SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1971-1
Container Tags        : bci/python:3 , bci/python:3-18.13 , bci/python:3.11 , bci/python:3.11-18.13 , bci/python:latest
Container Release     : 18.13
Severity              : important
Type                  : security
References            : 1189495 1211301 1219559 1219666 1221260 1221854 CVE-2023-52425
                        CVE-2023-6597 CVE-2024-0450 
-----------------------------------------------------------------

The container bci/python was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1556-1
Released:    Wed May  8 11:40:36 2024
Summary:     Security update for python311
Type:        security
Severity:    important
References:  1189495,1211301,1219559,1219666,1221260,1221854,CVE-2023-52425,CVE-2023-6597,CVE-2024-0450
This update for python311 fixes the following issues:

- CVE-2024-0450: Fixed 'quoted-overlap' issue inside the zipfile module (bsc#1221854).
- CVE-2023-6597: Fixed removing tempfile.TemporaryDirectory in some edge cases related to symlinks (bsc#1219666).
- CVE-2023-52425: Fixed denial of service (resource consumption) caused by processing large tokens (bsc#1219559).

Bug fixes:

- Eliminate ResourceWarning which broke the test suite in test_asyncio (bsc#1221260).
- Revert use of %autopatch (bsc#1189495).
- Use the system-wide crypto-policies (bsc#1211301).


The following package changes have been done:

- libpython3_11-1_0-3.11.9-150400.9.26.1 updated
- python311-base-3.11.9-150400.9.26.1 updated
- python311-3.11.9-150400.9.26.1 updated
- python311-devel-3.11.9-150400.9.26.1 updated
- container:sles15-image-15.0.0-36.11.31 updated