[SECURITY] [DSA 5269-1] pypy3 security update

2022-11-0218:54:47

lists.debian.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.3%

JSON

Debian Security Advisory DSA-5269-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
November 02, 2022 https://www.debian.org/security/faq

Package : pypy3
CVE ID : CVE-2022-37454

Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, a
fast, compliant alternative implementation of the Python language.

For the stable distribution (bullseye), this problem has been fixed in
version 7.3.5+dfsg-2+deb11u2.

We recommend that you upgrade your pypy3 packages.

For the detailed security status of pypy3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pypy3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10amd64libpython3.7-dev< 3.7.3-2+deb10u4libpython3.7-dev_3.7.3-2+deb10u4_amd64.deb
Debian11ppc64elphp7.4-interbase< 7.4.33-1+deb11u1php7.4-interbase_7.4.33-1+deb11u1_ppc64el.deb
Debian11arm64php7.4-gd-dbgsym< 7.4.33-1+deb11u1php7.4-gd-dbgsym_7.4.33-1+deb11u1_arm64.deb
Debian11mipselphp7.4-imap< 7.4.33-1+deb11u1php7.4-imap_7.4.33-1+deb11u1_mipsel.deb
Debian11amd64php7.4-tidy< 7.4.33-1+deb11u1php7.4-tidy_7.4.33-1+deb11u1_amd64.deb
Debian10amd64php7.3-json< 7.3.31-1~deb10u2php7.3-json_7.3.31-1~deb10u2_amd64.deb
Debian11armhfphp7.4-pspell< 7.4.33-1+deb11u1php7.4-pspell_7.4.33-1+deb11u1_armhf.deb
Debian11i386php7.4-sqlite3< 7.4.33-1+deb11u1php7.4-sqlite3_7.4.33-1+deb11u1_i386.deb
Debian10armhfphp7.3-mysql< 7.3.31-1~deb10u2php7.3-mysql_7.3.31-1~deb10u2_armhf.deb
Debian10i386python3.7-dev< 3.7.3-2+deb10u4python3.7-dev_3.7.3-2+deb10u4_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	amd64	libpython3.7-dev	< 3.7.3-2+deb10u4	libpython3.7-dev_3.7.3-2+deb10u4_amd64.deb
Debian	11	ppc64el	php7.4-interbase	< 7.4.33-1+deb11u1	php7.4-interbase_7.4.33-1+deb11u1_ppc64el.deb
Debian	11	arm64	php7.4-gd-dbgsym	< 7.4.33-1+deb11u1	php7.4-gd-dbgsym_7.4.33-1+deb11u1_arm64.deb
Debian	11	mipsel	php7.4-imap	< 7.4.33-1+deb11u1	php7.4-imap_7.4.33-1+deb11u1_mipsel.deb
Debian	11	amd64	php7.4-tidy	< 7.4.33-1+deb11u1	php7.4-tidy_7.4.33-1+deb11u1_amd64.deb
Debian	10	amd64	php7.3-json	< 7.3.31-1~deb10u2	php7.3-json_7.3.31-1~deb10u2_amd64.deb
Debian	11	armhf	php7.4-pspell	< 7.4.33-1+deb11u1	php7.4-pspell_7.4.33-1+deb11u1_armhf.deb
Debian	11	i386	php7.4-sqlite3	< 7.4.33-1+deb11u1	php7.4-sqlite3_7.4.33-1+deb11u1_i386.deb
Debian	10	armhf	php7.3-mysql	< 7.3.31-1~deb10u2	php7.3-mysql_7.3.31-1~deb10u2_armhf.deb
Debian	10	i386	python3.7-dev	< 3.7.3-2+deb10u4	python3.7-dev_3.7.3-2+deb10u4_i386.deb