SUSE-RU-2018:4074-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2018/suse-ru-20184074-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2018:4074-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-RU-2018:4074-1
Related
Published
2018-12-11T20:46:06Z
Modified
2025-05-08T17:04:17.589140Z
Upstream
Summary
Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer
Details

This update for aws-cli, python-boto3, python-botocore, python-s3transfer fixes the following issues:

aws-cli:

  • Update to version 1.16.61. (bsc#1088310)
    • For detailed changes see https://github.com/aws/aws-cli/blob/1.16.1/CHANGELOG.rst
  • Update to version 1.16.1 (bsc#1105988, bsc#1092493)
    • CVE-2018-15869: An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, might have unintentionally loaded an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.
  • Disable vendored versions of requests and six from botocore and use requests and six from the RPM packages.

python-botocore:

  • Update to version 1.10.40
    • For detailed changes, please refer to the changelog.
    • Remove the broken attempt to avoid using the bundeled requests module provided by the source (bsc#1088310)

python-boto3:

  • Version update to 1.9.57 (bsc#1118021, bsc#1118027)
    • For detailed changes, please refer to the changelog.

python-s3transfer:

  • Update to version 0.1.13
  • Make sure to really not use any bundles.
  • enhancement:max_bandwidth: Add ability to set maximum bandwidth consumption for streaming of S3 uploads and downloads.
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 / python-boto3

Package

Name
python-boto3
Purl
pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.57-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "python3-s3transfer": "0.1.13-3.3.6",
            "python3-botocore": "1.12.57-3.5.1",
            "python3-boto3": "1.9.57-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 / python-botocore

Package

Name
python-botocore
Purl
pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.57-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "python3-s3transfer": "0.1.13-3.3.6",
            "python3-botocore": "1.12.57-3.5.1",
            "python3-boto3": "1.9.57-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 / python-s3transfer

Package

Name
python-s3transfer
Purl
pkg:rpm/suse/python-s3transfer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.13-3.3.6

Ecosystem specific 

{
    "binaries": [
        {
            "python3-s3transfer": "0.1.13-3.3.6",
            "python3-botocore": "1.12.57-3.5.1",
            "python3-boto3": "1.9.57-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 / python-boto3

Package

Name
python-boto3
Purl
pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.57-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "python2-boto3": "1.9.57-3.5.1",
            "python2-s3transfer": "0.1.13-3.3.6",
            "python2-botocore": "1.12.57-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 / python-botocore

Package

Name
python-botocore
Purl
pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.57-3.5.1

Ecosystem specific 

{
    "binaries": [
        {
            "python2-boto3": "1.9.57-3.5.1",
            "python2-s3transfer": "0.1.13-3.3.6",
            "python2-botocore": "1.12.57-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 / python-s3transfer

Package

Name
python-s3transfer
Purl
pkg:rpm/suse/python-s3transfer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.13-3.3.6

Ecosystem specific 

{
    "binaries": [
        {
            "python2-boto3": "1.9.57-3.5.1",
            "python2-s3transfer": "0.1.13-3.3.6",
            "python2-botocore": "1.12.57-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 / aws-cli

Package

Name
aws-cli
Purl
pkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.16.61-4.7.1

Ecosystem specific 

{
    "binaries": [
        {
            "aws-cli": "1.16.61-4.7.1"
        }
    ]
}