Important: python3.11

🗓️ 14 Nov 2024 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 2 Views

Medium severity vulnerability in python3.11 allows ReDoS via crafted tar archives. Update required.

Reporter	Title	Published	Views	Family All 498
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression DoS and command injection due to the python package (CVE-2024-6232, CVE-2024-9287)	23 Jul 202516:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	4 Dec 202410:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152	25 Jun 202508:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data	28 Mar 202517:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities	27 Feb 202513:56	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to several issues due to the Python package (CVE-2024-6232, CVE-2024-7592, CVE-2024-7592)	23 Jul 202513:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Concert Software is vulnerable to multiple issues	7 Mar 202516:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152	25 Jun 202507:57	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Python CPython affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	28 Mar 202515:53	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	python3.11	3.11.6-1.amzn2023.0.4	python3.11-3.11.6-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	aarch64	python3.11-devel	3.11.6-1.amzn2023.0.4	python3.11-devel-3.11.6-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	aarch64	python3.11-tkinter	3.11.6-1.amzn2023.0.4	python3.11-tkinter-3.11.6-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	aarch64	python3.11-debug	3.11.6-1.amzn2023.0.4	python3.11-debug-3.11.6-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	aarch64	python3.11-idle	3.11.6-1.amzn2023.0.4	python3.11-idle-3.11.6-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	aarch64	python3.11-debugsource	3.11.6-1.amzn2023.0.4	python3.11-debugsource-3.11.6-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	aarch64	python3.11-debuginfo	3.11.6-1.amzn2023.0.4	python3.11-debuginfo-3.11.6-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	aarch64	python3.11-libs	3.11.6-1.amzn2023.0.4	python3.11-libs-3.11.6-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	aarch64	python3.11-test	3.11.6-1.amzn2023.0.4	python3.11-test-3.11.6-1.amzn2023.0.4.aarch64.rpm
Amazon Linux	2	x86_64	python3.11-devel	3.11.6-1.amzn2023.0.4	python3.11-devel-3.11.6-1.amzn2023.0.4.x86_64.rpm

14 Nov 2024 00:00Current

9.7High risk

Vulners AI Score9.7

CVSS 3.17.5

EPSS0.03014

SSVC

vulnerability python3.11 redos tarfile cve-2024-6232 update new packages amazon linux