Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-3651 (GCVE-0-2024-3651)
Vulnerability from cvelistv5 – Published: 2024-07-07 17:22 – Updated: 2025-11-04 22:06
VLAI
EPSS
Title
Denial of Service via Quadratic Complexity in kjd/idna
Summary
A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.
Severity
6.2 (Medium)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-07T19:07:43.737156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-07T19:07:50.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:06:20.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00006.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2S5E23N6E52S46KGNYTDFB75LOC4N4D/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5IDLLD2IKSIVRBSLB34WTSYGLMWUFWF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULSC7HBJKXB3BZV367WM5BR6DFEC4Z43/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YQUPYH3SVZ5GFF2CDQ55FCM575AZTF2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kjd/idna",
"vendor": "kjd",
"versions": [
{
"lessThan": "3.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function\u0027s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:49:38.011Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb"
},
{
"url": "https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
}
],
"source": {
"advisory": "93d78d07-d791-4b39-a845-cbfabc44aadb",
"discovery": "EXTERNAL"
},
"title": "Denial of Service via Quadratic Complexity in kjd/idna"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-3651",
"datePublished": "2024-07-07T17:22:10.032Z",
"dateReserved": "2024-04-10T23:50:44.569Z",
"dateUpdated": "2025-11-04T22:06:20.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-3651",
"date": "2026-05-29",
"epss": "0.00689",
"percentile": "0.72084"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-3651\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2024-07-07T18:15:09.827\",\"lastModified\":\"2025-11-04T22:16:02.477\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function\u0027s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.\"},{\"lang\":\"es\",\"value\":\"Se identific\u00f3 una vulnerabilidad en la librer\u00eda kjd/idna, espec\u00edficamente dentro de la funci\u00f3n `idna.encode()`, afectando a la versi\u00f3n 3.6. El problema surge del manejo por parte de la funci\u00f3n de cadenas de entrada manipuladas, lo que puede generar complejidad cuadr\u00e1tica y, en consecuencia, una condici\u00f3n de denegaci\u00f3n de servicio. Esta vulnerabilidad se activa por una entrada manipulada que hace que la funci\u00f3n `idna.encode()` procese la entrada con una carga computacional considerable, aumentando significativamente el tiempo de procesamiento de manera cuadr\u00e1tica en relaci\u00f3n con el tama\u00f1o de la entrada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kjd:internationalized_domain_names_in_applications:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.2\",\"versionEndExcluding\":\"3.7\",\"matchCriteriaId\":\"20BA3E25-3189-4C85-A213-0E295CFFE5E1\"}]}]}],\"references\":[{\"url\":\"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/05/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YQUPYH3SVZ5GFF2CDQ55FCM575AZTF2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2S5E23N6E52S46KGNYTDFB75LOC4N4D/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5IDLLD2IKSIVRBSLB34WTSYGLMWUFWF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULSC7HBJKXB3BZV367WM5BR6DFEC4Z43/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00006.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2S5E23N6E52S46KGNYTDFB75LOC4N4D/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S5IDLLD2IKSIVRBSLB34WTSYGLMWUFWF/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULSC7HBJKXB3BZV367WM5BR6DFEC4Z43/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YQUPYH3SVZ5GFF2CDQ55FCM575AZTF2/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T22:06:20.751Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3651\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-07T19:07:43.737156Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-07T19:07:48.586Z\"}}], \"cna\": {\"title\": \"Denial of Service via Quadratic Complexity in kjd/idna\", \"source\": {\"advisory\": \"93d78d07-d791-4b39-a845-cbfabc44aadb\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 6.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"kjd\", \"product\": \"kjd/idna\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"3.7\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb\"}, {\"url\": \"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function\u0027s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"CWE-1333 Inefficient Regular Expression Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"shortName\": \"@huntr_ai\", \"dateUpdated\": \"2025-10-15T12:49:38.011Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-3651\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T22:06:20.751Z\", \"dateReserved\": \"2024-04-10T23:50:44.569Z\", \"assignerOrgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"datePublished\": \"2024-07-07T17:22:10.032Z\", \"assignerShortName\": \"@huntr_ai\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2024:1428-1
Vulnerability from csaf_suse - Published: 2024-04-24 09:10 - Updated: 2024-04-24 09:10Summary
Security update for python-idna
Severity
Moderate
Notes
Title of the patch: Security update for python-idna
Description of the patch: This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
Patchnames: SUSE-2024-1428,SUSE-SLE-Module-Public-Cloud-12-2024-1428,SUSE-SLE-SERVER-12-SP5-2024-1428
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:python-idna-2.5-3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:python3-idna-2.5-3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:python-idna-2.5-3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:python3-idna-2.5-3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-idna-2.5-3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-idna-2.5-3.13.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-idna",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-idna fixes the following issues:\n\n- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1428,SUSE-SLE-Module-Public-Cloud-12-2024-1428,SUSE-SLE-SERVER-12-SP5-2024-1428",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1428-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1428-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241428-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1428-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035079.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222842",
"url": "https://bugzilla.suse.com/1222842"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3651 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3651/"
}
],
"title": "Security update for python-idna",
"tracking": {
"current_release_date": "2024-04-24T09:10:46Z",
"generator": {
"date": "2024-04-24T09:10:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1428-1",
"initial_release_date": "2024-04-24T09:10:46Z",
"revision_history": [
{
"date": "2024-04-24T09:10:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-idna-2.5-3.13.1.noarch",
"product": {
"name": "python-idna-2.5-3.13.1.noarch",
"product_id": "python-idna-2.5-3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-idna-2.5-3.13.1.noarch",
"product": {
"name": "python3-idna-2.5-3.13.1.noarch",
"product_id": "python3-idna-2.5-3.13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idna-2.5-3.13.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-idna-2.5-3.13.1.noarch"
},
"product_reference": "python-idna-2.5-3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.5-3.13.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-idna-2.5-3.13.1.noarch"
},
"product_reference": "python3-idna-2.5-3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idna-2.5-3.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-idna-2.5-3.13.1.noarch"
},
"product_reference": "python-idna-2.5-3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.5-3.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-idna-2.5-3.13.1.noarch"
},
"product_reference": "python3-idna-2.5-3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-idna-2.5-3.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-idna-2.5-3.13.1.noarch"
},
"product_reference": "python-idna-2.5-3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.5-3.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-idna-2.5-3.13.1.noarch"
},
"product_reference": "python3-idna-2.5-3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3651"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function\u0027s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:python-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-idna-2.5-3.13.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3651",
"url": "https://www.suse.com/security/cve/CVE-2024-3651"
},
{
"category": "external",
"summary": "SUSE Bug 1222842 for CVE-2024-3651",
"url": "https://bugzilla.suse.com/1222842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:python-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-idna-2.5-3.13.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:python-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-idna-2.5-3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-idna-2.5-3.13.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-24T09:10:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-3651"
}
]
}
SUSE-SU-2024:1439-1
Vulnerability from csaf_suse - Published: 2024-04-25 21:41 - Updated: 2024-04-25 21:41Summary
Security update for python-idna
Severity
Moderate
Notes
Title of the patch: Security update for python-idna
Description of the patch: This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
Patchnames: SUSE-2024-1439,SUSE-SLE-Micro-5.3-2024-1439,SUSE-SLE-Micro-5.4-2024-1439,SUSE-SLE-Micro-5.5-2024-1439,SUSE-SLE-Module-Basesystem-15-SP5-2024-1439,SUSE-SUSE-MicroOS-5.1-2024-1439,SUSE-SUSE-MicroOS-5.2-2024-1439,openSUSE-Leap-Micro-5.3-2024-1439,openSUSE-Leap-Micro-5.4-2024-1439,openSUSE-SLE-15.5-2024-1439
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:python3-idna-2.6-150000.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:python3-idna-2.6-150000.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:python3-idna-2.6-150000.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:python3-idna-2.6-150000.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:python3-idna-2.6-150000.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-idna-2.6-150000.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python3-idna-2.6-150000.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:python3-idna-2.6-150000.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.4:python3-idna-2.6-150000.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-idna",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-idna fixes the following issues:\n\n- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1439,SUSE-SLE-Micro-5.3-2024-1439,SUSE-SLE-Micro-5.4-2024-1439,SUSE-SLE-Micro-5.5-2024-1439,SUSE-SLE-Module-Basesystem-15-SP5-2024-1439,SUSE-SUSE-MicroOS-5.1-2024-1439,SUSE-SUSE-MicroOS-5.2-2024-1439,openSUSE-Leap-Micro-5.3-2024-1439,openSUSE-Leap-Micro-5.4-2024-1439,openSUSE-SLE-15.5-2024-1439",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1439-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1439-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241439-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1439-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035104.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222842",
"url": "https://bugzilla.suse.com/1222842"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3651 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3651/"
}
],
"title": "Security update for python-idna",
"tracking": {
"current_release_date": "2024-04-25T21:41:20Z",
"generator": {
"date": "2024-04-25T21:41:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1439-1",
"initial_release_date": "2024-04-25T21:41:20Z",
"revision_history": [
{
"date": "2024-04-25T21:41:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-idna-2.6-150000.3.3.1.noarch",
"product": {
"name": "python2-idna-2.6-150000.3.3.1.noarch",
"product_id": "python2-idna-2.6-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-idna-2.6-150000.3.3.1.noarch",
"product": {
"name": "python3-idna-2.6-150000.3.3.1.noarch",
"product_id": "python3-idna-2.6-150000.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.4",
"product": {
"name": "openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.6-150000.3.3.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:python3-idna-2.6-150000.3.3.1.noarch"
},
"product_reference": "python3-idna-2.6-150000.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.6-150000.3.3.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:python3-idna-2.6-150000.3.3.1.noarch"
},
"product_reference": "python3-idna-2.6-150000.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.6-150000.3.3.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:python3-idna-2.6-150000.3.3.1.noarch"
},
"product_reference": "python3-idna-2.6-150000.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.6-150000.3.3.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-idna-2.6-150000.3.3.1.noarch"
},
"product_reference": "python3-idna-2.6-150000.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.6-150000.3.3.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-idna-2.6-150000.3.3.1.noarch"
},
"product_reference": "python3-idna-2.6-150000.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.6-150000.3.3.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:python3-idna-2.6-150000.3.3.1.noarch"
},
"product_reference": "python3-idna-2.6-150000.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.6-150000.3.3.1.noarch as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:python3-idna-2.6-150000.3.3.1.noarch"
},
"product_reference": "python3-idna-2.6-150000.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.6-150000.3.3.1.noarch as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:python3-idna-2.6-150000.3.3.1.noarch"
},
"product_reference": "python3-idna-2.6-150000.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.6-150000.3.3.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-idna-2.6-150000.3.3.1.noarch"
},
"product_reference": "python3-idna-2.6-150000.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3651"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function\u0027s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-idna-2.6-150000.3.3.1.noarch",
"openSUSE Leap 15.5:python3-idna-2.6-150000.3.3.1.noarch",
"openSUSE Leap Micro 5.3:python3-idna-2.6-150000.3.3.1.noarch",
"openSUSE Leap Micro 5.4:python3-idna-2.6-150000.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3651",
"url": "https://www.suse.com/security/cve/CVE-2024-3651"
},
{
"category": "external",
"summary": "SUSE Bug 1222842 for CVE-2024-3651",
"url": "https://bugzilla.suse.com/1222842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-idna-2.6-150000.3.3.1.noarch",
"openSUSE Leap 15.5:python3-idna-2.6-150000.3.3.1.noarch",
"openSUSE Leap Micro 5.3:python3-idna-2.6-150000.3.3.1.noarch",
"openSUSE Leap Micro 5.4:python3-idna-2.6-150000.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-idna-2.6-150000.3.3.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-idna-2.6-150000.3.3.1.noarch",
"openSUSE Leap 15.5:python3-idna-2.6-150000.3.3.1.noarch",
"openSUSE Leap Micro 5.3:python3-idna-2.6-150000.3.3.1.noarch",
"openSUSE Leap Micro 5.4:python3-idna-2.6-150000.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-25T21:41:20Z",
"details": "moderate"
}
],
"title": "CVE-2024-3651"
}
]
}
SUSE-SU-2024:1439-2
Vulnerability from csaf_suse - Published: 2024-04-25 21:41 - Updated: 2024-04-25 21:41Summary
Security update for python-idna
Severity
Moderate
Notes
Title of the patch: Security update for python-idna
Description of the patch: This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
Patchnames: SUSE-2024-1439,SUSE-SLE-Micro-5.5-2024-1439
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:python3-idna-2.6-150000.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-idna",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-idna fixes the following issues:\n\n- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1439,SUSE-SLE-Micro-5.5-2024-1439",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1439-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1439-2",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241439-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1439-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019076.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222842",
"url": "https://bugzilla.suse.com/1222842"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3651 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3651/"
}
],
"title": "Security update for python-idna",
"tracking": {
"current_release_date": "2024-04-25T21:41:41Z",
"generator": {
"date": "2024-04-25T21:41:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1439-2",
"initial_release_date": "2024-04-25T21:41:41Z",
"revision_history": [
{
"date": "2024-04-25T21:41:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-idna-2.6-150000.3.3.1.noarch",
"product": {
"name": "python2-idna-2.6-150000.3.3.1.noarch",
"product_id": "python2-idna-2.6-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-idna-2.6-150000.3.3.1.noarch",
"product": {
"name": "python3-idna-2.6-150000.3.3.1.noarch",
"product_id": "python3-idna-2.6-150000.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-idna-2.6-150000.3.3.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:python3-idna-2.6-150000.3.3.1.noarch"
},
"product_reference": "python3-idna-2.6-150000.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3651"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function\u0027s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:python3-idna-2.6-150000.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3651",
"url": "https://www.suse.com/security/cve/CVE-2024-3651"
},
{
"category": "external",
"summary": "SUSE Bug 1222842 for CVE-2024-3651",
"url": "https://bugzilla.suse.com/1222842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:python3-idna-2.6-150000.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:python3-idna-2.6-150000.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-25T21:41:41Z",
"details": "moderate"
}
],
"title": "CVE-2024-3651"
}
]
}
SUSE-SU-2024:1939-1
Vulnerability from csaf_suse - Published: 2024-06-07 12:03 - Updated: 2024-06-07 12:03Summary
Security update for python-idna
Severity
Moderate
Notes
Title of the patch: Security update for python-idna
Description of the patch: This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed a denial of service via resource consumption through
specially crafted inputs to idna.encode() (bsc#1222842)
Patchnames: SUSE-2024-1939,SUSE-SLE-Module-Public-Cloud-15-SP4-2024-1939,SUSE-SLE-Module-Python3-15-SP5-2024-1939,SUSE-SLE-Module-Python3-15-SP6-2024-1939,openSUSE-SLE-15.5-2024-1939,openSUSE-SLE-15.6-2024-1939
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-idna-3.4-150400.11.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP5:python311-idna-3.4-150400.11.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:python311-idna-3.4-150400.11.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python311-idna-3.4-150400.11.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-idna-3.4-150400.11.10.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-idna",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-idna fixes the following issues:\n\n- CVE-2024-3651: Fixed a denial of service via resource consumption through \n specially crafted inputs to idna.encode() (bsc#1222842)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1939,SUSE-SLE-Module-Public-Cloud-15-SP4-2024-1939,SUSE-SLE-Module-Python3-15-SP5-2024-1939,SUSE-SLE-Module-Python3-15-SP6-2024-1939,openSUSE-SLE-15.5-2024-1939,openSUSE-SLE-15.6-2024-1939",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1939-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1939-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241939-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1939-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-June/035533.html"
},
{
"category": "self",
"summary": "SUSE Bug 1222842",
"url": "https://bugzilla.suse.com/1222842"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3651 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3651/"
}
],
"title": "Security update for python-idna",
"tracking": {
"current_release_date": "2024-06-07T12:03:22Z",
"generator": {
"date": "2024-06-07T12:03:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1939-1",
"initial_release_date": "2024-06-07T12:03:22Z",
"revision_history": [
{
"date": "2024-06-07T12:03:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-idna-3.4-150400.11.10.1.noarch",
"product": {
"name": "python311-idna-3.4-150400.11.10.1.noarch",
"product_id": "python311-idna-3.4-150400.11.10.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idna-3.4-150400.11.10.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-idna-3.4-150400.11.10.1.noarch"
},
"product_reference": "python311-idna-3.4-150400.11.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idna-3.4-150400.11.10.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP5:python311-idna-3.4-150400.11.10.1.noarch"
},
"product_reference": "python311-idna-3.4-150400.11.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idna-3.4-150400.11.10.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-idna-3.4-150400.11.10.1.noarch"
},
"product_reference": "python311-idna-3.4-150400.11.10.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idna-3.4-150400.11.10.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python311-idna-3.4-150400.11.10.1.noarch"
},
"product_reference": "python311-idna-3.4-150400.11.10.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-idna-3.4-150400.11.10.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-idna-3.4-150400.11.10.1.noarch"
},
"product_reference": "python311-idna-3.4-150400.11.10.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3651"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function\u0027s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-idna-3.4-150400.11.10.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-idna-3.4-150400.11.10.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-idna-3.4-150400.11.10.1.noarch",
"openSUSE Leap 15.5:python311-idna-3.4-150400.11.10.1.noarch",
"openSUSE Leap 15.6:python311-idna-3.4-150400.11.10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3651",
"url": "https://www.suse.com/security/cve/CVE-2024-3651"
},
{
"category": "external",
"summary": "SUSE Bug 1222842 for CVE-2024-3651",
"url": "https://bugzilla.suse.com/1222842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-idna-3.4-150400.11.10.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-idna-3.4-150400.11.10.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-idna-3.4-150400.11.10.1.noarch",
"openSUSE Leap 15.5:python311-idna-3.4-150400.11.10.1.noarch",
"openSUSE Leap 15.6:python311-idna-3.4-150400.11.10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-idna-3.4-150400.11.10.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-idna-3.4-150400.11.10.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-idna-3.4-150400.11.10.1.noarch",
"openSUSE Leap 15.5:python311-idna-3.4-150400.11.10.1.noarch",
"openSUSE Leap 15.6:python311-idna-3.4-150400.11.10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-07T12:03:22Z",
"details": "moderate"
}
],
"title": "CVE-2024-3651"
}
]
}
SUSE-SU-2024:4020-1
Vulnerability from csaf_suse - Published: 2024-11-18 13:25 - Updated: 2024-11-18 13:25Summary
Security update for SUSE Manager Salt Bundle
Severity
Important
Notes
Title of the patch: Security update for SUSE Manager Salt Bundle
Description of the patch: This update fixes the following issues:
venv-salt-minion:
- Security fixes on Python 3.11 interpreter:
* CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes
(bsc#1229873, bsc#1230059)
* CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058)
* CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)
* CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448)
* CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447)
- Security fixes on Python dependencies:
* CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library
(bsc#1227547, bsc#1229996)
* CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995)
* CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode()
(bsc#1222842, bsc#1229994)
* CVE-2024-37891: urllib3: Added the ``Proxy-Authorization`` header to the list of headers to strip from requests
when redirecting to a different host (bsc#1226469, bsc#1229654)
- Other bugs fixed:
* Added passlib Python module to the bundle
* Allow NamedLoaderContexts to be returned from loader
* Avoid crash on wrong output of systemctl version (bsc#1229539)
* Avoid explicit reading of /etc/salt/minion (bsc#1220357)
* Enable post_start_cleanup.sh to work in a transaction
* Fixed cloud Minion configuration for multiple Masters (bsc#1229109)
* Fixed failing x509 tests with OpenSSL < 1.1
* Fixed the SELinux context for Salt Minion service (bsc#1219041)
* Fixed zyppnotify plugin after latest zypp/libzypp upgrades (bsc#1231697, bsc#1231045)
* Improved error handling with different OpenSSL versions
* Increase warn_until_date date for code we still support
* Prevent using SyncWrapper with no reason
* Reverted the change making reactor less blocking (bsc#1230322)
* Use --cachedir for extension_modules in salt-call (bsc#1226141)
* Use Pygit2 id instead of deprecated oid in gitfs
Patchnames: SUSE-2024-4020,SUSE-SLE-Manager-Tools-12-2024-4020
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Salt Bundle",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nvenv-salt-minion:\n\n- Security fixes on Python 3.11 interpreter:\n\n * CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes\n (bsc#1229873, bsc#1230059)\n * CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058)\n * CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)\n * CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448)\n * CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the\n certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447)\n\n- Security fixes on Python dependencies:\n\n * CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library\n (bsc#1227547, bsc#1229996)\n * CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995)\n * CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode()\n (bsc#1222842, bsc#1229994)\n * CVE-2024-37891: urllib3: Added the ``Proxy-Authorization`` header to the list of headers to strip from requests\n when redirecting to a different host (bsc#1226469, bsc#1229654)\n\n- Other bugs fixed:\n\n * Added passlib Python module to the bundle\n * Allow NamedLoaderContexts to be returned from loader\n * Avoid crash on wrong output of systemctl version (bsc#1229539)\n * Avoid explicit reading of /etc/salt/minion (bsc#1220357)\n * Enable post_start_cleanup.sh to work in a transaction\n * Fixed cloud Minion configuration for multiple Masters (bsc#1229109)\n * Fixed failing x509 tests with OpenSSL \u003c 1.1 \n * Fixed the SELinux context for Salt Minion service (bsc#1219041)\n * Fixed zyppnotify plugin after latest zypp/libzypp upgrades (bsc#1231697, bsc#1231045)\n * Improved error handling with different OpenSSL versions\n * Increase warn_until_date date for code we still support\n * Prevent using SyncWrapper with no reason\n * Reverted the change making reactor less blocking (bsc#1230322)\n * Use --cachedir for extension_modules in salt-call (bsc#1226141)\n * Use Pygit2 id instead of deprecated oid in gitfs\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4020,SUSE-SLE-Manager-Tools-12-2024-4020",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4020-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4020-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244020-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4020-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019831.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219041",
"url": "https://bugzilla.suse.com/1219041"
},
{
"category": "self",
"summary": "SUSE Bug 1220357",
"url": "https://bugzilla.suse.com/1220357"
},
{
"category": "self",
"summary": "SUSE Bug 1222842",
"url": "https://bugzilla.suse.com/1222842"
},
{
"category": "self",
"summary": "SUSE Bug 1226141",
"url": "https://bugzilla.suse.com/1226141"
},
{
"category": "self",
"summary": "SUSE Bug 1226447",
"url": "https://bugzilla.suse.com/1226447"
},
{
"category": "self",
"summary": "SUSE Bug 1226448",
"url": "https://bugzilla.suse.com/1226448"
},
{
"category": "self",
"summary": "SUSE Bug 1226469",
"url": "https://bugzilla.suse.com/1226469"
},
{
"category": "self",
"summary": "SUSE Bug 1227547",
"url": "https://bugzilla.suse.com/1227547"
},
{
"category": "self",
"summary": "SUSE Bug 1228105",
"url": "https://bugzilla.suse.com/1228105"
},
{
"category": "self",
"summary": "SUSE Bug 1228780",
"url": "https://bugzilla.suse.com/1228780"
},
{
"category": "self",
"summary": "SUSE Bug 1229109",
"url": "https://bugzilla.suse.com/1229109"
},
{
"category": "self",
"summary": "SUSE Bug 1229539",
"url": "https://bugzilla.suse.com/1229539"
},
{
"category": "self",
"summary": "SUSE Bug 1229654",
"url": "https://bugzilla.suse.com/1229654"
},
{
"category": "self",
"summary": "SUSE Bug 1229704",
"url": "https://bugzilla.suse.com/1229704"
},
{
"category": "self",
"summary": "SUSE Bug 1229873",
"url": "https://bugzilla.suse.com/1229873"
},
{
"category": "self",
"summary": "SUSE Bug 1229994",
"url": "https://bugzilla.suse.com/1229994"
},
{
"category": "self",
"summary": "SUSE Bug 1229995",
"url": "https://bugzilla.suse.com/1229995"
},
{
"category": "self",
"summary": "SUSE Bug 1229996",
"url": "https://bugzilla.suse.com/1229996"
},
{
"category": "self",
"summary": "SUSE Bug 1230058",
"url": "https://bugzilla.suse.com/1230058"
},
{
"category": "self",
"summary": "SUSE Bug 1230059",
"url": "https://bugzilla.suse.com/1230059"
},
{
"category": "self",
"summary": "SUSE Bug 1230322",
"url": "https://bugzilla.suse.com/1230322"
},
{
"category": "self",
"summary": "SUSE Bug 1231045",
"url": "https://bugzilla.suse.com/1231045"
},
{
"category": "self",
"summary": "SUSE Bug 1231697",
"url": "https://bugzilla.suse.com/1231697"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0397 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3651 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-37891 page",
"url": "https://www.suse.com/security/cve/CVE-2024-37891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4032 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5569 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6345 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6923 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-7592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-7592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8088/"
}
],
"title": "Security update for SUSE Manager Salt Bundle",
"tracking": {
"current_release_date": "2024-11-18T13:25:06Z",
"generator": {
"date": "2024-11-18T13:25:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4020-1",
"initial_release_date": "2024-11-18T13:25:06Z",
"revision_history": [
{
"date": "2024-11-18T13:25:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-3.35.1.aarch64",
"product": {
"name": "saltbundlepy-3.11.9-3.35.1.aarch64",
"product_id": "saltbundlepy-3.11.9-3.35.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-3.35.1.aarch64",
"product": {
"name": "saltbundlepy-base-3.11.9-3.35.1.aarch64",
"product_id": "saltbundlepy-base-3.11.9-3.35.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-3.27.1.aarch64",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-3.27.1.aarch64",
"product_id": "saltbundlepy-cryptography-3.3.2-3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-3.35.1.aarch64",
"product": {
"name": "saltbundlepy-curses-3.11.9-3.35.1.aarch64",
"product_id": "saltbundlepy-curses-3.11.9-3.35.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-3.35.1.aarch64",
"product": {
"name": "saltbundlepy-dbm-3.11.9-3.35.1.aarch64",
"product_id": "saltbundlepy-dbm-3.11.9-3.35.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-3.35.1.aarch64",
"product": {
"name": "saltbundlepy-devel-3.11.9-3.35.1.aarch64",
"product_id": "saltbundlepy-devel-3.11.9-3.35.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-3.35.1.aarch64",
"product": {
"name": "saltbundlepy-libs-3.11.9-3.35.1.aarch64",
"product_id": "saltbundlepy-libs-3.11.9-3.35.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-3.35.1.aarch64",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-3.35.1.aarch64",
"product_id": "saltbundlepy-testsuite-3.11.9-3.35.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-3.35.1.aarch64",
"product": {
"name": "saltbundlepy-tools-3.11.9-3.35.1.aarch64",
"product_id": "saltbundlepy-tools-3.11.9-3.35.1.aarch64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.65.1.aarch64",
"product": {
"name": "venv-salt-minion-3006.0-3.65.1.aarch64",
"product_id": "venv-salt-minion-3006.0-3.65.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-docker-7.0.0-3.11.1.noarch",
"product": {
"name": "saltbundlepy-docker-7.0.0-3.11.1.noarch",
"product_id": "saltbundlepy-docker-7.0.0-3.11.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-idna-3.4-3.12.2.noarch",
"product": {
"name": "saltbundlepy-idna-3.4-3.12.2.noarch",
"product_id": "saltbundlepy-idna-3.4-3.12.2.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-passlib-1.7.4-3.3.1.noarch",
"product": {
"name": "saltbundlepy-passlib-1.7.4-3.3.1.noarch",
"product_id": "saltbundlepy-passlib-1.7.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-setuptools-67.7.2-3.15.2.noarch",
"product": {
"name": "saltbundlepy-setuptools-67.7.2-3.15.2.noarch",
"product_id": "saltbundlepy-setuptools-67.7.2-3.15.2.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-urllib3-2.0.7-3.18.1.noarch",
"product": {
"name": "saltbundlepy-urllib3-2.0.7-3.18.1.noarch",
"product_id": "saltbundlepy-urllib3-2.0.7-3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-zipp-3.15.0-3.12.1.noarch",
"product": {
"name": "saltbundlepy-zipp-3.15.0-3.12.1.noarch",
"product_id": "saltbundlepy-zipp-3.15.0-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-zypp-plugin-0.6.4-3.11.1.noarch",
"product": {
"name": "saltbundlepy-zypp-plugin-0.6.4-3.11.1.noarch",
"product_id": "saltbundlepy-zypp-plugin-0.6.4-3.11.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-3.35.1.ppc64le",
"product": {
"name": "saltbundlepy-3.11.9-3.35.1.ppc64le",
"product_id": "saltbundlepy-3.11.9-3.35.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-3.35.1.ppc64le",
"product": {
"name": "saltbundlepy-base-3.11.9-3.35.1.ppc64le",
"product_id": "saltbundlepy-base-3.11.9-3.35.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-3.27.1.ppc64le",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-3.27.1.ppc64le",
"product_id": "saltbundlepy-cryptography-3.3.2-3.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-3.35.1.ppc64le",
"product": {
"name": "saltbundlepy-curses-3.11.9-3.35.1.ppc64le",
"product_id": "saltbundlepy-curses-3.11.9-3.35.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-3.35.1.ppc64le",
"product": {
"name": "saltbundlepy-dbm-3.11.9-3.35.1.ppc64le",
"product_id": "saltbundlepy-dbm-3.11.9-3.35.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-3.35.1.ppc64le",
"product": {
"name": "saltbundlepy-devel-3.11.9-3.35.1.ppc64le",
"product_id": "saltbundlepy-devel-3.11.9-3.35.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-3.35.1.ppc64le",
"product": {
"name": "saltbundlepy-libs-3.11.9-3.35.1.ppc64le",
"product_id": "saltbundlepy-libs-3.11.9-3.35.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-3.35.1.ppc64le",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-3.35.1.ppc64le",
"product_id": "saltbundlepy-testsuite-3.11.9-3.35.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-3.35.1.ppc64le",
"product": {
"name": "saltbundlepy-tools-3.11.9-3.35.1.ppc64le",
"product_id": "saltbundlepy-tools-3.11.9-3.35.1.ppc64le"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.65.1.ppc64le",
"product": {
"name": "venv-salt-minion-3006.0-3.65.1.ppc64le",
"product_id": "venv-salt-minion-3006.0-3.65.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-3.35.1.s390x",
"product": {
"name": "saltbundlepy-3.11.9-3.35.1.s390x",
"product_id": "saltbundlepy-3.11.9-3.35.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-3.35.1.s390x",
"product": {
"name": "saltbundlepy-base-3.11.9-3.35.1.s390x",
"product_id": "saltbundlepy-base-3.11.9-3.35.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-3.27.1.s390x",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-3.27.1.s390x",
"product_id": "saltbundlepy-cryptography-3.3.2-3.27.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-3.35.1.s390x",
"product": {
"name": "saltbundlepy-curses-3.11.9-3.35.1.s390x",
"product_id": "saltbundlepy-curses-3.11.9-3.35.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-3.35.1.s390x",
"product": {
"name": "saltbundlepy-dbm-3.11.9-3.35.1.s390x",
"product_id": "saltbundlepy-dbm-3.11.9-3.35.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-3.35.1.s390x",
"product": {
"name": "saltbundlepy-devel-3.11.9-3.35.1.s390x",
"product_id": "saltbundlepy-devel-3.11.9-3.35.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-3.35.1.s390x",
"product": {
"name": "saltbundlepy-libs-3.11.9-3.35.1.s390x",
"product_id": "saltbundlepy-libs-3.11.9-3.35.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-3.35.1.s390x",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-3.35.1.s390x",
"product_id": "saltbundlepy-testsuite-3.11.9-3.35.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-3.35.1.s390x",
"product": {
"name": "saltbundlepy-tools-3.11.9-3.35.1.s390x",
"product_id": "saltbundlepy-tools-3.11.9-3.35.1.s390x"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.65.1.s390x",
"product": {
"name": "venv-salt-minion-3006.0-3.65.1.s390x",
"product_id": "venv-salt-minion-3006.0-3.65.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-3.35.1.x86_64",
"product": {
"name": "saltbundlepy-3.11.9-3.35.1.x86_64",
"product_id": "saltbundlepy-3.11.9-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-3.35.1.x86_64",
"product": {
"name": "saltbundlepy-base-3.11.9-3.35.1.x86_64",
"product_id": "saltbundlepy-base-3.11.9-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-3.27.1.x86_64",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-3.27.1.x86_64",
"product_id": "saltbundlepy-cryptography-3.3.2-3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-3.35.1.x86_64",
"product": {
"name": "saltbundlepy-curses-3.11.9-3.35.1.x86_64",
"product_id": "saltbundlepy-curses-3.11.9-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-3.35.1.x86_64",
"product": {
"name": "saltbundlepy-dbm-3.11.9-3.35.1.x86_64",
"product_id": "saltbundlepy-dbm-3.11.9-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-3.35.1.x86_64",
"product": {
"name": "saltbundlepy-devel-3.11.9-3.35.1.x86_64",
"product_id": "saltbundlepy-devel-3.11.9-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-3.35.1.x86_64",
"product": {
"name": "saltbundlepy-libs-3.11.9-3.35.1.x86_64",
"product_id": "saltbundlepy-libs-3.11.9-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-3.35.1.x86_64",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-3.35.1.x86_64",
"product_id": "saltbundlepy-testsuite-3.11.9-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-3.35.1.x86_64",
"product": {
"name": "saltbundlepy-tools-3.11.9-3.35.1.x86_64",
"product_id": "saltbundlepy-tools-3.11.9-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-3.65.1.x86_64",
"product": {
"name": "venv-salt-minion-3006.0-3.65.1.x86_64",
"product_id": "venv-salt-minion-3006.0-3.65.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 12",
"product": {
"name": "SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.65.1.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-3.65.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.65.1.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-3.65.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.65.1.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x"
},
"product_reference": "venv-salt-minion-3006.0-3.65.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-3.65.1.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-3.65.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-0397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0397"
}
],
"notes": [
{
"category": "general",
"text": "A defect was discovered in the Python \"ssl\" module where there is a memory\nrace condition with the ssl.SSLContext methods \"cert_store_stats()\" and\n\"get_ca_certs()\". The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0397",
"url": "https://www.suse.com/security/cve/CVE-2024-0397"
},
{
"category": "external",
"summary": "SUSE Bug 1226447 for CVE-2024-0397",
"url": "https://bugzilla.suse.com/1226447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:06Z",
"details": "moderate"
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-3651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3651"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function\u0027s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3651",
"url": "https://www.suse.com/security/cve/CVE-2024-3651"
},
{
"category": "external",
"summary": "SUSE Bug 1222842 for CVE-2024-3651",
"url": "https://bugzilla.suse.com/1222842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:06Z",
"details": "moderate"
}
],
"title": "CVE-2024-3651"
},
{
"cve": "CVE-2024-37891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-37891"
}
],
"notes": [
{
"category": "general",
"text": " urllib3 is a user-friendly HTTP client library for Python. When using urllib3\u0027s proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3\u0027s proxy support, it\u0027s possible to accidentally configure the `Proxy-Authorization` header even though it won\u0027t have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn\u0027t treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn\u0027t strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3\u0027s proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren\u0027t using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3\u0027s built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3\u0027s `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-37891",
"url": "https://www.suse.com/security/cve/CVE-2024-37891"
},
{
"category": "external",
"summary": "SUSE Bug 1226469 for CVE-2024-37891",
"url": "https://bugzilla.suse.com/1226469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:06Z",
"details": "moderate"
}
],
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-4032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4032"
}
],
"notes": [
{
"category": "general",
"text": "The \"ipaddress\" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \"globally reachable\" or \"private\". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u0027t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4032",
"url": "https://www.suse.com/security/cve/CVE-2024-4032"
},
{
"category": "external",
"summary": "SUSE Bug 1226448 for CVE-2024-4032",
"url": "https://bugzilla.suse.com/1226448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:06Z",
"details": "low"
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-5569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5569"
}
],
"notes": [
{
"category": "general",
"text": "A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5569",
"url": "https://www.suse.com/security/cve/CVE-2024-5569"
},
{
"category": "external",
"summary": "SUSE Bug 1227547 for CVE-2024-5569",
"url": "https://bugzilla.suse.com/1227547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:06Z",
"details": "moderate"
}
],
"title": "CVE-2024-5569"
},
{
"cve": "CVE-2024-6345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6345"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6345",
"url": "https://www.suse.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "SUSE Bug 1228105 for CVE-2024-6345",
"url": "https://bugzilla.suse.com/1228105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:06Z",
"details": "important"
}
],
"title": "CVE-2024-6345"
},
{
"cve": "CVE-2024-6923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6923"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn\u0027t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6923",
"url": "https://www.suse.com/security/cve/CVE-2024-6923"
},
{
"category": "external",
"summary": "SUSE Bug 1228780 for CVE-2024-6923",
"url": "https://bugzilla.suse.com/1228780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:06Z",
"details": "important"
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-7592"
}
],
"notes": [
{
"category": "general",
"text": "There is a LOW severity vulnerability affecting CPython, specifically the\n\u0027http.cookies\u0027 standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-7592",
"url": "https://www.suse.com/security/cve/CVE-2024-7592"
},
{
"category": "external",
"summary": "SUSE Bug 1229596 for CVE-2024-7592",
"url": "https://bugzilla.suse.com/1229596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:06Z",
"details": "moderate"
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-8088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8088"
}
],
"notes": [
{
"category": "general",
"text": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected.\n\n\n\n\n\nWhen iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8088",
"url": "https://www.suse.com/security/cve/CVE-2024-8088"
},
{
"category": "external",
"summary": "SUSE Bug 1229704 for CVE-2024-8088",
"url": "https://bugzilla.suse.com/1229704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.aarch64",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.ppc64le",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.s390x",
"SUSE Manager Client Tools 12:venv-salt-minion-3006.0-3.65.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:06Z",
"details": "moderate"
}
],
"title": "CVE-2024-8088"
}
]
}
SUSE-SU-2024:4021-1
Vulnerability from csaf_suse - Published: 2024-11-18 13:25 - Updated: 2024-11-18 13:25Summary
Security update for SUSE Manager Salt Bundle
Severity
Important
Notes
Title of the patch: Security update for SUSE Manager Salt Bundle
Description of the patch: This update fixes the following issues:
venv-salt-minion:
- Security fixes on Python 3.11 interpreter:
* CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes
(bsc#1229873, bsc#1230059)
* CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058)
* CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)
* CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448)
* CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447)
- Security fixes on Python dependencies:
* CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library (bsc#1227547, bsc#1229996)
* CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995)
* CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode()
(bsc#1222842, bsc#1229994)
* CVE-2024-37891: urllib3: Added the ``Proxy-Authorization`` header to the list of headers to strip from requests
when redirecting to a different host (bsc#1226469, bsc#1229654)
- Other bugs fixed:
* Added passlib Python module to the bundle
* Allow NamedLoaderContexts to be returned from loader
* Avoid crash on wrong output of systemctl version (bsc#1229539)
* Avoid explicit reading of /etc/salt/minion (bsc#1220357)
* Enable post_start_cleanup.sh to work in a transaction
* Fixed cloud Minion configuration for multiple Masters (bsc#1229109)
* Fixed failing x509 tests with OpenSSL < 1.1
* Fixed the SELinux context for Salt Minion service (bsc#1219041)
* Fixed too frequent systemd service restart in test_system test
* Fixed zyppnotify plugin after latest zypp/libzypp upgrades (bsc#1231697, bsc#1231045)
* Improved error handling with different OpenSSL versions
* Increase warn_until_date date for code we still support
* Prevent using SyncWrapper with no reason
* Reverted the change making reactor less blocking (bsc#1230322)
* Use --cachedir for extension_modules in salt-call (bsc#1226141)
* Use Pygit2 id instead of deprecated oid in gitfs
Patchnames: SUSE-2024-4021,SUSE-SLE-Manager-Tools-15-2024-4021,SUSE-SLE-Manager-Tools-For-Micro-5-2024-4021,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-4021,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-4021
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.8 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Salt Bundle",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nvenv-salt-minion:\n\n- Security fixes on Python 3.11 interpreter:\n\n * CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes\n (bsc#1229873, bsc#1230059)\n * CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058)\n * CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)\n * CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448)\n * CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the\n certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447)\n\n- Security fixes on Python dependencies:\n\n * CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library (bsc#1227547, bsc#1229996)\n * CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995)\n * CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode()\n (bsc#1222842, bsc#1229994)\n * CVE-2024-37891: urllib3: Added the ``Proxy-Authorization`` header to the list of headers to strip from requests\n when redirecting to a different host (bsc#1226469, bsc#1229654)\n\n- Other bugs fixed:\n\n * Added passlib Python module to the bundle\n * Allow NamedLoaderContexts to be returned from loader\n * Avoid crash on wrong output of systemctl version (bsc#1229539)\n * Avoid explicit reading of /etc/salt/minion (bsc#1220357)\n * Enable post_start_cleanup.sh to work in a transaction\n * Fixed cloud Minion configuration for multiple Masters (bsc#1229109)\n * Fixed failing x509 tests with OpenSSL \u003c 1.1 \n * Fixed the SELinux context for Salt Minion service (bsc#1219041)\n * Fixed too frequent systemd service restart in test_system test\n * Fixed zyppnotify plugin after latest zypp/libzypp upgrades (bsc#1231697, bsc#1231045)\n * Improved error handling with different OpenSSL versions\n * Increase warn_until_date date for code we still support\n * Prevent using SyncWrapper with no reason\n * Reverted the change making reactor less blocking (bsc#1230322)\n * Use --cachedir for extension_modules in salt-call (bsc#1226141)\n * Use Pygit2 id instead of deprecated oid in gitfs\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4021,SUSE-SLE-Manager-Tools-15-2024-4021,SUSE-SLE-Manager-Tools-For-Micro-5-2024-4021,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-4021,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-4021",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4021-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4021-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244021-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4021-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019830.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219041",
"url": "https://bugzilla.suse.com/1219041"
},
{
"category": "self",
"summary": "SUSE Bug 1220357",
"url": "https://bugzilla.suse.com/1220357"
},
{
"category": "self",
"summary": "SUSE Bug 1222842",
"url": "https://bugzilla.suse.com/1222842"
},
{
"category": "self",
"summary": "SUSE Bug 1226141",
"url": "https://bugzilla.suse.com/1226141"
},
{
"category": "self",
"summary": "SUSE Bug 1226447",
"url": "https://bugzilla.suse.com/1226447"
},
{
"category": "self",
"summary": "SUSE Bug 1226448",
"url": "https://bugzilla.suse.com/1226448"
},
{
"category": "self",
"summary": "SUSE Bug 1226469",
"url": "https://bugzilla.suse.com/1226469"
},
{
"category": "self",
"summary": "SUSE Bug 1227547",
"url": "https://bugzilla.suse.com/1227547"
},
{
"category": "self",
"summary": "SUSE Bug 1228105",
"url": "https://bugzilla.suse.com/1228105"
},
{
"category": "self",
"summary": "SUSE Bug 1228780",
"url": "https://bugzilla.suse.com/1228780"
},
{
"category": "self",
"summary": "SUSE Bug 1229109",
"url": "https://bugzilla.suse.com/1229109"
},
{
"category": "self",
"summary": "SUSE Bug 1229539",
"url": "https://bugzilla.suse.com/1229539"
},
{
"category": "self",
"summary": "SUSE Bug 1229654",
"url": "https://bugzilla.suse.com/1229654"
},
{
"category": "self",
"summary": "SUSE Bug 1229704",
"url": "https://bugzilla.suse.com/1229704"
},
{
"category": "self",
"summary": "SUSE Bug 1229873",
"url": "https://bugzilla.suse.com/1229873"
},
{
"category": "self",
"summary": "SUSE Bug 1229994",
"url": "https://bugzilla.suse.com/1229994"
},
{
"category": "self",
"summary": "SUSE Bug 1229995",
"url": "https://bugzilla.suse.com/1229995"
},
{
"category": "self",
"summary": "SUSE Bug 1229996",
"url": "https://bugzilla.suse.com/1229996"
},
{
"category": "self",
"summary": "SUSE Bug 1230058",
"url": "https://bugzilla.suse.com/1230058"
},
{
"category": "self",
"summary": "SUSE Bug 1230059",
"url": "https://bugzilla.suse.com/1230059"
},
{
"category": "self",
"summary": "SUSE Bug 1230322",
"url": "https://bugzilla.suse.com/1230322"
},
{
"category": "self",
"summary": "SUSE Bug 1231045",
"url": "https://bugzilla.suse.com/1231045"
},
{
"category": "self",
"summary": "SUSE Bug 1231697",
"url": "https://bugzilla.suse.com/1231697"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0397 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3651 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-37891 page",
"url": "https://www.suse.com/security/cve/CVE-2024-37891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4032 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5569 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6345 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6923 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-7592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-7592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8088/"
}
],
"title": "Security update for SUSE Manager Salt Bundle",
"tracking": {
"current_release_date": "2024-11-18T13:25:44Z",
"generator": {
"date": "2024-11-18T13:25:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4021-1",
"initial_release_date": "2024-11-18T13:25:44Z",
"revision_history": [
{
"date": "2024-11-18T13:25:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-150000.3.35.2.aarch64",
"product": {
"name": "saltbundlepy-3.11.9-150000.3.35.2.aarch64",
"product_id": "saltbundlepy-3.11.9-150000.3.35.2.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-150000.3.35.2.aarch64",
"product": {
"name": "saltbundlepy-base-3.11.9-150000.3.35.2.aarch64",
"product_id": "saltbundlepy-base-3.11.9-150000.3.35.2.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.aarch64",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.aarch64",
"product_id": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-150000.3.35.2.aarch64",
"product": {
"name": "saltbundlepy-curses-3.11.9-150000.3.35.2.aarch64",
"product_id": "saltbundlepy-curses-3.11.9-150000.3.35.2.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-150000.3.35.2.aarch64",
"product": {
"name": "saltbundlepy-dbm-3.11.9-150000.3.35.2.aarch64",
"product_id": "saltbundlepy-dbm-3.11.9-150000.3.35.2.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-150000.3.35.2.aarch64",
"product": {
"name": "saltbundlepy-devel-3.11.9-150000.3.35.2.aarch64",
"product_id": "saltbundlepy-devel-3.11.9-150000.3.35.2.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-150000.3.35.2.aarch64",
"product": {
"name": "saltbundlepy-libs-3.11.9-150000.3.35.2.aarch64",
"product_id": "saltbundlepy-libs-3.11.9-150000.3.35.2.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.aarch64",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.aarch64",
"product_id": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-150000.3.35.2.aarch64",
"product": {
"name": "saltbundlepy-tools-3.11.9-150000.3.35.2.aarch64",
"product_id": "saltbundlepy-tools-3.11.9-150000.3.35.2.aarch64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"product_id": "venv-salt-minion-3006.0-150000.3.67.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-docker-7.0.0-150000.3.11.1.noarch",
"product": {
"name": "saltbundlepy-docker-7.0.0-150000.3.11.1.noarch",
"product_id": "saltbundlepy-docker-7.0.0-150000.3.11.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-idna-3.4-150000.3.12.1.noarch",
"product": {
"name": "saltbundlepy-idna-3.4-150000.3.12.1.noarch",
"product_id": "saltbundlepy-idna-3.4-150000.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-passlib-1.7.4-150000.3.3.1.noarch",
"product": {
"name": "saltbundlepy-passlib-1.7.4-150000.3.3.1.noarch",
"product_id": "saltbundlepy-passlib-1.7.4-150000.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-setuptools-67.7.2-150000.3.15.1.noarch",
"product": {
"name": "saltbundlepy-setuptools-67.7.2-150000.3.15.1.noarch",
"product_id": "saltbundlepy-setuptools-67.7.2-150000.3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-urllib3-2.0.7-150000.3.18.1.noarch",
"product": {
"name": "saltbundlepy-urllib3-2.0.7-150000.3.18.1.noarch",
"product_id": "saltbundlepy-urllib3-2.0.7-150000.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-zipp-3.15.0-150000.3.12.1.noarch",
"product": {
"name": "saltbundlepy-zipp-3.15.0-150000.3.12.1.noarch",
"product_id": "saltbundlepy-zipp-3.15.0-150000.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-zypp-plugin-0.6.4-150000.3.11.1.noarch",
"product": {
"name": "saltbundlepy-zypp-plugin-0.6.4-150000.3.11.1.noarch",
"product_id": "saltbundlepy-zypp-plugin-0.6.4-150000.3.11.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-150000.3.35.2.ppc64le",
"product": {
"name": "saltbundlepy-3.11.9-150000.3.35.2.ppc64le",
"product_id": "saltbundlepy-3.11.9-150000.3.35.2.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-150000.3.35.2.ppc64le",
"product": {
"name": "saltbundlepy-base-3.11.9-150000.3.35.2.ppc64le",
"product_id": "saltbundlepy-base-3.11.9-150000.3.35.2.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.ppc64le",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.ppc64le",
"product_id": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-150000.3.35.2.ppc64le",
"product": {
"name": "saltbundlepy-curses-3.11.9-150000.3.35.2.ppc64le",
"product_id": "saltbundlepy-curses-3.11.9-150000.3.35.2.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-150000.3.35.2.ppc64le",
"product": {
"name": "saltbundlepy-dbm-3.11.9-150000.3.35.2.ppc64le",
"product_id": "saltbundlepy-dbm-3.11.9-150000.3.35.2.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-150000.3.35.2.ppc64le",
"product": {
"name": "saltbundlepy-devel-3.11.9-150000.3.35.2.ppc64le",
"product_id": "saltbundlepy-devel-3.11.9-150000.3.35.2.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-150000.3.35.2.ppc64le",
"product": {
"name": "saltbundlepy-libs-3.11.9-150000.3.35.2.ppc64le",
"product_id": "saltbundlepy-libs-3.11.9-150000.3.35.2.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.ppc64le",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.ppc64le",
"product_id": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-150000.3.35.2.ppc64le",
"product": {
"name": "saltbundlepy-tools-3.11.9-150000.3.35.2.ppc64le",
"product_id": "saltbundlepy-tools-3.11.9-150000.3.35.2.ppc64le"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"product_id": "venv-salt-minion-3006.0-150000.3.67.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-150000.3.35.2.s390x",
"product": {
"name": "saltbundlepy-3.11.9-150000.3.35.2.s390x",
"product_id": "saltbundlepy-3.11.9-150000.3.35.2.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-150000.3.35.2.s390x",
"product": {
"name": "saltbundlepy-base-3.11.9-150000.3.35.2.s390x",
"product_id": "saltbundlepy-base-3.11.9-150000.3.35.2.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.s390x",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.s390x",
"product_id": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-150000.3.35.2.s390x",
"product": {
"name": "saltbundlepy-curses-3.11.9-150000.3.35.2.s390x",
"product_id": "saltbundlepy-curses-3.11.9-150000.3.35.2.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-150000.3.35.2.s390x",
"product": {
"name": "saltbundlepy-dbm-3.11.9-150000.3.35.2.s390x",
"product_id": "saltbundlepy-dbm-3.11.9-150000.3.35.2.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-150000.3.35.2.s390x",
"product": {
"name": "saltbundlepy-devel-3.11.9-150000.3.35.2.s390x",
"product_id": "saltbundlepy-devel-3.11.9-150000.3.35.2.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-150000.3.35.2.s390x",
"product": {
"name": "saltbundlepy-libs-3.11.9-150000.3.35.2.s390x",
"product_id": "saltbundlepy-libs-3.11.9-150000.3.35.2.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.s390x",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.s390x",
"product_id": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-150000.3.35.2.s390x",
"product": {
"name": "saltbundlepy-tools-3.11.9-150000.3.35.2.s390x",
"product_id": "saltbundlepy-tools-3.11.9-150000.3.35.2.s390x"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.67.1.s390x",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.s390x",
"product_id": "venv-salt-minion-3006.0-150000.3.67.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-150000.3.35.2.x86_64",
"product": {
"name": "saltbundlepy-3.11.9-150000.3.35.2.x86_64",
"product_id": "saltbundlepy-3.11.9-150000.3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-150000.3.35.2.x86_64",
"product": {
"name": "saltbundlepy-base-3.11.9-150000.3.35.2.x86_64",
"product_id": "saltbundlepy-base-3.11.9-150000.3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.x86_64",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.x86_64",
"product_id": "saltbundlepy-cryptography-3.3.2-150000.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-150000.3.35.2.x86_64",
"product": {
"name": "saltbundlepy-curses-3.11.9-150000.3.35.2.x86_64",
"product_id": "saltbundlepy-curses-3.11.9-150000.3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-150000.3.35.2.x86_64",
"product": {
"name": "saltbundlepy-dbm-3.11.9-150000.3.35.2.x86_64",
"product_id": "saltbundlepy-dbm-3.11.9-150000.3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-150000.3.35.2.x86_64",
"product": {
"name": "saltbundlepy-devel-3.11.9-150000.3.35.2.x86_64",
"product_id": "saltbundlepy-devel-3.11.9-150000.3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-150000.3.35.2.x86_64",
"product": {
"name": "saltbundlepy-libs-3.11.9-150000.3.35.2.x86_64",
"product_id": "saltbundlepy-libs-3.11.9-150000.3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.x86_64",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.x86_64",
"product_id": "saltbundlepy-testsuite-3.11.9-150000.3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-150000.3.35.2.x86_64",
"product": {
"name": "saltbundlepy-tools-3.11.9-150000.3.35.2.x86_64",
"product_id": "saltbundlepy-tools-3.11.9-150000.3.35.2.x86_64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"product": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"product_id": "venv-salt-minion-3006.0-150000.3.67.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 15",
"product": {
"name": "SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15"
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product": {
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-manager-tools-micro:5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy Module 4.3",
"product": {
"name": "SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.3",
"product": {
"name": "SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.aarch64 as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.ppc64le as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.s390x as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.s390x",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.x86_64 as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.aarch64 as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.ppc64le as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.s390x as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-150000.3.67.1.x86_64 as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-0397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0397"
}
],
"notes": [
{
"category": "general",
"text": "A defect was discovered in the Python \"ssl\" module where there is a memory\nrace condition with the ssl.SSLContext methods \"cert_store_stats()\" and\n\"get_ca_certs()\". The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0397",
"url": "https://www.suse.com/security/cve/CVE-2024-0397"
},
{
"category": "external",
"summary": "SUSE Bug 1226447 for CVE-2024-0397",
"url": "https://bugzilla.suse.com/1226447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-3651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3651"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function\u0027s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3651",
"url": "https://www.suse.com/security/cve/CVE-2024-3651"
},
{
"category": "external",
"summary": "SUSE Bug 1222842 for CVE-2024-3651",
"url": "https://bugzilla.suse.com/1222842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-3651"
},
{
"cve": "CVE-2024-37891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-37891"
}
],
"notes": [
{
"category": "general",
"text": " urllib3 is a user-friendly HTTP client library for Python. When using urllib3\u0027s proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3\u0027s proxy support, it\u0027s possible to accidentally configure the `Proxy-Authorization` header even though it won\u0027t have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn\u0027t treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn\u0027t strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3\u0027s proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren\u0027t using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3\u0027s built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3\u0027s `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-37891",
"url": "https://www.suse.com/security/cve/CVE-2024-37891"
},
{
"category": "external",
"summary": "SUSE Bug 1226469 for CVE-2024-37891",
"url": "https://bugzilla.suse.com/1226469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-4032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4032"
}
],
"notes": [
{
"category": "general",
"text": "The \"ipaddress\" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \"globally reachable\" or \"private\". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u0027t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4032",
"url": "https://www.suse.com/security/cve/CVE-2024-4032"
},
{
"category": "external",
"summary": "SUSE Bug 1226448 for CVE-2024-4032",
"url": "https://bugzilla.suse.com/1226448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:44Z",
"details": "low"
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-5569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5569"
}
],
"notes": [
{
"category": "general",
"text": "A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5569",
"url": "https://www.suse.com/security/cve/CVE-2024-5569"
},
{
"category": "external",
"summary": "SUSE Bug 1227547 for CVE-2024-5569",
"url": "https://bugzilla.suse.com/1227547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-5569"
},
{
"cve": "CVE-2024-6345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6345"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6345",
"url": "https://www.suse.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "SUSE Bug 1228105 for CVE-2024-6345",
"url": "https://bugzilla.suse.com/1228105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:44Z",
"details": "important"
}
],
"title": "CVE-2024-6345"
},
{
"cve": "CVE-2024-6923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6923"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn\u0027t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6923",
"url": "https://www.suse.com/security/cve/CVE-2024-6923"
},
{
"category": "external",
"summary": "SUSE Bug 1228780 for CVE-2024-6923",
"url": "https://bugzilla.suse.com/1228780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:44Z",
"details": "important"
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-7592"
}
],
"notes": [
{
"category": "general",
"text": "There is a LOW severity vulnerability affecting CPython, specifically the\n\u0027http.cookies\u0027 standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-7592",
"url": "https://www.suse.com/security/cve/CVE-2024-7592"
},
{
"category": "external",
"summary": "SUSE Bug 1229596 for CVE-2024-7592",
"url": "https://bugzilla.suse.com/1229596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-8088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8088"
}
],
"notes": [
{
"category": "general",
"text": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected.\n\n\n\n\n\nWhen iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8088",
"url": "https://www.suse.com/security/cve/CVE-2024-8088"
},
{
"category": "external",
"summary": "SUSE Bug 1229704 for CVE-2024-8088",
"url": "https://bugzilla.suse.com/1229704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Proxy Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.aarch64",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.ppc64le",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.s390x",
"SUSE Manager Server Module 4.3:venv-salt-minion-3006.0-150000.3.67.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:25:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-8088"
}
]
}
SUSE-SU-2024:4029-1
Vulnerability from csaf_suse - Published: 2024-11-18 13:29 - Updated: 2024-11-18 13:29Summary
Security update for SUSE Manager Salt Bundle
Severity
Important
Notes
Title of the patch: Security update for SUSE Manager Salt Bundle
Description of the patch: This update fixes the following issues:
venv-salt-minion:
- Security fixes on Python 3.11 interpreter:
* CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes
(bsc#1229873, bsc#1230059)
* CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058)
* CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)
* CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448)
* CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447)
- Security fixes on Python dependencies:
* CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library
(bsc#1227547, bsc#1229996)
* CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995)
* CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode()
(bsc#1222842, bsc#1229994)
* CVE-2024-37891: urllib3: Added the ``Proxy-Authorization`` header to the list of headers to strip from requests
when redirecting to a different host (bsc#1226469, bsc#1229654)
- Other bugs fixed:
* Fixed failing x509 tests with OpenSSL < 1.1
* Avoid explicit reading of /etc/salt/minion (bsc#1220357)
* Allow NamedLoaderContexts to be returned from loader
* Reverted the change making reactor less blocking (bsc#1230322)
* Use --cachedir for extension_modules in salt-call (bsc#1226141)
* Prevent using SyncWrapper with no reason
* Enable post_start_cleanup.sh to work in a transaction
* Fixed the SELinux context for Salt Minion service (bsc#1219041)
* Increase warn_until_date date for code we still support
* Avoid crash on wrong output of systemctl version (bsc#1229539)
* Improved error handling with different OpenSSL versions
* Fixed cloud Minion configuration for multiple Masters (bsc#1229109)
* Use Pygit2 id instead of deprecated oid in gitfs
* Added passlib Python module to the bundle
Patchnames: SUSE-2024-4029,SUSE-EL-9-CLIENT-TOOLS-2024-4029
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.8 (Medium)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
50 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
52 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Salt Bundle",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nvenv-salt-minion:\n\n- Security fixes on Python 3.11 interpreter:\n\n * CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes\n (bsc#1229873, bsc#1230059)\n * CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058)\n * CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)\n * CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448)\n * CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the\n certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447)\n\n- Security fixes on Python dependencies:\n\n * CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library\n (bsc#1227547, bsc#1229996)\n * CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995)\n * CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode()\n (bsc#1222842, bsc#1229994)\n * CVE-2024-37891: urllib3: Added the ``Proxy-Authorization`` header to the list of headers to strip from requests\n when redirecting to a different host (bsc#1226469, bsc#1229654)\n\n- Other bugs fixed:\n\n * Fixed failing x509 tests with OpenSSL \u003c 1.1 \n * Avoid explicit reading of /etc/salt/minion (bsc#1220357)\n * Allow NamedLoaderContexts to be returned from loader\n * Reverted the change making reactor less blocking (bsc#1230322)\n * Use --cachedir for extension_modules in salt-call (bsc#1226141)\n * Prevent using SyncWrapper with no reason\n * Enable post_start_cleanup.sh to work in a transaction\n * Fixed the SELinux context for Salt Minion service (bsc#1219041)\n * Increase warn_until_date date for code we still support\n * Avoid crash on wrong output of systemctl version (bsc#1229539)\n * Improved error handling with different OpenSSL versions\n * Fixed cloud Minion configuration for multiple Masters (bsc#1229109)\n * Use Pygit2 id instead of deprecated oid in gitfs\n * Added passlib Python module to the bundle\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4029,SUSE-EL-9-CLIENT-TOOLS-2024-4029",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4029-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4029-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244029-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4029-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019825.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219041",
"url": "https://bugzilla.suse.com/1219041"
},
{
"category": "self",
"summary": "SUSE Bug 1220357",
"url": "https://bugzilla.suse.com/1220357"
},
{
"category": "self",
"summary": "SUSE Bug 1222842",
"url": "https://bugzilla.suse.com/1222842"
},
{
"category": "self",
"summary": "SUSE Bug 1226141",
"url": "https://bugzilla.suse.com/1226141"
},
{
"category": "self",
"summary": "SUSE Bug 1226447",
"url": "https://bugzilla.suse.com/1226447"
},
{
"category": "self",
"summary": "SUSE Bug 1226448",
"url": "https://bugzilla.suse.com/1226448"
},
{
"category": "self",
"summary": "SUSE Bug 1226469",
"url": "https://bugzilla.suse.com/1226469"
},
{
"category": "self",
"summary": "SUSE Bug 1227547",
"url": "https://bugzilla.suse.com/1227547"
},
{
"category": "self",
"summary": "SUSE Bug 1228105",
"url": "https://bugzilla.suse.com/1228105"
},
{
"category": "self",
"summary": "SUSE Bug 1228780",
"url": "https://bugzilla.suse.com/1228780"
},
{
"category": "self",
"summary": "SUSE Bug 1229109",
"url": "https://bugzilla.suse.com/1229109"
},
{
"category": "self",
"summary": "SUSE Bug 1229539",
"url": "https://bugzilla.suse.com/1229539"
},
{
"category": "self",
"summary": "SUSE Bug 1229654",
"url": "https://bugzilla.suse.com/1229654"
},
{
"category": "self",
"summary": "SUSE Bug 1229704",
"url": "https://bugzilla.suse.com/1229704"
},
{
"category": "self",
"summary": "SUSE Bug 1229873",
"url": "https://bugzilla.suse.com/1229873"
},
{
"category": "self",
"summary": "SUSE Bug 1229994",
"url": "https://bugzilla.suse.com/1229994"
},
{
"category": "self",
"summary": "SUSE Bug 1229995",
"url": "https://bugzilla.suse.com/1229995"
},
{
"category": "self",
"summary": "SUSE Bug 1229996",
"url": "https://bugzilla.suse.com/1229996"
},
{
"category": "self",
"summary": "SUSE Bug 1230058",
"url": "https://bugzilla.suse.com/1230058"
},
{
"category": "self",
"summary": "SUSE Bug 1230059",
"url": "https://bugzilla.suse.com/1230059"
},
{
"category": "self",
"summary": "SUSE Bug 1230322",
"url": "https://bugzilla.suse.com/1230322"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0397 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3651 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-37891 page",
"url": "https://www.suse.com/security/cve/CVE-2024-37891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4032 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-5569 page",
"url": "https://www.suse.com/security/cve/CVE-2024-5569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6345 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6923 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-7592 page",
"url": "https://www.suse.com/security/cve/CVE-2024-7592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8088/"
}
],
"title": "Security update for SUSE Manager Salt Bundle",
"tracking": {
"current_release_date": "2024-11-18T13:29:50Z",
"generator": {
"date": "2024-11-18T13:29:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4029-1",
"initial_release_date": "2024-11-18T13:29:50Z",
"revision_history": [
{
"date": "2024-11-18T13:29:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-1.26.1.aarch64",
"product": {
"name": "saltbundlepy-3.11.9-1.26.1.aarch64",
"product_id": "saltbundlepy-3.11.9-1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-1.26.1.aarch64",
"product": {
"name": "saltbundlepy-base-3.11.9-1.26.1.aarch64",
"product_id": "saltbundlepy-base-3.11.9-1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"product_id": "saltbundlepy-cryptography-3.3.2-1.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"product": {
"name": "saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"product_id": "saltbundlepy-curses-3.11.9-1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"product": {
"name": "saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"product_id": "saltbundlepy-dbm-3.11.9-1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"product": {
"name": "saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"product_id": "saltbundlepy-devel-3.11.9-1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"product": {
"name": "saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"product_id": "saltbundlepy-libs-3.11.9-1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"product_id": "saltbundlepy-testsuite-3.11.9-1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"product": {
"name": "saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"product_id": "saltbundlepy-tools-3.11.9-1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.47.1.aarch64",
"product": {
"name": "venv-salt-minion-3006.0-1.47.1.aarch64",
"product_id": "venv-salt-minion-3006.0-1.47.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-docker-7.0.0-1.8.1.noarch",
"product": {
"name": "saltbundlepy-docker-7.0.0-1.8.1.noarch",
"product_id": "saltbundlepy-docker-7.0.0-1.8.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-idna-3.4-1.9.2.noarch",
"product": {
"name": "saltbundlepy-idna-3.4-1.9.2.noarch",
"product_id": "saltbundlepy-idna-3.4-1.9.2.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"product": {
"name": "saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"product_id": "saltbundlepy-passlib-1.7.4-1.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"product": {
"name": "saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"product_id": "saltbundlepy-setuptools-67.7.2-1.12.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"product": {
"name": "saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"product_id": "saltbundlepy-urllib3-2.0.7-1.12.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"product": {
"name": "saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"product_id": "saltbundlepy-zipp-3.15.0-1.9.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-1.26.1.ppc64le",
"product": {
"name": "saltbundlepy-3.11.9-1.26.1.ppc64le",
"product_id": "saltbundlepy-3.11.9-1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"product": {
"name": "saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"product_id": "saltbundlepy-base-3.11.9-1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"product_id": "saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"product": {
"name": "saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"product_id": "saltbundlepy-curses-3.11.9-1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"product": {
"name": "saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"product_id": "saltbundlepy-dbm-3.11.9-1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"product": {
"name": "saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"product_id": "saltbundlepy-devel-3.11.9-1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"product": {
"name": "saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"product_id": "saltbundlepy-libs-3.11.9-1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"product_id": "saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"product": {
"name": "saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"product_id": "saltbundlepy-tools-3.11.9-1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.47.1.ppc64le",
"product": {
"name": "venv-salt-minion-3006.0-1.47.1.ppc64le",
"product_id": "venv-salt-minion-3006.0-1.47.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-1.26.1.s390x",
"product": {
"name": "saltbundlepy-3.11.9-1.26.1.s390x",
"product_id": "saltbundlepy-3.11.9-1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-1.26.1.s390x",
"product": {
"name": "saltbundlepy-base-3.11.9-1.26.1.s390x",
"product_id": "saltbundlepy-base-3.11.9-1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"product_id": "saltbundlepy-cryptography-3.3.2-1.18.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-1.26.1.s390x",
"product": {
"name": "saltbundlepy-curses-3.11.9-1.26.1.s390x",
"product_id": "saltbundlepy-curses-3.11.9-1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"product": {
"name": "saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"product_id": "saltbundlepy-dbm-3.11.9-1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-1.26.1.s390x",
"product": {
"name": "saltbundlepy-devel-3.11.9-1.26.1.s390x",
"product_id": "saltbundlepy-devel-3.11.9-1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-1.26.1.s390x",
"product": {
"name": "saltbundlepy-libs-3.11.9-1.26.1.s390x",
"product_id": "saltbundlepy-libs-3.11.9-1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"product_id": "saltbundlepy-testsuite-3.11.9-1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-1.26.1.s390x",
"product": {
"name": "saltbundlepy-tools-3.11.9-1.26.1.s390x",
"product_id": "saltbundlepy-tools-3.11.9-1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.47.1.s390x",
"product": {
"name": "venv-salt-minion-3006.0-1.47.1.s390x",
"product_id": "venv-salt-minion-3006.0-1.47.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "saltbundlepy-3.11.9-1.26.1.x86_64",
"product": {
"name": "saltbundlepy-3.11.9-1.26.1.x86_64",
"product_id": "saltbundlepy-3.11.9-1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-base-3.11.9-1.26.1.x86_64",
"product": {
"name": "saltbundlepy-base-3.11.9-1.26.1.x86_64",
"product_id": "saltbundlepy-base-3.11.9-1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"product": {
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"product_id": "saltbundlepy-cryptography-3.3.2-1.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"product": {
"name": "saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"product_id": "saltbundlepy-curses-3.11.9-1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"product": {
"name": "saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"product_id": "saltbundlepy-dbm-3.11.9-1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"product": {
"name": "saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"product_id": "saltbundlepy-devel-3.11.9-1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"product": {
"name": "saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"product_id": "saltbundlepy-libs-3.11.9-1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"product": {
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"product_id": "saltbundlepy-testsuite-3.11.9-1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"product": {
"name": "saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"product_id": "saltbundlepy-tools-3.11.9-1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-1.47.1.x86_64",
"product": {
"name": "venv-salt-minion-3006.0-1.47.1.x86_64",
"product_id": "venv-salt-minion-3006.0-1.47.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE:EL-9:Update:Products:SaltBundle:Update",
"product": {
"name": "SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update"
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product": {
"name": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-3.11.9-1.26.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64"
},
"product_reference": "saltbundlepy-3.11.9-1.26.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-3.11.9-1.26.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le"
},
"product_reference": "saltbundlepy-3.11.9-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-3.11.9-1.26.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x"
},
"product_reference": "saltbundlepy-3.11.9-1.26.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-3.11.9-1.26.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64"
},
"product_reference": "saltbundlepy-3.11.9-1.26.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-base-3.11.9-1.26.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64"
},
"product_reference": "saltbundlepy-base-3.11.9-1.26.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-base-3.11.9-1.26.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le"
},
"product_reference": "saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-base-3.11.9-1.26.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x"
},
"product_reference": "saltbundlepy-base-3.11.9-1.26.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-base-3.11.9-1.26.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64"
},
"product_reference": "saltbundlepy-base-3.11.9-1.26.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64"
},
"product_reference": "saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le"
},
"product_reference": "saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x"
},
"product_reference": "saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-cryptography-3.3.2-1.18.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64"
},
"product_reference": "saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-curses-3.11.9-1.26.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64"
},
"product_reference": "saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-curses-3.11.9-1.26.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le"
},
"product_reference": "saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-curses-3.11.9-1.26.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x"
},
"product_reference": "saltbundlepy-curses-3.11.9-1.26.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-curses-3.11.9-1.26.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64"
},
"product_reference": "saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-dbm-3.11.9-1.26.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64"
},
"product_reference": "saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-dbm-3.11.9-1.26.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le"
},
"product_reference": "saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-dbm-3.11.9-1.26.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x"
},
"product_reference": "saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-dbm-3.11.9-1.26.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64"
},
"product_reference": "saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-devel-3.11.9-1.26.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64"
},
"product_reference": "saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-devel-3.11.9-1.26.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le"
},
"product_reference": "saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-devel-3.11.9-1.26.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x"
},
"product_reference": "saltbundlepy-devel-3.11.9-1.26.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-devel-3.11.9-1.26.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64"
},
"product_reference": "saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-docker-7.0.0-1.8.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch"
},
"product_reference": "saltbundlepy-docker-7.0.0-1.8.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-idna-3.4-1.9.2.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch"
},
"product_reference": "saltbundlepy-idna-3.4-1.9.2.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-libs-3.11.9-1.26.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64"
},
"product_reference": "saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-libs-3.11.9-1.26.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le"
},
"product_reference": "saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-libs-3.11.9-1.26.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x"
},
"product_reference": "saltbundlepy-libs-3.11.9-1.26.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-libs-3.11.9-1.26.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64"
},
"product_reference": "saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-passlib-1.7.4-1.3.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch"
},
"product_reference": "saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-setuptools-67.7.2-1.12.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch"
},
"product_reference": "saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64"
},
"product_reference": "saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le"
},
"product_reference": "saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x"
},
"product_reference": "saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-testsuite-3.11.9-1.26.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64"
},
"product_reference": "saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-tools-3.11.9-1.26.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64"
},
"product_reference": "saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-tools-3.11.9-1.26.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le"
},
"product_reference": "saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-tools-3.11.9-1.26.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x"
},
"product_reference": "saltbundlepy-tools-3.11.9-1.26.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-tools-3.11.9-1.26.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64"
},
"product_reference": "saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-urllib3-2.0.7-1.12.1.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch"
},
"product_reference": "saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltbundlepy-zipp-3.15.0-1.9.2.noarch as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch"
},
"product_reference": "saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.47.1.aarch64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-1.47.1.aarch64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.47.1.ppc64le as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-1.47.1.ppc64le",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.47.1.s390x as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x"
},
"product_reference": "venv-salt-minion-3006.0-1.47.1.s390x",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.47.1.x86_64 as component of SUSE:EL-9:Update:Products:SaltBundle:Update",
"product_id": "SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-1.47.1.x86_64",
"relates_to_product_reference": "SUSE:EL-9:Update:Products:SaltBundle:Update"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.47.1.aarch64 as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-1.47.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.47.1.ppc64le as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-1.47.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.47.1.s390x as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x"
},
"product_reference": "venv-salt-minion-3006.0-1.47.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-1.47.1.x86_64 as component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS",
"product_id": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-1.47.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-0397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0397"
}
],
"notes": [
{
"category": "general",
"text": "A defect was discovered in the Python \"ssl\" module where there is a memory\nrace condition with the ssl.SSLContext methods \"cert_store_stats()\" and\n\"get_ca_certs()\". The race condition can be triggered if the methods are\ncalled at the same time as certificates are loaded into the SSLContext,\nsuch as during the TLS handshake with a certificate directory configured.\nThis issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0397",
"url": "https://www.suse.com/security/cve/CVE-2024-0397"
},
{
"category": "external",
"summary": "SUSE Bug 1226447 for CVE-2024-0397",
"url": "https://bugzilla.suse.com/1226447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:29:50Z",
"details": "moderate"
}
],
"title": "CVE-2024-0397"
},
{
"cve": "CVE-2024-3651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3651"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function\u0027s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3651",
"url": "https://www.suse.com/security/cve/CVE-2024-3651"
},
{
"category": "external",
"summary": "SUSE Bug 1222842 for CVE-2024-3651",
"url": "https://bugzilla.suse.com/1222842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:29:50Z",
"details": "moderate"
}
],
"title": "CVE-2024-3651"
},
{
"cve": "CVE-2024-37891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-37891"
}
],
"notes": [
{
"category": "general",
"text": " urllib3 is a user-friendly HTTP client library for Python. When using urllib3\u0027s proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3\u0027s proxy support, it\u0027s possible to accidentally configure the `Proxy-Authorization` header even though it won\u0027t have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn\u0027t treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn\u0027t strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3\u0027s proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren\u0027t using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3\u0027s built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3\u0027s `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-37891",
"url": "https://www.suse.com/security/cve/CVE-2024-37891"
},
{
"category": "external",
"summary": "SUSE Bug 1226469 for CVE-2024-37891",
"url": "https://bugzilla.suse.com/1226469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:29:50Z",
"details": "moderate"
}
],
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-4032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4032"
}
],
"notes": [
{
"category": "general",
"text": "The \"ipaddress\" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \"globally reachable\" or \"private\". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u0027t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4032",
"url": "https://www.suse.com/security/cve/CVE-2024-4032"
},
{
"category": "external",
"summary": "SUSE Bug 1226448 for CVE-2024-4032",
"url": "https://bugzilla.suse.com/1226448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:29:50Z",
"details": "low"
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-5569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-5569"
}
],
"notes": [
{
"category": "general",
"text": "A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-5569",
"url": "https://www.suse.com/security/cve/CVE-2024-5569"
},
{
"category": "external",
"summary": "SUSE Bug 1227547 for CVE-2024-5569",
"url": "https://bugzilla.suse.com/1227547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:29:50Z",
"details": "moderate"
}
],
"title": "CVE-2024-5569"
},
{
"cve": "CVE-2024-6345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6345"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6345",
"url": "https://www.suse.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "SUSE Bug 1228105 for CVE-2024-6345",
"url": "https://bugzilla.suse.com/1228105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:29:50Z",
"details": "important"
}
],
"title": "CVE-2024-6345"
},
{
"cve": "CVE-2024-6923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6923"
}
],
"notes": [
{
"category": "general",
"text": "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn\u0027t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6923",
"url": "https://www.suse.com/security/cve/CVE-2024-6923"
},
{
"category": "external",
"summary": "SUSE Bug 1228780 for CVE-2024-6923",
"url": "https://bugzilla.suse.com/1228780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:29:50Z",
"details": "important"
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-7592"
}
],
"notes": [
{
"category": "general",
"text": "There is a LOW severity vulnerability affecting CPython, specifically the\n\u0027http.cookies\u0027 standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-7592",
"url": "https://www.suse.com/security/cve/CVE-2024-7592"
},
{
"category": "external",
"summary": "SUSE Bug 1229596 for CVE-2024-7592",
"url": "https://bugzilla.suse.com/1229596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:29:50Z",
"details": "moderate"
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-8088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8088"
}
],
"notes": [
{
"category": "general",
"text": "There is a HIGH severity vulnerability affecting the CPython \"zipfile\"\nmodule affecting \"zipfile.Path\". Note that the more common API \"zipfile.ZipFile\" class is unaffected.\n\n\n\n\n\nWhen iterating over names of entries in a zip archive (for example, methods\nof \"zipfile.Path\" like \"namelist()\", \"iterdir()\", etc)\nthe process can be put into an infinite loop with a maliciously crafted\nzip archive. This defect applies when reading only metadata or extracting\nthe contents of the zip archive. Programs that are not handling\nuser-controlled zip archives are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8088",
"url": "https://www.suse.com/security/cve/CVE-2024-8088"
},
{
"category": "external",
"summary": "SUSE Bug 1229704 for CVE-2024-8088",
"url": "https://bugzilla.suse.com/1229704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:venv-salt-minion-3006.0-1.47.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-base-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-cryptography-3.3.2-1.18.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-curses-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-dbm-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-devel-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-docker-7.0.0-1.8.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-idna-3.4-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-libs-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-passlib-1.7.4-1.3.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-setuptools-67.7.2-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-testsuite-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-tools-3.11.9-1.26.1.x86_64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-urllib3-2.0.7-1.12.1.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:saltbundlepy-zipp-3.15.0-1.9.2.noarch",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.aarch64",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.ppc64le",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.s390x",
"SUSE:EL-9:Update:Products:SaltBundle:Update:venv-salt-minion-3006.0-1.47.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-18T13:29:50Z",
"details": "moderate"
}
],
"title": "CVE-2024-8088"
}
]
}
WID-SEC-W-2024-1269
Vulnerability from csaf_certbund - Published: 2024-06-02 22:00 - Updated: 2025-06-03 22:00Summary
Red Hat Enterprise Linux (python-idna): Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Storage Scale 5.1.9.5
IBM / Storage Scale
|
cpe:/a:ibm:spectrum_scale:5.1.9.5
|
5.1.9.5 | |
|
IBM QRadar SIEM <7.5.0 UP12
IBM / QRadar SIEM
|
<7.5.0 UP12 | ||
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM 7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5.0
|
7.5.0 | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Splunk Splunk Enterprise Add-on for Cisco Meraki <2.2.0
Splunk / Splunk Enterprise
|
Add-on for Cisco Meraki <2.2.0 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
References
23 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1269 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1269.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1269 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1269"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-06-02",
"url": "https://access.redhat.com/errata/RHSA-2024:3543"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3552 vom 2024-06-03",
"url": "https://access.redhat.com/errata/RHSA-2024:3552"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3846 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3846"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3846 vom 2024-06-13",
"url": "http://linux.oracle.com/errata/ELSA-2024-3846.html"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4260 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4260"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4260 vom 2024-07-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-4260.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10",
"url": "https://access.redhat.com/errata/RHSA-2024:4321"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1439-2 vom 2024-07-31",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019076.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8365 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8365"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-1015 vom 2024-10-30",
"url": "https://advisory.splunk.com//advisories/SVD-2024-1015"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2679 vom 2024-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2679.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2680 vom 2024-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2680.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12803 vom 2024-11-04",
"url": "https://linux.oracle.com/errata/ELSA-2024-12803.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASPYTHON3.8-2024-015 vom 2024-11-13",
"url": "https://alas.aws.amazon.com/AL2/ALASPYTHON3.8-2024-015.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2699 vom 2024-11-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2699.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7178098 vom 2024-12-06",
"url": "https://www.ibm.com/support/pages/node/7178098"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7186423 vom 2025-03-17",
"url": "https://www.ibm.com/support/pages/node/7186423"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7233394 vom 2025-05-14",
"url": "https://www.ibm.com/support/pages/node/7233394"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20294-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021036.html"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (python-idna): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-06-03T22:00:00.000+00:00",
"generator": {
"date": "2025-06-04T08:15:02.864+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-1269",
"initial_release_date": "2024-06-02T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-02T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-10T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-30T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-11-04T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-11-17T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-12-08T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-03-17T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-14T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "19"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.5.0",
"product": {
"name": "IBM QRadar SIEM 7.5.0",
"product_id": "T041207",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP12",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP12",
"product_id": "T043784"
}
},
{
"category": "product_version",
"name": "7.5.0 UP12",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP12",
"product_id": "T043784-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up12"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version",
"name": "5.1.9.5",
"product": {
"name": "IBM Storage Scale 5.1.9.5",
"product_id": "T037084",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:5.1.9.5"
}
}
}
],
"category": "product_name",
"name": "Storage Scale"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "T035142",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.2.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.1",
"product_id": "T033705"
}
},
{
"category": "product_version",
"name": "9.2.1",
"product": {
"name": "Splunk Splunk Enterprise 9.2.1",
"product_id": "T033705-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.4",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.4",
"product_id": "T033718"
}
},
{
"category": "product_version",
"name": "9.1.4",
"product": {
"name": "Splunk Splunk Enterprise 9.1.4",
"product_id": "T033718-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.9",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.0.9",
"product_id": "T033720"
}
},
{
"category": "product_version",
"name": "9.0.9",
"product": {
"name": "Splunk Splunk Enterprise 9.0.9",
"product_id": "T033720-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.0.9"
}
}
},
{
"category": "product_version_range",
"name": "Add-on for Cisco Meraki \u003c2.2.0",
"product": {
"name": "Splunk Splunk Enterprise Add-on for Cisco Meraki \u003c2.2.0",
"product_id": "T038701"
}
},
{
"category": "product_version",
"name": "Add-on for Cisco Meraki 2.2.0",
"product": {
"name": "Splunk Splunk Enterprise Add-on for Cisco Meraki 2.2.0",
"product_id": "T038701-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:add-on_for_cisco_meraki__2.2.0"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3651",
"product_status": {
"known_affected": [
"T037084",
"T043784",
"T033720",
"T002207",
"67646",
"T041207",
"T033718",
"398363",
"T033705",
"T035142",
"T038701",
"T004914"
]
},
"release_date": "2024-06-02T22:00:00.000+00:00",
"title": "CVE-2024-3651"
}
]
}
WID-SEC-W-2024-1328
Vulnerability from csaf_certbund - Published: 2024-06-10 22:00 - Updated: 2025-10-19 22:00Summary
Red Hat Ansible Automation Platform: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um beliebigen Programmcode auszuführen, einen Denial-of-Service-Zustand erzeugen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren oder Cross-Site-Scripting (XSS)-Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Red Hat Satellite 6.15
Red Hat / Satellite
|
cpe:/a:redhat:satellite:6.15
|
6.15 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_4
|
Update Infrastructure 4 | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 |
References
47 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform f\u00fcr die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial-of-Service-Zustand erzeugen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren oder Cross-Site-Scripting (XSS)-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1328 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1328.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1328 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1328"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-06-10",
"url": "https://access.redhat.com/errata/RHSA-2024:3781"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3820 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3820"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3713 vom 2024-06-12",
"url": "https://access.redhat.com/errata/RHSA-2024:3713"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3811 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3811"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3795 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3795"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3820 vom 2024-06-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-3820.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-F52B6219CA vom 2024-06-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f52b6219ca"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3820 vom 2024-06-14",
"url": "https://errata.build.resf.org/RLSA-2024:3820"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2068-1 vom 2024-06-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018734.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2182-1 vom 2024-06-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018806.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-644 vom 2024-07-02",
"url": "https://alas.aws.amazon.com/AL2023/ALAS-2024-644.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-645 vom 2024-07-02",
"url": "https://alas.aws.amazon.com/AL2023/ALAS-2024-645.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4231 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4231"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4227 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4227"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4227 vom 2024-07-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-4227.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4231 vom 2024-07-03",
"url": "https://linux.oracle.com/errata/ELSA-2024-4231.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4404 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4404"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4414 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4414"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4427 vom 2024-07-09",
"url": "https://access.redhat.com/errata/RHSA-2024:4427"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4522 vom 2024-07-12",
"url": "https://access.redhat.com/errata/RHSA-2024:4522"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2481-1 vom 2024-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018968.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2481-1 vom 2024-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018973.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2481-1 vom 2024-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018969.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4227 vom 2024-07-15",
"url": "https://errata.build.resf.org/RLSA-2024:4227"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4231 vom 2024-07-15",
"url": "https://errata.build.resf.org/RLSA-2024:4231"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4616 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4616"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4958 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4958"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-11 vom 2024-08-07",
"url": "https://security.gentoo.org/glsa/202408-11"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5107 vom 2024-08-13",
"url": "https://access.redhat.com/errata/RHSA-2024:5107"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5662 vom 2024-08-21",
"url": "https://access.redhat.com/errata/RHSA-2024:5662"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6428 vom 2024-09-05",
"url": "https://access.redhat.com/errata/RHSA-2024:6428"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2654 vom 2024-10-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2654.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7174016 vom 2024-10-24",
"url": "https://www.ibm.com/support/pages/node/7174016"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9150 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9150"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9988 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9988"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9984 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9984"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9986 vom 2024-11-21",
"url": "https://access.redhat.com/errata/RHSA-2024:9986"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5828 vom 2024-12-12",
"url": "https://security-tracker.debian.org/tracker/DSA-5828-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4000 vom 2024-12-21",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00022.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4396-1 vom 2024-12-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2G4X2TXZZR4PJJZP65T5QITC24ZVDLNL/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:0012 vom 2025-01-08",
"url": "https://errata.build.resf.org/RLSA-2025:0012"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1335 vom 2025-02-12",
"url": "https://access.redhat.com/errata/RHSA-2025:1335"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2868 vom 2025-05-29",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2868.html"
},
{
"category": "external",
"summary": "Dell Security Update vom 2025-10-02",
"url": "https://www.dell.com/support/kbdoc/000376224"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-D2D3A5FA79 vom 2025-10-18",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-d2d3a5fa79"
}
],
"source_lang": "en-US",
"title": "Red Hat Ansible Automation Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-19T22:00:00.000+00:00",
"generator": {
"date": "2025-10-20T08:43:57.291+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-1328",
"initial_release_date": "2024-06-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-06-16T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-24T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-15T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-20T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-16T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-10-24T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-11T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-12-22T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Debian und SUSE aufgenommen"
},
{
"date": "2025-01-07T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-02-11T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Fedora aufgenommen"
}
],
"status": "final",
"version": "29"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.4.0.0",
"product_id": "T045879"
}
},
{
"category": "product_version",
"name": "8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain 8.4.0.0",
"product_id": "T045879-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.4.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.10.1.70",
"product_id": "T045881"
}
},
{
"category": "product_version",
"name": "7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain 7.10.1.70",
"product_id": "T045881-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.10.1.70"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.13.1.40",
"product_id": "T047343"
}
},
{
"category": "product_version",
"name": "7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain 7.13.1.40",
"product_id": "T047343-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.13.1.40"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.3.1.10",
"product_id": "T047344"
}
},
{
"category": "product_version",
"name": "8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain 8.3.1.10",
"product_id": "T047344-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.3.1.10"
}
}
}
],
"category": "product_name",
"name": "PowerProtect Data Domain"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4",
"product": {
"name": "Red Hat Ansible Automation Platform \u003c2.4",
"product_id": "T035285"
}
},
{
"category": "product_version",
"name": "2.4",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4",
"product_id": "T035285-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4"
}
}
}
],
"category": "product_name",
"name": "Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Update Infrastructure 4",
"product": {
"name": "Red Hat Enterprise Linux Update Infrastructure 4",
"product_id": "T041113",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:update_infrastructure_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "6.15",
"product": {
"name": "Red Hat Satellite 6.15",
"product_id": "T034360",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.15"
}
}
}
],
"category": "product_name",
"name": "Satellite"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2023-45290",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2023-45290"
},
{
"cve": "CVE-2023-49083",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2023-49083"
},
{
"cve": "CVE-2023-50447",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2023-50447"
},
{
"cve": "CVE-2023-5752",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2023-5752"
},
{
"cve": "CVE-2024-1135",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-1135"
},
{
"cve": "CVE-2024-21503",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-21503"
},
{
"cve": "CVE-2024-24783",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-24783"
},
{
"cve": "CVE-2024-26130",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-27306",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-27306"
},
{
"cve": "CVE-2024-27351",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-27351"
},
{
"cve": "CVE-2024-28219",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-28219"
},
{
"cve": "CVE-2024-28849",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-30251",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-30251"
},
{
"cve": "CVE-2024-32879",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-32879"
},
{
"cve": "CVE-2024-34064",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-35195",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2024-3651",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-3651"
},
{
"cve": "CVE-2024-3772",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-3772"
},
{
"cve": "CVE-2024-4340",
"product_status": {
"known_affected": [
"67646",
"T035285",
"T012167",
"T034360",
"T004914",
"T032255",
"74185",
"2951",
"T002207",
"T045879",
"T047343",
"398363",
"T041113",
"T045881",
"T047344"
]
},
"release_date": "2024-06-10T22:00:00.000+00:00",
"title": "CVE-2024-4340"
}
]
}
WID-SEC-W-2024-3054
Vulnerability from csaf_certbund - Published: 2024-09-30 22:00 - Updated: 2024-10-30 23:00Summary
Splunk Add-on for Amazon Web Services: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Splunk Add-on for Amazon Web Services ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben und Daten zu manipulieren.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Es besteht eine Schwachstelle in Splunk Add-on for Amazon Web Services. Dieser Fehler betrifft das Drittanbieter-Paket golang aufgrund einer unsachgemäßen Behandlung von Chunk-Erweiterungen in HTTP-Anfragen und -Antworten, wodurch die Verwendung von Chunk-Erweiterungen den Server zwingen kann, deutlich mehr Daten als erwartet zu lesen, was zu einer Erschöpfung der Ressourcen führt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise Add-on for Amazon Web Services versions <7.7.0
Splunk / Splunk Enterprise
|
Add-on for Amazon Web Services versions <7.7.0 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise Add-on for Cisco Meraki <2.2.0
Splunk / Splunk Enterprise
|
Add-on for Cisco Meraki <2.2.0 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Splunk Splunk Enterprise Add-on for Google Cloud Platform<4.7.0
Splunk / Splunk Enterprise
|
Add-on for Google Cloud Platform<4.7.0 | ||
|
Splunk Splunk Enterprise Add-on for Office 365 <4.5.2
Splunk / Splunk Enterprise
|
Add-on for Office 365 <4.5.2 |
Es besteht eine Schwachstelle in Splunk Add-on for Amazon Web Services. Dieser Fehler betrifft ein Drittanbieter-Paket aufgrund einer unsachgemäßen Behandlung von beliebig großen Eingaben, die an die Funktion idna.encode() übergeben werden, was zu einem übermäßigen Ressourcenverbrauch führen kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er ein speziell präpariertes Argument bereitstellt.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise Add-on for Amazon Web Services versions <7.7.0
Splunk / Splunk Enterprise
|
Add-on for Amazon Web Services versions <7.7.0 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise Add-on for Cisco Meraki <2.2.0
Splunk / Splunk Enterprise
|
Add-on for Cisco Meraki <2.2.0 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Splunk Splunk Enterprise Add-on for Google Cloud Platform<4.7.0
Splunk / Splunk Enterprise
|
Add-on for Google Cloud Platform<4.7.0 | ||
|
Splunk Splunk Enterprise Add-on for Office 365 <4.5.2
Splunk / Splunk Enterprise
|
Add-on for Office 365 <4.5.2 |
Es besteht eine Schwachstelle in Splunk Add-on for Amazon Web Services. Dieser Fehler betrifft die Komponente urllib3 aufgrund einer falschen Behandlung des Proxy-Autorisierungs-Headers. Wenn der Proxy-Authorization-Header versehentlich in Anfragen enthalten ist, die keinen Proxy verwenden, entfernt die Bibliothek den Header nicht bei herkunftsübergreifenden Umleitungen, wodurch sensible Authentifizierungsinformationen möglicherweise unbeabsichtigten Domänen zugänglich gemacht werden. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise Add-on for Amazon Web Services versions <7.7.0
Splunk / Splunk Enterprise
|
Add-on for Amazon Web Services versions <7.7.0 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise Add-on for Cisco Meraki <2.2.0
Splunk / Splunk Enterprise
|
Add-on for Cisco Meraki <2.2.0 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Splunk Splunk Enterprise Add-on for Google Cloud Platform<4.7.0
Splunk / Splunk Enterprise
|
Add-on for Google Cloud Platform<4.7.0 | ||
|
Splunk Splunk Enterprise Add-on for Office 365 <4.5.2
Splunk / Splunk Enterprise
|
Add-on for Office 365 <4.5.2 |
Es besteht eine Schwachstelle in Splunk Add-on for Amazon Web Services. Dieser Fehler betrifft die Komponente Certifi aufgrund langjähriger und ungelöster Compliance-Probleme mit von GLOBALTRUST ausgestellten Root-Zertifikaten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um SSL-Zertifikate zu manipulieren oder zu missbrauchen.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise Add-on for Amazon Web Services versions <7.7.0
Splunk / Splunk Enterprise
|
Add-on for Amazon Web Services versions <7.7.0 | ||
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Splunk Splunk Enterprise Add-on for Cisco Meraki <2.2.0
Splunk / Splunk Enterprise
|
Add-on for Cisco Meraki <2.2.0 | ||
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Splunk Splunk Enterprise Add-on for Google Cloud Platform<4.7.0
Splunk / Splunk Enterprise
|
Add-on for Google Cloud Platform<4.7.0 | ||
|
Splunk Splunk Enterprise Add-on for Office 365 <4.5.2
Splunk / Splunk Enterprise
|
Add-on for Office 365 <4.5.2 |
References
11 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Add-on for Amazon Web Services ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben und Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3054 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3054.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3054 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3054"
},
{
"category": "external",
"summary": "Splunk Advisory vom 2024-09-30",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0901"
},
{
"category": "external",
"summary": "Red Hat Advisory",
"url": "https://access.redhat.com/security/cve/CVE-2023-39326"
},
{
"category": "external",
"summary": "GitHub Advisory",
"url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h"
},
{
"category": "external",
"summary": "Red Hat Advisory",
"url": "https://access.redhat.com/security/cve/CVE-2024-37891"
},
{
"category": "external",
"summary": "GitHub Advisory",
"url": "https://github.com/advisories/GHSA-248v-346w-9cwc"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-1012 vom 2024-10-14",
"url": "https://advisory.splunk.com//advisories/SVD-2024-1012"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-1013 vom 2024-10-17",
"url": "https://advisory.splunk.com//advisories/SVD-2024-1013"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-1014 vom 2024-10-30",
"url": "https://advisory.splunk.com//advisories/SVD-2024-1014"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-1015 vom 2024-10-30",
"url": "https://advisory.splunk.com//advisories/SVD-2024-1015"
}
],
"source_lang": "en-US",
"title": "Splunk Add-on for Amazon Web Services: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-10-30T23:00:00.000+00:00",
"generator": {
"date": "2024-10-31T09:11:52.361+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3054",
"initial_release_date": "2024-09-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-01T22:00:00.000+00:00",
"number": "2",
"summary": "Produkt angepasst"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-10-17T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-10-30T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Add-on for Amazon Web Services versions \u003c7.7.0",
"product": {
"name": "Splunk Splunk Enterprise Add-on for Amazon Web Services versions \u003c7.7.0",
"product_id": "T037937"
}
},
{
"category": "product_version_range",
"name": "Add-on for Amazon Web Services versions 7.7.0",
"product": {
"name": "Splunk Splunk Enterprise Add-on for Amazon Web Services versions 7.7.0",
"product_id": "T037937-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c9.3.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.1",
"product_id": "T038314"
}
},
{
"category": "product_version",
"name": "9.3.1",
"product": {
"name": "Splunk Splunk Enterprise 9.3.1",
"product_id": "T038314-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.3",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.3",
"product_id": "T038315"
}
},
{
"category": "product_version",
"name": "9.2.3",
"product": {
"name": "Splunk Splunk Enterprise 9.2.3",
"product_id": "T038315-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.6",
"product_id": "T038316"
}
},
{
"category": "product_version",
"name": "9.1.6",
"product": {
"name": "Splunk Splunk Enterprise 9.1.6",
"product_id": "T038316-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.6"
}
}
},
{
"category": "product_version_range",
"name": "Add-on for Office 365 \u003c4.5.2",
"product": {
"name": "Splunk Splunk Enterprise Add-on for Office 365 \u003c4.5.2",
"product_id": "T038485"
}
},
{
"category": "product_version",
"name": "Add-on for Office 365 4.5.2",
"product": {
"name": "Splunk Splunk Enterprise Add-on for Office 365 4.5.2",
"product_id": "T038485-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:add-on_for_office_365__4.5.2"
}
}
},
{
"category": "product_version_range",
"name": "Add-on for Google Cloud Platform\u003c4.7.0",
"product": {
"name": "Splunk Splunk Enterprise Add-on for Google Cloud Platform\u003c4.7.0",
"product_id": "T038700"
}
},
{
"category": "product_version",
"name": "Add-on for Google Cloud Platform4.7.0",
"product": {
"name": "Splunk Splunk Enterprise Add-on for Google Cloud Platform4.7.0",
"product_id": "T038700-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:add-on_for_google_cloud_platform_4.7.0"
}
}
},
{
"category": "product_version_range",
"name": "Add-on for Cisco Meraki \u003c2.2.0",
"product": {
"name": "Splunk Splunk Enterprise Add-on for Cisco Meraki \u003c2.2.0",
"product_id": "T038701"
}
},
{
"category": "product_version",
"name": "Add-on for Cisco Meraki 2.2.0",
"product": {
"name": "Splunk Splunk Enterprise Add-on for Cisco Meraki 2.2.0",
"product_id": "T038701-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:add-on_for_cisco_meraki__2.2.0"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39326",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Splunk Add-on for Amazon Web Services. Dieser Fehler betrifft das Drittanbieter-Paket golang aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Chunk-Erweiterungen in HTTP-Anfragen und -Antworten, wodurch die Verwendung von Chunk-Erweiterungen den Server zwingen kann, deutlich mehr Daten als erwartet zu lesen, was zu einer Ersch\u00f6pfung der Ressourcen f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T037937",
"T038314",
"T038315",
"T038701",
"T038316",
"T038700",
"T038485"
]
},
"release_date": "2024-09-30T22:00:00.000+00:00",
"title": "CVE-2023-39326"
},
{
"cve": "CVE-2024-3651",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Splunk Add-on for Amazon Web Services. Dieser Fehler betrifft ein Drittanbieter-Paket aufgrund einer unsachgem\u00e4\u00dfen Behandlung von beliebig gro\u00dfen Eingaben, die an die Funktion idna.encode() \u00fcbergeben werden, was zu einem \u00fcberm\u00e4\u00dfigen Ressourcenverbrauch f\u00fchren kann. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er ein speziell pr\u00e4pariertes Argument bereitstellt."
}
],
"product_status": {
"known_affected": [
"T037937",
"T038314",
"T038315",
"T038701",
"T038316",
"T038700",
"T038485"
]
},
"release_date": "2024-09-30T22:00:00.000+00:00",
"title": "CVE-2024-3651"
},
{
"cve": "CVE-2024-37891",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Splunk Add-on for Amazon Web Services. Dieser Fehler betrifft die Komponente urllib3 aufgrund einer falschen Behandlung des Proxy-Autorisierungs-Headers. Wenn der Proxy-Authorization-Header versehentlich in Anfragen enthalten ist, die keinen Proxy verwenden, entfernt die Bibliothek den Header nicht bei herkunfts\u00fcbergreifenden Umleitungen, wodurch sensible Authentifizierungsinformationen m\u00f6glicherweise unbeabsichtigten Dom\u00e4nen zug\u00e4nglich gemacht werden. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T037937",
"T038314",
"T038315",
"T038701",
"T038316",
"T038700",
"T038485"
]
},
"release_date": "2024-09-30T22:00:00.000+00:00",
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-39689",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Splunk Add-on for Amazon Web Services. Dieser Fehler betrifft die Komponente Certifi aufgrund langj\u00e4hriger und ungel\u00f6ster Compliance-Probleme mit von GLOBALTRUST ausgestellten Root-Zertifikaten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um SSL-Zertifikate zu manipulieren oder zu missbrauchen."
}
],
"product_status": {
"known_affected": [
"T037937",
"T038314",
"T038315",
"T038701",
"T038316",
"T038700",
"T038485"
]
},
"release_date": "2024-09-30T22:00:00.000+00:00",
"title": "CVE-2024-39689"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…