Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-request

Announcement ID:	SUSE-SU-2020:0555-1
Rating:	moderate
References:	bsc#1111622 bsc#1122668 jsc#PM-1447
Cross-References:	CVE-2018-18074
CVSS scores:	CVE-2018-18074 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-18074 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-18074 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Advanced Systems Management Module 12 Containers Module 12 HPE Helion OpenStack 8 Public Cloud Module 12 SUSE CaaS Platform 3.0 SUSE Enterprise Storage 5 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Availability Extension 12 SP1 SUSE Linux Enterprise High Availability Extension 12 SP2 SUSE Linux Enterprise High Availability Extension 12 SP5 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2 SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 SUSE Manager Client Tools for SLE 12 SUSE Manager Proxy 3.2 SUSE Manager Server 3.2 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8

An update that solves one vulnerability, contains one feature and has one security fix can now be installed.

Description:

This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the following issues:

python-cfn-lint was included as a new package in 0.21.4.

python-aws-sam-translator was updated to 1.11.0:

• Add ReservedConcurrentExecutions to globals
• Fix ElasticsearchHttpPostPolicy resource reference
• Support using AWS::Region in Ref and Sub
• Documentation and examples updates
• Add VersionDescription property to Serverless::Function
• Update ServerlessRepoReadWriteAccessPolicy
• Add additional template validation

Upgrade to 1.10.0:

• Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy
• Add DynamoDBReconfigurePolicy
• Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy
• Add EKSDescribePolicy
• Add SESBulkTemplatedCrudPolicy
• Add FilterLogEventsPolicy
• Add SSMParameterReadPolicy
• Add SESEmailTemplateCrudPolicy
• Add s3:PutObjectAcl to S3CrudPolicy
• Add allow_credentials CORS option
• Add support for AccessLogSetting and CanarySetting Serverless::Api properties
• Add support for X-Ray in Serverless::Api
• Add support for MinimumCompressionSize in Serverless::Api
• Add Auth to Serverless::Api globals
• Remove trailing slashes from APIGW permissions
• Add SNS FilterPolicy and an example application
• Add Enabled property to Serverless::Function event sources
• Add support for PermissionsBoundary in Serverless::Function
• Fix boto3 client initialization
• Add PublicAccessBlockConfiguration property to S3 bucket resource
• Make PAY_PER_REQUEST default mode for Serverless::SimpleTable
• Add limited support for resolving intrinsics in Serverless::LayerVersion
• SAM now uses Flake8
• Add example application for S3 Events written in Go

• Updated several example applications

• Initial build

• Version 1.9.0
• Add patch to drop compatible releases operator from setup.py, required for SLES12 as the setuptools version is too old
• ast_drop-compatible-releases-operator.patch

python-jsonschema was updated to 2.6.0:

• Improved performance on CPython by adding caching around ref resolution

Update to version 2.5.0:

• Improved performance on CPython by adding caching around ref resolution (#203)

Update to version 2.4.0:

• Added a CLI (#134)
• Added absolute path and absolute schema path to errors (#120)
• Added relevance
• Meta-schemas are now loaded via pkgutil
• Added by_relevance and best_match (#91)
• Fixed format to allow adding formats for non-strings (#125)

• Fixed the uri format to reject URI references (#131)

• Install /usr/bin/jsonschema with update-alternatives support

python-nose2 was updated to 0.9.1:

• the prof plugin now uses cProfile instead of hotshot for profiling
• skipped tests now include the user's reason in junit XML's message field
• the prettyassert plugin mishandled multi-line function definitions
• Using a plugin's CLI flag when the plugin is already enabled via config no longer errors
• nose2.plugins.prettyassert, enabled with --pretty-assert
• Cleanup code for EOLed python versions
• Dropped support for distutils.
• Result reporter respects failure status set by other plugins
• JUnit XML plugin now includes the skip reason in its output

Upgrade to 0.8.0:

List of changes is too long to show here, see https://github.com/nose-devs/nose2/blob/master/docs/changelog.rst changes between 0.6.5 and 0.8.0

Update to 0.7.0:

• Added parameterized_class feature, for parameterizing entire test classes (many thanks to @TobyLL for their suggestions and help testing!)
• Fix DeprecationWarning on inspect.getargs (thanks @brettdh; https://github.com/wolever/parameterized/issues/67)
• Make sure that setUp and tearDown methods work correctly (#40)
• Raise a ValueError when input is empty (thanks @danielbradburn; https://github.com/wolever/parameterized/pull/48)
• Fix the order when number of cases exceeds 10 (thanks @ntflc; https://github.com/wolever/parameterized/pull/49)

python-scandir was included in version 2.3.2.

python-requests was updated to version 2.20.1 (bsc#1111622)

• Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443).

• remove restriction for urllib3 < 1.24

Update to version 2.20.0:

• Bugfixes
• Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8).
• Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions.
• Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074)
• should_bypass_proxies now handles URIs without hostnames (e.g. files).
• Dependencies
• Requests now supports urllib3 v1.24.
• Deprecations
• Requests has officially stopped support for Python 2.6.

Update to version 2.19.1:

• Fixed issue where status_codes.py’s init function failed trying to append to a doc value of None.

Update to version 2.19.0:

• Improvements
• Warn about possible slowdown with cryptography version < 1.3.4
• Check host in proxy URL, before forwarding request to adapter.
• Maintain fragments properly across redirects. (RFC7231 7.1.2)
• Removed use of cgi module to expedite library load time.
• Added support for SHA-256 and SHA-512 digest auth algorithms.
• Minor performance improvement to Request.content.
• Migrate to using collections.abc for 3.7 compatibility.
• Bugfixes
• Parsing empty Link headers with parse_header_links() no longer return one bogus entry.
• Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError.
• Fixed issue with unexpected ImportError on windows system which do not support winreg module.
• DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS.
• Properly normalize adapter prefixes for url comparison.
• Passing None as a file pointer to the files param no longer raises an exception.
• Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly.
• We now support idna v2.7 and urllib3 v1.23.

update to version 2.18.4:

• Improvements
• Error messages for invalid headers now include the header name for easier debugging
• Dependencies
• We now support idna v2.6.

update to version 2.18.3:

• Improvements
• Running $ python -m requests.help now includes the installed version of idna.
• Bugfixes
• Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• HPE Helion OpenStack 8
  zypper in -t patch HPE-Helion-OpenStack-8-2020-555=1
• SUSE OpenStack Cloud 7
  zypper in -t patch SUSE-OpenStack-Cloud-7-2020-555=1
• SUSE OpenStack Cloud 8
  zypper in -t patch SUSE-OpenStack-Cloud-8-2020-555=1
• SUSE OpenStack Cloud Crowbar 8
  zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-555=1
• SUSE Linux Enterprise High Availability Extension 12 SP1
  zypper in -t patch SUSE-SLE-HA-12-SP1-2020-555=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-HA-12-SP1-2020-555=1 SUSE-SLE-SAP-12-SP1-2020-555=1
• SUSE Linux Enterprise High Availability Extension 12 SP2
  zypper in -t patch SUSE-SLE-HA-12-SP2-2020-555=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP2
  zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-555=1 SUSE-SLE-HA-12-SP2-2020-555=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-HA-12-SP5-2020-555=1 SUSE-SLE-SERVER-12-SP5-2020-555=1
• SUSE Linux Enterprise High Availability Extension 12 SP5
  zypper in -t patch SUSE-SLE-HA-12-SP5-2020-555=1
• SUSE Manager Client Tools for SLE 12
  zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-555=1
• Advanced Systems Management Module 12
  zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2020-555=1
• Containers Module 12
  zypper in -t patch SUSE-SLE-Module-Containers-12-2020-555=1
• Public Cloud Module 12
  zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-555=1
• SUSE Linux Enterprise Point of Service Image Server 12 12-SP2
  zypper in -t patch SUSE-SLE-POS-12-SP2-CLIENT-2020-555=1 SUSE-SLE-POS-12-SP2-2020-555=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-555=1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-555=1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-555=1
• SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-ESPOS-2020-555=1
• SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-555=1
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-555=1
• SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-ESPOS-2020-555=1
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-555=1
• SUSE Linux Enterprise High Performance Computing 12 SP4
  zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-555=1
• SUSE Linux Enterprise Server 12 SP4
  zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-555=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4
  zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-555=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-555=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-555=1
• SUSE Enterprise Storage 5
  zypper in -t patch SUSE-Storage-5-2020-555=1
• SUSE CaaS Platform 3.0
  To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.
• SUSE Manager Proxy 3.2
  zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2020-555=1
• SUSE Manager Server 3.2
  zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-555=1

Package List:

• HPE Helion OpenStack 8 (x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• HPE Helion OpenStack 8 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-jsonpatch-1.1-10.4.1
  • python-packaging-17.1-2.5.1
  • python-jsonpointer-1.0-10.3.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-jsonpointer-1.0-10.3.1
  • python3-packaging-17.1-2.5.1
  • python-botocore-1.12.213-28.12.1
• SUSE OpenStack Cloud 7 (x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE OpenStack Cloud 7 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-pyparsing-2.2.0-7.6.1
  • python-jsonpatch-1.1-10.4.1
  • python-packaging-17.1-2.5.1
  • python3-pyparsing-2.2.0-7.6.1
  • python-jsonpointer-1.0-10.3.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-jsonpointer-1.0-10.3.1
  • python3-packaging-17.1-2.5.1
• SUSE OpenStack Cloud 8 (x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE OpenStack Cloud 8 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-jsonpatch-1.1-10.4.1
  • python-packaging-17.1-2.5.1
  • python-jsonpointer-1.0-10.3.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-jsonpointer-1.0-10.3.1
  • python3-packaging-17.1-2.5.1
  • python-botocore-1.12.213-28.12.1
• SUSE OpenStack Cloud Crowbar 8 (x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE OpenStack Cloud Crowbar 8 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-jsonpatch-1.1-10.4.1
  • python-packaging-17.1-2.5.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-jsonpointer-1.0-10.3.1
  • python3-packaging-17.1-2.5.1
  • python-botocore-1.12.213-28.12.1
• SUSE Linux Enterprise High Availability Extension 12 SP1 (ppc64le s390x x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise High Availability Extension 12 SP1 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-pyparsing-2.2.0-7.6.1
  • python-packaging-17.1-2.5.1
  • python3-pyparsing-2.2.0-7.6.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-pyparsing-2.2.0-7.6.1
  • python-packaging-17.1-2.5.1
  • python3-pyparsing-2.2.0-7.6.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
• SUSE Linux Enterprise High Availability Extension 12 SP2 (ppc64le s390x x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Server for SAP Applications 12 SP2 (ppc64le x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Server for SAP Applications 12 SP2 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-pyparsing-2.2.0-7.6.1
  • python-packaging-17.1-2.5.1
  • python3-pyparsing-2.2.0-7.6.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-packaging-17.1-2.5.1
  • python-requests-2.20.1-8.7.7
  • python-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise High Availability Extension 12 SP5 (noarch)
  • python-requests-2.20.1-8.7.7
• SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• Advanced Systems Management Module 12 (ppc64le s390x x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• Containers Module 12 (x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• Public Cloud Module 12 (noarch)
  • python3-aws-sam-translator-1.11.0-2.3.1
  • python-s3transfer-0.2.1-8.3.1
  • python3-cfn-lint-0.21.4-2.3.1
  • python-functools32-3.2.3.2-2.6.1
  • python3-requests-2.20.1-8.7.7
  • python-docutils-0.15.2-3.4.2
  • python-jsonpatch-1.1-10.4.1
  • python3-jsonschema-2.6.0-5.3.1
  • python3-boto3-1.9.213-14.9.1
  • python-requests-2.20.1-8.7.7
  • python3-botocore-1.12.213-28.12.1
  • python3-docutils-0.15.2-3.4.2
  • python3-s3transfer-0.2.1-8.3.1
  • python-jsonschema-2.6.0-5.3.1
  • python-jsonpointer-1.0-10.3.1
  • python3-jsonpatch-1.1-10.4.1
  • python-boto3-1.9.213-14.9.1
  • cfn-lint-0.21.4-2.3.1
  • python3-jsonpointer-1.0-10.3.1
  • python-botocore-1.12.213-28.12.1
• Public Cloud Module 12 (aarch64 ppc64le s390x x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-pyparsing-2.2.0-7.6.1
  • python-packaging-17.1-2.5.1
  • python3-pyparsing-2.2.0-7.6.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
• SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 (x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
  • python-packaging-17.1-2.5.1
  • python-asn1crypto-0.24.0-2.5.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-pyparsing-2.2.0-7.6.1
  • python-packaging-17.1-2.5.1
  • python3-pyparsing-2.2.0-7.6.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-pyparsing-2.2.0-7.6.1
  • python-packaging-17.1-2.5.1
  • python3-pyparsing-2.2.0-7.6.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
• SUSE Linux Enterprise Server 12 SP2 ESPOS 12-SP2 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-pyparsing-2.2.0-7.6.1
  • python-packaging-17.1-2.5.1
  • python3-pyparsing-2.2.0-7.6.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
• SUSE Linux Enterprise Server 12 SP2 LTSS 12-SP2 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-pyparsing-2.2.0-7.6.1
  • python-packaging-17.1-2.5.1
  • python3-pyparsing-2.2.0-7.6.1
  • python-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 (x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
  • python-packaging-17.1-2.5.1
  • python-asn1crypto-0.24.0-2.5.1
• SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 (aarch64 x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
  • python-packaging-17.1-2.5.1
  • python-asn1crypto-0.24.0-2.5.1
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 (aarch64 ppc64le s390x x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Server 12 SP3 LTSS 12-SP3 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
  • python-packaging-17.1-2.5.1
  • python-asn1crypto-0.24.0-2.5.1
• SUSE Linux Enterprise High Performance Computing 12 SP4 (aarch64 x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise High Performance Computing 12 SP4 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
  • python-packaging-17.1-2.5.1
  • python-asn1crypto-0.24.0-2.5.1
• SUSE Linux Enterprise Server 12 SP4 (aarch64 ppc64le s390x x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Server 12 SP4 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
  • python-packaging-17.1-2.5.1
  • python-asn1crypto-0.24.0-2.5.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
  • python-packaging-17.1-2.5.1
  • python-asn1crypto-0.24.0-2.5.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-asn1crypto-0.24.0-2.5.1
  • python-packaging-17.1-2.5.1
  • python-requests-2.20.1-8.7.7
  • python3-packaging-17.1-2.5.1
• SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python-asn1crypto-0.24.0-2.5.1
  • python-packaging-17.1-2.5.1
  • python-requests-2.20.1-8.7.7
  • python3-packaging-17.1-2.5.1
• SUSE Enterprise Storage 5 (aarch64 x86_64)
  • python3-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Enterprise Storage 5 (noarch)
  • python3-asn1crypto-0.24.0-2.5.1
  • python3-packaging-17.1-2.5.1
  • python-packaging-17.1-2.5.1
  • python-asn1crypto-0.24.0-2.5.1
• SUSE CaaS Platform 3.0 (x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE CaaS Platform 3.0 (noarch)
  • python-jsonpatch-1.1-10.4.1
  • python-jsonpointer-1.0-10.3.1
• SUSE Manager Proxy 3.2 (x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4
• SUSE Manager Server 3.2 (ppc64le s390x x86_64)
  • python-PyYAML-debugsource-5.1.2-26.9.4
  • python-PyYAML-5.1.2-26.9.4
  • python-PyYAML-debuginfo-5.1.2-26.9.4

References:

• https://www.suse.com/security/cve/CVE-2018-18074.html
• https://bugzilla.suse.com/show_bug.cgi?id=1111622
• https://bugzilla.suse.com/show_bug.cgi?id=1122668
• https://jira.suse.com/browse/PM-1447