openSUSE Security Update: Security update for pyenv
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:10183-1
Rating:             moderate
References:         #1201582 
Cross-References:   CVE-2022-35861
CVSS scores:
                    CVE-2022-35861 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    openSUSE Backports SLE-15-SP4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for pyenv fixes the following issues:

   Update to 2.3.5

   - Add CPython 3.10.7 by @edgarrmondragon in #2454
   - Docs: update Fish PATH update by @gregorias in #2449
   - Add CPython 3.7.14, 3.8.14 and 3.9.14 by @edgarrmondragon in #2456
   - Update miniconda3-3.9-4.12.0 by @Tsuki in #2460
   - Add CPython 3.11.0rc2 by @ViktorHaag in #2459
   - Add patches for 3.7.14 to support Apple Silicon by @samdoran in #2463
   - Add ability to easily skip all use of Homebrew by @samdoran in #2464
   - Drop Travis integration by @sobolevn in #2468
   - Build CPython 3.12+ with --with-dsymutil in MacOS by @native-api in #2471
   - Add Pyston 2.3.5 by @scop in #2476 Full Changelog:
     https://github.com/pyenv/pyenv/compare/v2.3.4...v2.3.5

   Update to 2.3.4

   - Add CPython 3.11.0rc1 by @edgarrmondragon in #2434
   - Add support for multiple versions in pyenv uninstall by @hardikpnsp in
     #2432
   - Add micropython 1.18 and 1.19.1 by @dmitriy-serdyuk in #2443
   - CI: support Micropython, deleted scripts; build with -v by @native-api
     in #2447
   - Re-allow paths in .python-version while still preventing CVE-2022-35861
     by @comrumino in #2442
   - CI: Bump OS versions by @native-api in #2448
   - Add Cinder 3.8 by @filips123 in #2433
   - Add support for multiple versions in pyenv uninstall in #2432
   - Add micropython 1.18 and 1.19.1 in #2443
   - Add Cinder 3.8 in #2433

   Update to 2.3.3

   - Use version sort in pyenv versions by @fofoni in #2405
   - Add CPython 3.11.0b4 by @majorgreys in #2411
   - Python-build: Replace deprecated git protocol use with https in docs by
     @ssbarnea in #2413
   - Fix relative path traversal due to using version string in path by
     @comrumino in #2412
   - Allow pypy2 and pypy3 patching by @brogon in #2421, #2419
   - Add CPython 3.11.0b5 by @edgarrmondragon in #2420
   - Add GraalPython 22.2.0 by @msimacek in #2425
   - Add CPython 3.10.6 by @edgarrmondragon in #2428
   - Add CPython 3.11.0b4 by @majorgreys in #2411
   - Replace deprecated git protocol use with https by @ssbarnea in docs #2413
   - Fix relative path traversal due to using version string in path by
     @comrumino in #2412
   - Fix patterns for pypy2.*/pypy3.* versions by @brogon in #2419

   Update to 2.3.2

   - Add CPython 3.11.0b2 by @saaketp in #2380
   - Honor CFLAGS_EXTRA for MicroPython #2006 by @yggdr in #2007
   - Add post-install checks for curses, ctypes, lzma, and tkinter by
     @aphedges in #2353
   - Add CPython 3.11.0b3 by @edgarrmondragon in #2382
   - Add flags for Homebrew into python-config --ldflags by @native-api in
     #2384
   - Add CPython 3.10.5 by @illia-v in #2386
   - Add Anaconda 2019.10, 2021.04, 2022.05; support Anaconda in
     add_miniconda.py by @native-api in #2385
   - Add Pyston-2.3.4 by @dand-oss in #2390
   - Update Anaconda3-2022.05 MacOSX arm64 md5 by @bkbncn in #2391
   - Fix boo#1201582 to fix CVE-2022-35861 (from commit 22fa683, file
     pyenv-CVE-2022-35861.patch)

   Update to 2.3.0

   - Bump openssl 1.1 to 1.1.1n for CPython 3.7 3.8 3.9 by @tuzi3040 in #2276
   - Doc Fix: Escape a hash character causing unwanted GitHub Issue linking
     by @edrogers in #2282
   - Add CPython 3.9.12 by @saaketp in #2296
   - Add CPython 3.10.4 by @saaketp in #2295
   - Add patch for 3.6.15 to support Xcode 13.3 by @nshine in #2288
   - Add patch for 3.7.12 to support Xcode 13.3 by @samdoran in #2292
   - Add CONTRIBUTING.md by @native-api in #2287
   - Add PyPy 7.3.9 release 2022-03-30 by @dand-oss in #2308
   - Add Pyston 2.3.3 by @scop in #2316
   - Add CPython 3.11.0a7 by @illia-v in #2315
   - Add "nogil" Python v3.9.10 by @colesbury in #2342
   - Support XCode 13.3 in all releases that officially support MacOS 11 by
     @native-api in #2344
   - Add GraalPython 22.1.0 by @msimacek in #2346
   - Make PYENV_DEBUG imply -v for pyenv install by @native-api in #2347
   - Simplify init scheme by @native-api in #2310
   - Don't use Homebrew outside of MacOS by @native-api in #2349
   - Add :latest syntax to documentation for the install command by @hay in
     #2351

   Update to 2.2.5

   - fix issue 2236 for CPython 3.6.15 and 3.7.12 by @fofoni in #2237
   - python-build: add URL for get-pip for Python 3.6 by @fofoni in #2238
   - Add pyston-2.3.2 by @dmrlawson in #2240
   - CPython 3.11.0a5 by @saaketp in #2241
   - CPython 3.11.0a6 by @saaketp in #2266
   - Add miniconda 4.11.0 by @aphedges in #2268
   - docs(pyenv-prefix): note support for multiple versions by @scop in #2270
   - pypy 7.3.8 02/20/2022 release by @dand-oss in #2253


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP4:

      zypper in -t patch openSUSE-2022-10183=1



Package List:

   - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):

      pyenv-2.3.5-bp154.2.3.1

   - openSUSE Backports SLE-15-SP4 (noarch):

      pyenv-bash-completion-2.3.5-bp154.2.3.1
      pyenv-fish-completion-2.3.5-bp154.2.3.1
      pyenv-zsh-completion-2.3.5-bp154.2.3.1


References:

   https://www.suse.com/security/cve/CVE-2022-35861.html
   https://bugzilla.suse.com/1201582

openSUSE: 2022:10183-1 moderate: pyenv

October 31, 2022
An update that fixes one vulnerability is now available

Description

This update for pyenv fixes the following issues: Update to 2.3.5 - Add CPython 3.10.7 by @edgarrmondragon in #2454 - Docs: update Fish PATH update by @gregorias in #2449 - Add CPython 3.7.14, 3.8.14 and 3.9.14 by @edgarrmondragon in #2456 - Update miniconda3-3.9-4.12.0 by @Tsuki in #2460 - Add CPython 3.11.0rc2 by @ViktorHaag in #2459 - Add patches for 3.7.14 to support Apple Silicon by @samdoran in #2463 - Add ability to easily skip all use of Homebrew by @samdoran in #2464 - Drop Travis integration by @sobolevn in #2468 - Build CPython 3.12+ with --with-dsymutil in MacOS by @native-api in #2471 - Add Pyston 2.3.5 by @scop in #2476 Full Changelog: https://github.com/pyenv/pyenv/compare/v2.3.4...v2.3.5 Update to 2.3.4 - Add CPython 3.11.0rc1 by @edgarrmondragon in #2434 - Add support for multiple versions in pyenv uninstall by @hardikpnsp in #2432 - Add micropython 1.18 and 1.19.1 by @dmitriy-serdyuk in #2443 - CI: support Micropython, deleted scripts; build with -v by @native-api in #2447 - Re-allow paths in .python-version while still preventing CVE-2022-35861 by @comrumino in #2442 - CI: Bump OS versions by @native-api in #2448 - Add Cinder 3.8 by @filips123 in #2433 - Add support for multiple versions in pyenv uninstall in #2432 - Add micropython 1.18 and 1.19.1 in #2443 - Add Cinder 3.8 in #2433 Update to 2.3.3 - Use version sort in pyenv versions by @fofoni in #2405 - Add CPython 3.11.0b4 by @majorgreys in #2411 - Python-build: Replace deprecated git protocol use with https in docs by @ssbarnea in #2413 - Fix relative path traversal due to using version string in path by @comrumino in #2412 - Allow pypy2 and pypy3 patching by @brogon in #2421, #2419 - Add CPython 3.11.0b5 by @edgarrmondragon in #2420 - Add GraalPython 22.2.0 by @msimacek in #2425 - Add CPython 3.10.6 by @edgarrmondragon in #2428 - Add CPython 3.11.0b4 by @majorgreys in #2411 - Replace deprecated git protocol use with https by @ssbarnea in docs #2413 - Fix relative path traversal due to using version string in path by @comrumino in #2412 - Fix patterns for pypy2.*/pypy3.* versions by @brogon in #2419 Update to 2.3.2 - Add CPython 3.11.0b2 by @saaketp in #2380 - Honor CFLAGS_EXTRA for MicroPython #2006 by @yggdr in #2007 - Add post-install checks for curses, ctypes, lzma, and tkinter by @aphedges in #2353 - Add CPython 3.11.0b3 by @edgarrmondragon in #2382 - Add flags for Homebrew into python-config --ldflags by @native-api in #2384 - Add CPython 3.10.5 by @illia-v in #2386 - Add Anaconda 2019.10, 2021.04, 2022.05; support Anaconda in add_miniconda.py by @native-api in #2385 - Add Pyston-2.3.4 by @dand-oss in #2390 - Update Anaconda3-2022.05 MacOSX arm64 md5 by @bkbncn in #2391 - Fix boo#1201582 to fix CVE-2022-35861 (from commit 22fa683, file pyenv-CVE-2022-35861.patch) Update to 2.3.0 - Bump openssl 1.1 to 1.1.1n for CPython 3.7 3.8 3.9 by @tuzi3040 in #2276 - Doc Fix: Escape a hash character causing unwanted GitHub Issue linking by @edrogers in #2282 - Add CPython 3.9.12 by @saaketp in #2296 - Add CPython 3.10.4 by @saaketp in #2295 - Add patch for 3.6.15 to support Xcode 13.3 by @nshine in #2288 - Add patch for 3.7.12 to support Xcode 13.3 by @samdoran in #2292 - Add CONTRIBUTING.md by @native-api in #2287 - Add PyPy 7.3.9 release 2022-03-30 by @dand-oss in #2308 - Add Pyston 2.3.3 by @scop in #2316 - Add CPython 3.11.0a7 by @illia-v in #2315 - Add "nogil" Python v3.9.10 by @colesbury in #2342 - Support XCode 13.3 in all releases that officially support MacOS 11 by @native-api in #2344 - Add GraalPython 22.1.0 by @msimacek in #2346 - Make PYENV_DEBUG imply -v for pyenv install by @native-api in #2347 - Simplify init scheme by @native-api in #2310 - Don't use Homebrew outside of MacOS by @native-api in #2349 - Add :latest syntax to documentation for the install command by @hay in #2351 Update to 2.2.5 - fix issue 2236 for CPython 3.6.15 and 3.7.12 by @fofoni in #2237 - python-build: add URL for get-pip for Python 3.6 by @fofoni in #2238 - Add pyston-2.3.2 by @dmrlawson in #2240 - CPython 3.11.0a5 by @saaketp in #2241 - CPython 3.11.0a6 by @saaketp in #2266 - Add miniconda 4.11.0 by @aphedges in #2268 - docs(pyenv-prefix): note support for multiple versions by @scop in #2270 - pypy 7.3.8 02/20/2022 release by @dand-oss in #2253

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10183=1


Package List

- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): pyenv-2.3.5-bp154.2.3.1 - openSUSE Backports SLE-15-SP4 (noarch): pyenv-bash-completion-2.3.5-bp154.2.3.1 pyenv-fish-completion-2.3.5-bp154.2.3.1 pyenv-zsh-completion-2.3.5-bp154.2.3.1


References

https://www.suse.com/security/cve/CVE-2022-35861.html https://bugzilla.suse.com/1201582


Severity
Announcement ID: openSUSE-SU-2022:10183-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP4 .

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved