SUSE 5185 Published by

A pyenv security update has been released for SUSE Linux Enterprise 15 SP4.



openSUSE-SU-2022:10183-1: moderate: Security update for pyenv


openSUSE Security Update: Security update for pyenv
______________________________________________________________________________

Announcement ID: openSUSE-SU-2022:10183-1
Rating: moderate
References: #1201582
Cross-References: CVE-2022-35861
CVSS scores:
CVE-2022-35861 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for pyenv fixes the following issues:

Update to 2.3.5

- Add CPython 3.10.7 by @edgarrmondragon in #2454
- Docs: update Fish PATH update by @gregorias in #2449
- Add CPython 3.7.14, 3.8.14 and 3.9.14 by @edgarrmondragon in #2456
- Update miniconda3-3.9-4.12.0 by @Tsuki in #2460
- Add CPython 3.11.0rc2 by @ViktorHaag in #2459
- Add patches for 3.7.14 to support Apple Silicon by @samdoran in #2463
- Add ability to easily skip all use of Homebrew by @samdoran in #2464
- Drop Travis integration by @sobolevn in #2468
- Build CPython 3.12+ with --with-dsymutil in MacOS by @native-api in #2471
- Add Pyston 2.3.5 by @scop in #2476 Full Changelog:
  https://github.com/pyenv/pyenv/compare/v2.3.4...v2.3.5

Update to 2.3.4

- Add CPython 3.11.0rc1 by @edgarrmondragon in #2434
- Add support for multiple versions in pyenv uninstall by @hardikpnsp in
#2432
- Add micropython 1.18 and 1.19.1 by @dmitriy-serdyuk in #2443
- CI: support Micropython, deleted scripts; build with -v by @native-api
in #2447
- Re-allow paths in .python-version while still preventing CVE-2022-35861
by @comrumino in #2442
- CI: Bump OS versions by @native-api in #2448
- Add Cinder 3.8 by @filips123 in #2433
- Add support for multiple versions in pyenv uninstall in #2432
- Add micropython 1.18 and 1.19.1 in #2443
- Add Cinder 3.8 in #2433

Update to 2.3.3

- Use version sort in pyenv versions by @fofoni in #2405
- Add CPython 3.11.0b4 by @majorgreys in #2411
- Python-build: Replace deprecated git protocol use with https in docs by
@ssbarnea in #2413
- Fix relative path traversal due to using version string in path by
@comrumino in #2412
- Allow pypy2 and pypy3 patching by @brogon in #2421, #2419
- Add CPython 3.11.0b5 by @edgarrmondragon in #2420
- Add GraalPython 22.2.0 by @msimacek in #2425
- Add CPython 3.10.6 by @edgarrmondragon in #2428
- Add CPython 3.11.0b4 by @majorgreys in #2411
- Replace deprecated git protocol use with https by @ssbarnea in docs #2413
- Fix relative path traversal due to using version string in path by
@comrumino in #2412
- Fix patterns for pypy2.*/pypy3.* versions by @brogon in #2419

Update to 2.3.2

- Add CPython 3.11.0b2 by @saaketp in #2380
- Honor CFLAGS_EXTRA for MicroPython #2006 by @yggdr in #2007
- Add post-install checks for curses, ctypes, lzma, and tkinter by
@aphedges in #2353
- Add CPython 3.11.0b3 by @edgarrmondragon in #2382
- Add flags for Homebrew into python-config --ldflags by @native-api in
#2384
- Add CPython 3.10.5 by @illia-v in #2386
- Add Anaconda 2019.10, 2021.04, 2022.05; support Anaconda in
add_miniconda.py by @native-api in #2385
- Add Pyston-2.3.4 by @dand-oss in #2390
- Update Anaconda3-2022.05 MacOSX arm64 md5 by @bkbncn in #2391
- Fix boo#1201582 to fix CVE-2022-35861 (from commit 22fa683, file
pyenv-CVE-2022-35861.patch)

Update to 2.3.0

- Bump openssl 1.1 to 1.1.1n for CPython 3.7 3.8 3.9 by @tuzi3040 in #2276
- Doc Fix: Escape a hash character causing unwanted GitHub Issue linking
by @edrogers in #2282
- Add CPython 3.9.12 by @saaketp in #2296
- Add CPython 3.10.4 by @saaketp in #2295
- Add patch for 3.6.15 to support Xcode 13.3 by @nshine in #2288
- Add patch for 3.7.12 to support Xcode 13.3 by @samdoran in #2292
- Add CONTRIBUTING.md by @native-api in #2287
- Add PyPy 7.3.9 release 2022-03-30 by @dand-oss in #2308
- Add Pyston 2.3.3 by @scop in #2316
- Add CPython 3.11.0a7 by @illia-v in #2315
- Add "nogil" Python v3.9.10 by @colesbury in #2342
- Support XCode 13.3 in all releases that officially support MacOS 11 by
@native-api in #2344
- Add GraalPython 22.1.0 by @msimacek in #2346
- Make PYENV_DEBUG imply -v for pyenv install by @native-api in #2347
- Simplify init scheme by @native-api in #2310
- Don't use Homebrew outside of MacOS by @native-api in #2349
- Add :latest syntax to documentation for the install command by @hay in
#2351

Update to 2.2.5

- fix issue 2236 for CPython 3.6.15 and 3.7.12 by @fofoni in #2237
- python-build: add URL for get-pip for Python 3.6 by @fofoni in #2238
- Add pyston-2.3.2 by @dmrlawson in #2240
- CPython 3.11.0a5 by @saaketp in #2241
- CPython 3.11.0a6 by @saaketp in #2266
- Add miniconda 4.11.0 by @aphedges in #2268
- docs(pyenv-prefix): note support for multiple versions by @scop in #2270
- pypy 7.3.8 02/20/2022 release by @dand-oss in #2253

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2022-10183=1


Package List:

- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):

pyenv-2.3.5-bp154.2.3.1

- openSUSE Backports SLE-15-SP4 (noarch):

pyenv-bash-completion-2.3.5-bp154.2.3.1
pyenv-fish-completion-2.3.5-bp154.2.3.1
pyenv-zsh-completion-2.3.5-bp154.2.3.1

References:

  https://www.suse.com/security/cve/CVE-2022-35861.html
  https://bugzilla.suse.com/1201582