Several vulnerabilities allow, among other things, a cross-site scripting attack

Dear Linux Magazine Team,

please note the information on the available security updates
in the following security message.

History:

Version 1 (04.04.22):
New Advisory

An attacker can remotely exploit multiple vulnerabilities to
manipulating files, spying on information and conducting a cross-site
Scripting (XSS) attack.

There are different privileges for exploiting the vulnerabilities
necessary. A vulnerability requires user interaction.

For the distributions openSUSE Leap 15.3 and 15.4 as well as for SUSE Linux
Enterprise Desktop 15 SP3, SUSE Linux Enterprise High Performance Computing
15 SP3, SUSE Linux Enterprise Module Python3 15 SP4, SUSE Linux Enterprise
Module for Basesystem 15 SP3, SUSE Linux Enterprise Module for Desktop
Applications 15 SP3, SUSE Linux Enterprise Module for Python2 15 SP3, SUSE
Linux Enterprise Realtime Extension 15 SP2, SUSE Linux Enterprise Server 15
SP3, SUSE Linux Enterprise Server for SAP Applications 15 SP3, SUSE Manager
Proxy 4.2 and SUSE Manager Server 4.2 are available security updates for ‘python’
ready to the vulnerabilities and one more, not
fix security related errors.

References:

You can also find this advisory in the DFN-CERT vulnerability archive at:
[https://adv-archiv.dfn-cert.de/adv/2022-0742]

Kind regards,
Your DFN-CERT Incident Response Team


(c) DFN-CERT Services GmbH, all rights reserved!
If the information is passed on, the origin in
indicated in an appropriate manner.
Otherwise, the provisions on copyright for DFN-CERT apply
Website. https://www.dfn-cert.de/impressum.html