{"affected":[{"ecosystem_specific":{"binaries":[{"libprotobuf-lite20":"3.9.2-150100.8.3.3","python2-cryptography":"3.3.2-150100.7.15.3","python2-psutil":"5.9.1-150100.6.6.3","python2-requests":"2.25.1-150100.6.13.3","python3-cryptography":"3.3.2-150100.7.15.3","python3-psutil":"5.9.1-150100.6.6.3","python3-requests":"2.25.1-150100.6.13.3","python3-websocket-client":"1.3.2-150100.6.7.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","name":"protobuf","purl":"pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.9.2-150100.8.3.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libprotobuf-lite20":"3.9.2-150100.8.3.3","python2-cryptography":"3.3.2-150100.7.15.3","python2-psutil":"5.9.1-150100.6.6.3","python2-requests":"2.25.1-150100.6.13.3","python3-cryptography":"3.3.2-150100.7.15.3","python3-psutil":"5.9.1-150100.6.6.3","python3-requests":"2.25.1-150100.6.13.3","python3-websocket-client":"1.3.2-150100.6.7.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","name":"python-cryptography","purl":"pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.3.2-150100.7.15.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libprotobuf-lite20":"3.9.2-150100.8.3.3","python2-cryptography":"3.3.2-150100.7.15.3","python2-psutil":"5.9.1-150100.6.6.3","python2-requests":"2.25.1-150100.6.13.3","python3-cryptography":"3.3.2-150100.7.15.3","python3-psutil":"5.9.1-150100.6.6.3","python3-requests":"2.25.1-150100.6.13.3","python3-websocket-client":"1.3.2-150100.6.7.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","name":"python-psutil","purl":"pkg:rpm/suse/python-psutil&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.9.1-150100.6.6.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libprotobuf-lite20":"3.9.2-150100.8.3.3","python2-cryptography":"3.3.2-150100.7.15.3","python2-psutil":"5.9.1-150100.6.6.3","python2-requests":"2.25.1-150100.6.13.3","python3-cryptography":"3.3.2-150100.7.15.3","python3-psutil":"5.9.1-150100.6.6.3","python3-requests":"2.25.1-150100.6.13.3","python3-websocket-client":"1.3.2-150100.6.7.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.25.1-150100.6.13.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libprotobuf-lite20":"3.9.2-150100.8.3.3","python2-cryptography":"3.3.2-150100.7.15.3","python2-psutil":"5.9.1-150100.6.6.3","python2-requests":"2.25.1-150100.6.13.3","python3-cryptography":"3.3.2-150100.7.15.3","python3-psutil":"5.9.1-150100.6.6.3","python3-requests":"2.25.1-150100.6.13.3","python3-websocket-client":"1.3.2-150100.6.7.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","name":"python-websocket-client","purl":"pkg:rpm/suse/python-websocket-client&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.2-150100.6.7.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues:\n\ngrpc:\n- Update in SLE-15 (bsc#1197726, bsc#1144068)\n  \nprotobuf:\n- Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681\n- Fix a potential DoS issue when parsing with binary data in  protobuf-java, CVE-2022-3171, bsc#1204256\n- Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530\n- Add missing dependency of python subpackages on python-six (bsc#1177127)\n- Updated to version 3.9.2 (bsc#1162343)\n  * Remove OSReadLittle* due to alignment requirements.\n  * Don't use unions and instead use memcpy for the type swaps.\n- Disable LTO (bsc#1133277)\n\npython-aiocontextvars:  \n- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n\npython-avro:\n- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n\npython-cryptography:  \n- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331)\n  * SECURITY ISSUE: Fixed a bug where certain sequences of update()\n    calls when symmetrically encrypting very large payloads (>2GB) could\n    result in an integer overflow, leading to buffer overflows.\n  CVE-2020-36242\n\npython-cryptography-vectors:\n- update to 3.2 (bsc#1178168, CVE-2020-25659):\n  * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,\n    to protect against Bleichenbacher vulnerabilities. Due to limitations imposed\n    by our API, we cannot completely mitigate this vulnerability.\n  * Support for OpenSSL 1.0.2 has been removed.\n  * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.\n- update to 3.3.2 (bsc#1198331)\n\npython-Deprecated:\n- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- update to 1.2.13:\n\npython-google-api-core:\n- Update to 1.14.2\n\npython-googleapis-common-protos:\n- Update to 1.6.0\n  \npython-grpcio-gcp:\n- Initial spec for v0.2.2\n\npython-humanfriendly:\n- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- Update to 10.0\n\npython-jsondiff:\n- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- Update to version 1.3.0\n\npython-knack:  \n- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- Update to version 0.9.0\n\npython-opencensus:\n- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- Disable Python2 build\n- Update to 0.8.0\n\npython-opencensus-context:  \n- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n\npython-opencensus-ext-threading:  \n- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- Initial build version 0.1.2\n\npython-opentelemetry-api:\n- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- Version update to 1.5.0\n\npython-psutil:\n- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- update to 5.9.1\n- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753)\n- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n\npython-PyGithub:\n- Update to 1.43.5:\n\npython-pytest-asyncio:  \n- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- Initial release of python-pytest-asyncio 0.8.0 \n  \npython-requests:\n- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n  \npython-websocket-client:\n- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- Update to version 1.3.2\n\npython-websockets:\n- Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)\n- update to 9.1:\n ","id":"SUSE-SU-2023:2783-2","modified":"2023-09-19T21:52:38Z","published":"2023-09-19T21:52:38Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20232783-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1099269"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133277"},{"type":"REPORT","url":"https://bugzilla.suse.com/1144068"},{"type":"REPORT","url":"https://bugzilla.suse.com/1162343"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177127"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178168"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182066"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184753"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194530"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197726"},{"type":"REPORT","url":"https://bugzilla.suse.com/1198331"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199282"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203681"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204256"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1000518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25659"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-36242"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-22569"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-22570"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-1941"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3171"}],"related":["CVE-2018-1000518","CVE-2020-25659","CVE-2020-36242","CVE-2021-22569","CVE-2021-22570","CVE-2022-1941","CVE-2022-3171"],"summary":"Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets","upstream":["CVE-2018-1000518","CVE-2020-25659","CVE-2020-36242","CVE-2021-22569","CVE-2021-22570","CVE-2022-1941","CVE-2022-3171"]}