Security update for python-Pygments SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:1500-1 Final 1 1 2021-05-04T15:21:03Z current 2021-05-04T15:21:03Z 2021-05-04T15:21:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-Pygments This update for python-Pygments fixes the following issues: - CVE-2021-20270: Fixed an infinite loop in SML lexer which may lead to DoS (bsc#1183169) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-1500,SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1500,SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1500,SUSE-SLE-Product-HPC-15-2021-1500,SUSE-SLE-Product-SLES-15-2021-1500,SUSE-SLE-Product-SLES_SAP-15-2021-1500 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20211500-1/ Link for SUSE-SU-2021:1500-1 https://lists.suse.com/pipermail/sle-security-updates/2021-May/008728.html E-Mail link for SUSE-SU-2021:1500-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1183169 SUSE Bug 1183169 https://www.suse.com/security/cve/CVE-2021-20270/ SUSE CVE CVE-2021-20270 page SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Package Hub 15 SP2 SUSE Linux Enterprise Module for Package Hub 15 SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 python2-Pygments-2.2.0-4.6.1 python3-Pygments-2.2.0-4.6.1 python3-Pygments-2.2.0-4.6.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS python3-Pygments-2.2.0-4.6.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS python2-Pygments-2.2.0-4.6.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP2 python2-Pygments-2.2.0-4.6.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP3 python3-Pygments-2.2.0-4.6.1 as a component of SUSE Linux Enterprise Server 15-LTSS python3-Pygments-2.2.0-4.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. CVE-2021-20270 SUSE Linux Enterprise High Performance Computing 15-ESPOS:python3-Pygments-2.2.0-4.6.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:python3-Pygments-2.2.0-4.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP2:python2-Pygments-2.2.0-4.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP3:python2-Pygments-2.2.0-4.6.1 SUSE Linux Enterprise Server 15-LTSS:python3-Pygments-2.2.0-4.6.1 SUSE Linux Enterprise Server for SAP Applications 15:python3-Pygments-2.2.0-4.6.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211500-1/ https://www.suse.com/security/cve/CVE-2021-20270.html CVE-2021-20270 https://bugzilla.suse.com/1183169 SUSE Bug 1183169