Security update for python36

Announcement ID:	SUSE-SU-2020:0302-1
Rating:	important
References:	bsc#1027282 bsc#1029377 bsc#1081750 bsc#1083507 bsc#1086001 bsc#1088009 bsc#1094814 bsc#1109663 bsc#1137942 bsc#1138459 bsc#1141853 bsc#1149121 bsc#1149429 bsc#1149792 bsc#1149955 bsc#1151490 bsc#1159035 bsc#1159622 bsc#709442 bsc#951166 bsc#983582 jsc#SLE-9426 jsc#SLE-9427
Cross-References:	CVE-2017-18207 CVE-2018-1000802 CVE-2018-1060 CVE-2018-20852 CVE-2019-10160 CVE-2019-15903 CVE-2019-16056 CVE-2019-5010 CVE-2019-9636 CVE-2019-9947
CVSS scores:	CVE-2017-18207 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-18207 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-1000802 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-1000802 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000802 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1060 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-1060 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-1060 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-20852 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-20852 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-10160 ( SUSE ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-10160 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-10160 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-15903 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-15903 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-15903 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-16056 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2019-16056 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-5010 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-5010 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-9636 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-9636 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-9636 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-9947 ( SUSE ): 5.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2019-9947 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-9947 ( NVD ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves 10 vulnerabilities, contains two features and has 11 security fixes can now be installed.

Description:

This update for python36 to version 3.6.10 fixes the following issues:

• CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).
• CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs (bsc#1149955).
• CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-302=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-302=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-302=1

Package List:

• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
  • libpython3_6m1_0-3.6.10-4.3.5
  • libpython3_6m1_0-debuginfo-3.6.10-4.3.5
  • python36-debuginfo-3.6.10-4.3.5
  • python36-3.6.10-4.3.5
  • python36-debugsource-3.6.10-4.3.5
  • python36-base-debugsource-3.6.10-4.3.5
  • python36-base-3.6.10-4.3.5
  • python36-base-debuginfo-3.6.10-4.3.5
• SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
  • libpython3_6m1_0-3.6.10-4.3.5
  • libpython3_6m1_0-debuginfo-3.6.10-4.3.5
  • python36-debuginfo-3.6.10-4.3.5
  • python36-3.6.10-4.3.5
  • python36-debugsource-3.6.10-4.3.5
  • python36-base-debugsource-3.6.10-4.3.5
  • python36-base-3.6.10-4.3.5
  • python36-base-debuginfo-3.6.10-4.3.5
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
  • libpython3_6m1_0-3.6.10-4.3.5
  • libpython3_6m1_0-debuginfo-3.6.10-4.3.5
  • python36-debuginfo-3.6.10-4.3.5
  • python36-3.6.10-4.3.5
  • python36-debugsource-3.6.10-4.3.5
  • python36-base-debugsource-3.6.10-4.3.5
  • python36-base-3.6.10-4.3.5
  • python36-base-debuginfo-3.6.10-4.3.5

References:

• https://www.suse.com/security/cve/CVE-2017-18207.html
• https://www.suse.com/security/cve/CVE-2018-1000802.html
• https://www.suse.com/security/cve/CVE-2018-1060.html
• https://www.suse.com/security/cve/CVE-2018-20852.html
• https://www.suse.com/security/cve/CVE-2019-10160.html
• https://www.suse.com/security/cve/CVE-2019-15903.html
• https://www.suse.com/security/cve/CVE-2019-16056.html
• https://www.suse.com/security/cve/CVE-2019-5010.html
• https://www.suse.com/security/cve/CVE-2019-9636.html
• https://www.suse.com/security/cve/CVE-2019-9947.html
• https://bugzilla.suse.com/show_bug.cgi?id=1027282
• https://bugzilla.suse.com/show_bug.cgi?id=1029377
• https://bugzilla.suse.com/show_bug.cgi?id=1081750
• https://bugzilla.suse.com/show_bug.cgi?id=1083507
• https://bugzilla.suse.com/show_bug.cgi?id=1086001
• https://bugzilla.suse.com/show_bug.cgi?id=1088009
• https://bugzilla.suse.com/show_bug.cgi?id=1094814
• https://bugzilla.suse.com/show_bug.cgi?id=1109663
• https://bugzilla.suse.com/show_bug.cgi?id=1137942
• https://bugzilla.suse.com/show_bug.cgi?id=1138459
• https://bugzilla.suse.com/show_bug.cgi?id=1141853
• https://bugzilla.suse.com/show_bug.cgi?id=1149121
• https://bugzilla.suse.com/show_bug.cgi?id=1149429
• https://bugzilla.suse.com/show_bug.cgi?id=1149792
• https://bugzilla.suse.com/show_bug.cgi?id=1149955
• https://bugzilla.suse.com/show_bug.cgi?id=1151490
• https://bugzilla.suse.com/show_bug.cgi?id=1159035
• https://bugzilla.suse.com/show_bug.cgi?id=1159622
• https://bugzilla.suse.com/show_bug.cgi?id=709442
• https://bugzilla.suse.com/show_bug.cgi?id=951166
• https://bugzilla.suse.com/show_bug.cgi?id=983582
• https://jira.suse.com/browse/SLE-9426
• https://jira.suse.com/browse/SLE-9427