Security update for python3

Announcement ID:	SUSE-SU-2020:0114-1
Rating:	important
References:	bsc#1027282 bsc#1029377 bsc#1029902 bsc#1040164 bsc#1042670 bsc#1070853 bsc#1079761 bsc#1081750 bsc#1083507 bsc#1086001 bsc#1088004 bsc#1088009 bsc#1088573 bsc#1094814 bsc#1107030 bsc#1109663 bsc#1109847 bsc#1120644 bsc#1122191 bsc#1129346 bsc#1130840 bsc#1133452 bsc#1137942 bsc#1138459 bsc#1141853 bsc#1149121 bsc#1149792 bsc#1149955 bsc#1151490 bsc#1153238 bsc#1159035 bsc#1159622 bsc#637176 bsc#658604 bsc#673071 bsc#709442 bsc#743787 bsc#747125 bsc#751718 bsc#754447 bsc#754677 bsc#787526 bsc#809831 bsc#831629 bsc#834601 bsc#871152 bsc#885662 bsc#885882 bsc#917607 bsc#942751 bsc#951166 bsc#983582 bsc#984751 bsc#985177 bsc#985348 bsc#989523 jsc#SLE-9426 jsc#SLE-9427
Cross-References:	CVE-2011-3389 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2013-1752 CVE-2013-4238 CVE-2014-2667 CVE-2014-4650 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647 CVE-2018-20406 CVE-2018-20852 CVE-2019-10160 CVE-2019-15903 CVE-2019-16056 CVE-2019-16935 CVE-2019-5010 CVE-2019-9636 CVE-2019-9947
CVSS scores:	CVE-2011-3389 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2011-4944 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2012-0845 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2012-1150 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2013-1752 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2013-4238 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2014-2667 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2014-4650 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2014-4650 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-0772 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N CVE-2016-1000110 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2016-5636 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-5636 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-5699 ( NVD ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2017-18207 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-18207 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-1000802 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-1000802 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000802 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1060 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-1060 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-1060 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-1061 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-1061 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-14647 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14647 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-14647 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-20406 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-20406 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-20852 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-20852 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-10160 ( SUSE ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-10160 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-10160 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-15903 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-15903 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-15903 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-16056 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2019-16056 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-16935 ( SUSE ): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2019-16935 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-5010 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-5010 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-9636 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-9636 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-9636 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-9947 ( SUSE ): 5.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2019-9947 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-9947 ( NVD ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:	Basesystem Module 15-SP1 Basesystem Module 15 Development Tools Module 15-SP1 Development Tools Module 15 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Real Time 15 SP1 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0

An update that solves 26 vulnerabilities, contains two features and has 30 security fixes can now be installed.

Description:

This update for python3 to version 3.6.10 fixes the following issues:

• CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).
• CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955).
• CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Basesystem Module 15
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-114=1
• Basesystem Module 15-SP1
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-114=1
• Development Tools Module 15
  zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2020-114=1
• Development Tools Module 15-SP1
  zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-114=1

Package List:

• Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
  • python3-devel-debuginfo-3.6.10-3.42.2
  • python3-debuginfo-3.6.10-3.42.2
  • python3-devel-3.6.10-3.42.2
  • python3-idle-3.6.10-3.42.2
  • python3-debugsource-3.6.10-3.42.2
  • python3-base-debugsource-3.6.10-3.42.2
  • python3-curses-debuginfo-3.6.10-3.42.2
  • python3-base-debuginfo-3.6.10-3.42.2
  • python3-tk-3.6.10-3.42.2
  • libpython3_6m1_0-3.6.10-3.42.2
  • python3-tk-debuginfo-3.6.10-3.42.2
  • python3-curses-3.6.10-3.42.2
  • python3-3.6.10-3.42.2
  • python3-dbm-3.6.10-3.42.2
  • python3-dbm-debuginfo-3.6.10-3.42.2
  • libpython3_6m1_0-debuginfo-3.6.10-3.42.2
  • python3-base-3.6.10-3.42.2
• Basesystem Module 15-SP1 (aarch64 ppc64le s390x x86_64)
  • python3-devel-debuginfo-3.6.10-3.42.2
  • python3-debuginfo-3.6.10-3.42.2
  • python3-devel-3.6.10-3.42.2
  • python3-idle-3.6.10-3.42.2
  • python3-debugsource-3.6.10-3.42.2
  • python3-base-debugsource-3.6.10-3.42.2
  • python3-curses-debuginfo-3.6.10-3.42.2
  • python3-base-debuginfo-3.6.10-3.42.2
  • python3-tk-3.6.10-3.42.2
  • libpython3_6m1_0-3.6.10-3.42.2
  • python3-tk-debuginfo-3.6.10-3.42.2
  • python3-curses-3.6.10-3.42.2
  • python3-3.6.10-3.42.2
  • python3-dbm-3.6.10-3.42.2
  • python3-dbm-debuginfo-3.6.10-3.42.2
  • libpython3_6m1_0-debuginfo-3.6.10-3.42.2
  • python3-base-3.6.10-3.42.2
• Development Tools Module 15 (aarch64 ppc64le s390x x86_64)
  • python3-tools-3.6.10-3.42.2
  • python3-base-debuginfo-3.6.10-3.42.2
  • python3-base-debugsource-3.6.10-3.42.2
• Development Tools Module 15-SP1 (aarch64 ppc64le s390x x86_64)
  • python3-tools-3.6.10-3.42.2
  • python3-base-debuginfo-3.6.10-3.42.2
  • python3-base-debugsource-3.6.10-3.42.2

References:

• https://www.suse.com/security/cve/CVE-2011-3389.html
• https://www.suse.com/security/cve/CVE-2011-4944.html
• https://www.suse.com/security/cve/CVE-2012-0845.html
• https://www.suse.com/security/cve/CVE-2012-1150.html
• https://www.suse.com/security/cve/CVE-2013-1752.html
• https://www.suse.com/security/cve/CVE-2013-4238.html
• https://www.suse.com/security/cve/CVE-2014-2667.html
• https://www.suse.com/security/cve/CVE-2014-4650.html
• https://www.suse.com/security/cve/CVE-2016-0772.html
• https://www.suse.com/security/cve/CVE-2016-1000110.html
• https://www.suse.com/security/cve/CVE-2016-5636.html
• https://www.suse.com/security/cve/CVE-2016-5699.html
• https://www.suse.com/security/cve/CVE-2017-18207.html
• https://www.suse.com/security/cve/CVE-2018-1000802.html
• https://www.suse.com/security/cve/CVE-2018-1060.html
• https://www.suse.com/security/cve/CVE-2018-1061.html
• https://www.suse.com/security/cve/CVE-2018-14647.html
• https://www.suse.com/security/cve/CVE-2018-20406.html
• https://www.suse.com/security/cve/CVE-2018-20852.html
• https://www.suse.com/security/cve