Bugzilla – Bug 1136184
python-botocore needs to support urllib 1.25 for CVE-2019-9947
Last modified: 2022-02-25 21:06:24 UTC
The two packages python and python3 are being patched against CVE-2019-9947 This in turn requires a fix / update of python-urllib3 to version 1.25 Python-botocore currently has a BuildRequires: python-urllib3 < 1.25, thus ending up 'unresolvable' with this updated stack. Python-botocore upstream has this already addressed in git, by means of: https://github.com/boto/botocore/commit/3a6bd282307ff91cbd04f2a7dfa6369c08015d2f through https://github.com/boto/botocore/pull/1735/files and https://github.com/boto/botocore/commit/e3ef8a9eae78f630d30fdb19ac091932aa6ed8ca through https://github.com/boto/botocore/pull/1737 Can you please add those two commits to the python-botocore package and submit it to openSUSE:Factory in order to get the CVE fixes ready?
Yes, I'll update botocore and boto to their latest versions. Note that they always have to be updated together.
SUSE-RU-2019:2506-1: An update that has three recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1136184,1146853,1146854 CVE References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15 (src): aws-cli-1.16.223-4.10.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src): python-boto3-1.9.213-3.8.1, python-botocore-1.12.213-3.8.1, python-s3transfer-0.2.1-3.6.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): python-boto3-1.9.213-3.8.1, python-botocore-1.12.213-3.8.1, python-s3transfer-0.2.1-3.6.1 SUSE Linux Enterprise Module for Basesystem 15 (src): python-boto3-1.9.213-3.8.1, python-botocore-1.12.213-3.8.1, python-s3transfer-0.2.1-3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-RU-2019:2270-1: An update that has three recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1136184,1146853,1146854 CVE References: Sources used: openSUSE Leap 15.0 (src): aws-cli-1.16.223-lp150.8.1, python-boto3-1.9.213-lp150.7.1, python-botocore-1.12.213-lp150.7.1, python-s3transfer-0.2.1-lp150.7.1
Released
SUSE-RU-2020:0498-1: An update that has 5 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1122669,1136184,1146853,1146854,1159018 CVE References: Sources used: SUSE Linux Enterprise Module for Python2 15-SP1 (src): python-PyYAML-5.1.2-6.3.7 SUSE Linux Enterprise Module for Public Cloud 15-SP1 (src): aws-cli-1.16.223-8.3.3, azure-cli-core-2.0.45-6.3.3, azure-cli-interactive-0.3.28-6.3.3, python-aws-sam-translator-1.11.0-4.3.8, python-cfn-lint-0.21.4-3.3.9 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src): python-boto3-1.9.213-7.3.4, python-botocore-1.12.213-7.3.4, python-s3transfer-0.2.1-6.3.5 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): python-boto3-1.9.213-7.3.4, python-botocore-1.12.213-7.3.4, python-s3transfer-0.2.1-6.3.5 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): python-PyYAML-5.1.2-6.3.7, python-boto3-1.9.213-7.3.4, python-botocore-1.12.213-7.3.4, python-s3transfer-0.2.1-6.3.5 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-RU-2020:0290-1: An update that has 5 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1122669,1136184,1146853,1146854,1159018 CVE References: Sources used: openSUSE Leap 15.1 (src): aws-cli-1.16.223-lp151.2.3.1, azure-cli-core-2.0.45-lp151.2.3.1, azure-cli-interactive-0.3.28-lp151.2.3.1, python-PyYAML-5.1.2-lp151.2.3.1, python-boto3-1.9.213-lp151.2.3.1, python-botocore-1.12.213-lp151.2.3.1, python-nose2-0.9.1-lp151.3.3.1, python-parameterized-0.7.0-lp151.3.3.1, python-s3transfer-0.2.1-lp151.2.3.1
openSUSE-RU-2020:0303-1: An update that has 5 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1122669,1136184,1146853,1146854,1159018 CVE References: Sources used: openSUSE Backports SLE-15-SP1 (src): python-nose2-0.9.1-bp151.4.3.1, python-parameterized-0.7.0-bp151.2.3.1
SUSE-RU-2020:0775-1: An update that has 11 recommended fixes can now be installed. Category: recommended (important) Bug References: 1069697,1075263,1088310,1095041,1118021,1118024,1118027,1129696,1136184,1146853,1146854 CVE References: Sources used: SUSE OpenStack Cloud Crowbar 8 (src): python-botocore-1.13.33-28.20.1, python-futures-3.0.2-15.3.1 SUSE OpenStack Cloud 8 (src): python-botocore-1.13.33-28.20.1, python-futures-3.0.2-15.3.1 SUSE OpenStack Cloud 7 (src): python-futures-3.0.2-15.3.1 SUSE Manager Tools 12 (src): python-futures-3.0.2-15.3.1 SUSE Manager Server 3.2 (src): python-futures-3.0.2-15.3.1 SUSE Manager Proxy 3.2 (src): python-futures-3.0.2-15.3.1 SUSE Linux Enterprise Point of Sale 12-SP2 (src): python-futures-3.0.2-15.3.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): python-boto3-1.10.33-14.14.1, python-botocore-1.13.33-28.20.1, python-futures-3.0.2-15.3.1, python-s3transfer-0.2.1-8.7.1 SUSE Linux Enterprise Module for Advanced Systems Management 12 (src): python-futures-3.0.2-15.3.1 SUSE Enterprise Storage 5 (src): python-futures-3.0.2-15.3.1 SUSE CaaS Platform 3.0 (src): python-futures-3.0.2-15.3.1 HPE Helion Openstack 8 (src): python-botocore-1.13.33-28.20.1, python-futures-3.0.2-15.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.