-150600.3.6.1
  • python312-dbm-3.12.6-150600.3.6.1
  • python312-doc-3.12.6-150600.3.6.1
  • python312-dbm-debuginfo-3.12.6-150600.3.6.1
  • python312-base-3.12.6-150600.3.6.1
  • python312-3.12.6-150600.3.6.1
  • python312-devel-3.12.6-150600.3.6.1
  • python312-testsuite-3.12.6-150600.3.6.1
  • python312-tk-debuginfo-3.12.6-150600.3.6.1
  • python312-curses-3.12.6-150600.3.6.1
  • libpython3_12-1_0-debuginfo-3.12.6-150600.3.6.1
  • python312-debuginfo-3.12.6-150600.3.6.1
  • python312-base-debuginfo-3.12.6-150600.3.6.1
  • python312-doc-devhelp-3.12.6-150600.3.6.1
  • python312-testsuite-debuginfo-3.12.6-150600.3.6.1
  • python312-debugsource-3.12.6-150600.3.6.1
  • python312-core-debugsource-3.12.6-150600.3.6.1
  • python312-tools-3.12.6-150600.3.6.1
• openSUSE Leap 15.6 (x86_64)
  • libpython3_12-1_0-32bit-debuginfo-3.12.6-150600.3.6.1
  • python312-base-32bit-debuginfo-3.12.6-150600.3.6.1
  • libpython3_12-1_0-32bit-3.12.6-150600.3.6.1
  • python312-base-32bit-3.12.6-150600.3.6.1
  • python312-32bit-debuginfo-3.12.6-150600.3.6.1
  • python312-32bit-3.12.6-150600.3.6.1
• openSUSE Leap 15.6 (aarch64_ilp32)
  • python312-base-64bit-debuginfo-3.12.6-150600.3.6.1
  • python312-64bit-debuginfo-3.12.6-150600.3.6.1
  • libpython3_12-1_0-64bit-3.12.6-150600.3.6.1
  • libpython3_12-1_0-64bit-debuginfo-3.12.6-150600.3.6.1
  • python312-base-64bit-3.12.6-150600.3.6.1
  • python312-64bit-3.12.6-150600.3.6.1
• Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64)
  • python312-curses-3.12.6-150600.3.6.1
  • python312-debugsource-3.12.6-150600.3.6.1
  • libpython3_12-1_0-debuginfo-3.12.6-150600.3.6.1
  • python312-tk-3.12.6-150600.3.6.1
  • python312-debuginfo-3.12.6-150600.3.6.1
  • python312-curses-debuginfo-3.12.6-150600.3.6.1
  • python312-dbm-debuginfo-3.12.6-150600.3.6.1
  • python312-idle-3.12.6-150600.3.6.1
  • python312-base-3.12.6-150600.3.6.1
  • python312-3.12.6-150600.3.6.1
  • python312-base-debuginfo-3.12.6-150600.3.6.1
  • python312-devel-3.12.6-150600.3.6.1
  • libpython3_12-1_0-3.12.6-150600.3.6.1
  • python312-dbm-3.12.6-150600.3.6.1
  • python312-core-debugsource-3.12.6-150600.3.6.1
  • python312-tk-debuginfo-3.12.6-150600.3.6.1
  • python312-tools-3.12.6-150600.3.6.1

References:

• https://www.suse.com/security/cve/CVE-2024-6232.html
• https://www.suse.com/security/cve/CVE-2024-6923.html
• https://www.suse.com/security/cve/CVE-2024-7592.html
• https://www.suse.com/security/cve/CVE-2024-8088.html
• https://bugzilla.suse.com/show_bug.cgi?id=1227999
• https://bugzilla.suse.com/show_bug.cgi?id=1228780
• https://bugzilla.suse.com/show_bug.cgi?id=1229596
• https://bugzilla.suse.com/show_bug.cgi?id=1229704
• https://bugzilla.suse.com/show_bug.cgi?id=1230227