Security update for python-notebook SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0024-1 Final 1 1 2021-01-07T15:25:16Z current 2021-01-07T15:25:16Z 2021-01-07T15:25:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-notebook This update for python-notebook fixes the following issue: - CVE-2020-26215: Fixed an open redirect vulnerability (boo#1180458). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-24 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T2R7EJ2EM5E7MLFSQTMZGFVV45CYMONR/ E-Mail link for openSUSE-SU-2021:0024-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1180458 SUSE Bug 1180458 https://www.suse.com/security/cve/CVE-2020-26215/ SUSE CVE CVE-2020-26215 page openSUSE Leap 15.2 jupyter-notebook-5.7.8-lp152.2.3.1 jupyter-notebook-doc-5.7.8-lp152.2.3.1 jupyter-notebook-lang-5.7.8-lp152.2.3.1 jupyter-notebook-latex-5.7.8-lp152.2.3.1 python2-notebook-5.7.8-lp152.2.3.1 python2-notebook-lang-5.7.8-lp152.2.3.1 python3-notebook-5.7.8-lp152.2.3.1 python3-notebook-lang-5.7.8-lp152.2.3.1 jupyter-notebook-5.7.8-lp152.2.3.1 as a component of openSUSE Leap 15.2 jupyter-notebook-doc-5.7.8-lp152.2.3.1 as a component of openSUSE Leap 15.2 jupyter-notebook-lang-5.7.8-lp152.2.3.1 as a component of openSUSE Leap 15.2 jupyter-notebook-latex-5.7.8-lp152.2.3.1 as a component of openSUSE Leap 15.2 python2-notebook-5.7.8-lp152.2.3.1 as a component of openSUSE Leap 15.2 python2-notebook-lang-5.7.8-lp152.2.3.1 as a component of openSUSE Leap 15.2 python3-notebook-5.7.8-lp152.2.3.1 as a component of openSUSE Leap 15.2 python3-notebook-lang-5.7.8-lp152.2.3.1 as a component of openSUSE Leap 15.2 Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. CVE-2020-26215 openSUSE Leap 15.2:jupyter-notebook-5.7.8-lp152.2.3.1 openSUSE Leap 15.2:jupyter-notebook-doc-5.7.8-lp152.2.3.1 openSUSE Leap 15.2:jupyter-notebook-lang-5.7.8-lp152.2.3.1 openSUSE Leap 15.2:jupyter-notebook-latex-5.7.8-lp152.2.3.1 openSUSE Leap 15.2:python2-notebook-5.7.8-lp152.2.3.1 openSUSE Leap 15.2:python2-notebook-lang-5.7.8-lp152.2.3.1 openSUSE Leap 15.2:python3-notebook-5.7.8-lp152.2.3.1 openSUSE Leap 15.2:python3-notebook-lang-5.7.8-lp152.2.3.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T2R7EJ2EM5E7MLFSQTMZGFVV45CYMONR/ https://www.suse.com/security/cve/CVE-2020-26215.html CVE-2020-26215 https://bugzilla.suse.com/1180458 SUSE Bug 1180458