Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-2018-2898


Recommended update for aws-cli, python-boto3, python-botocore, python-s3transfer


Type: recommended
Severity: moderate
Issued: 2018-12-11
Description:
This update for aws-cli, python-boto3, python-botocore, python-s3transfer fixes the following issues:

aws-cli:


- Update to version 1.16.61. (bsc#1088310)
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.16.1/CHANGELOG.rst
- Update to version 1.16.1 (bsc#1105988, bsc#1092493)
  + CVE-2018-15869: An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, might have unintentionally loaded an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.
- Disable vendored versions of requests and six from botocore and use requests and six
  from the RPM packages.

python-botocore:

- Update to version 1.10.40
  + For detailed changes, please refer to the changelog.
  + Remove the broken attempt to avoid using the bundeled
    requests module provided by the source (bsc#1088310)

python-boto3:

- Version update to 1.9.57 (bsc#1118021, bsc#1118027)
  + For detailed changes, please refer to the changelog.

python-s3transfer:

- Update to version 0.1.13
- Make sure to really not use any bundles.
- enhancement:max_bandwidth: Add ability to set maximum bandwidth consumption for streaming of S3 uploads and downloads.


              

Packages


  • python-boto3-1.9.57-3.5.1
  • python-botocore-1.12.57-3.5.1
  • python-s3transfer-0.1.13-3.3.6