Lucene search
GoogleOSV:SUSE-SU-2024:3470-1HistorySep 27, 2024 - 12:35 p.m.
Security update for python3
2024-09-2712:35:59
Google
osv.dev
2
python3
security
cve-2024-6923
cve-2024-5642
cve-2024-7592
cve-2024-6232
bug fixes
http.cookies module
openssl api
email header injection
tarfile headers
resource consumption
buffer overread
backtracking
dos
script attributes.
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.4
Confidence
Low
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
References
bugzilla.suse.com/1227233
bugzilla.suse.com/1227378
bugzilla.suse.com/1227999
bugzilla.suse.com/1228780
bugzilla.suse.com/1229596
bugzilla.suse.com/1230227
www.suse.com/security/cve/CVE-2024-5642
www.suse.com/security/cve/CVE-2024-6232
www.suse.com/security/cve/CVE-2024-6923
www.suse.com/security/cve/CVE-2024-7592
www.suse.com/support/update/announcement/2024/suse-su-20243470-1/
Related
nessus
nessus
openSUSE 15 Security Update : python3 (SUSE-SU-2024:3470-1)
2024-09-28 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2024:3303-1)
2024-09-19 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : python39 (SUSE-SU-2024:3076-1)
2024-09-03 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:3076-1)
2024-09-03 00:00:00
Ubuntu: Security Advisory (USN-7015-2)
2024-09-20 00:00:00
openSUSE: Security Advisory for python39 (SUSE-SU-2024:3076-1)
2024-09-04 00:00:00
osv
osv
Security update for python39
2024-09-02 14:41:42
python2.7, python3.5 vulnerabilities
2024-09-19 17:36:42
python39-3.9.19-6.1 on GA media
2024-08-09 00:00:00
redhat
redhat
(RHSA-2024:6909) Important: python3.9 security update
2024-09-23 01:15:34
(RHSA-2024:6975) Moderate: python3 security update
2024-09-24 00:03:49
(RHSA-2024:6146) Moderate: python3.12 security update
2024-09-03 01:09:16
fedora
fedora
[SECURITY] Fedora 40 Update: python3.10-3.10.15-1.fc40
2024-09-12 01:28:49
[SECURITY] Fedora 39 Update: python3.10-3.10.15-1.fc39
2024-09-19 01:59:12
[SECURITY] Fedora 41 Update: python3.11-3.11.10-1.fc41
2024-09-20 00:16:28
oraclelinux
oraclelinux
python3 security update
2024-09-24 00:00:00
python3.9 security update
2024-09-03 00:00:00
python3.12 security update
2024-09-03 00:00:00
almalinux
almalinux
Moderate: python3 security update
2024-09-24 00:00:00
Moderate: python3.11 security update
2024-09-03 00:00:00
Moderate: python3.12 security update
2024-09-03 00:00:00
mageia
mageia
Updated python3 packages fix security vulnerabilities
2024-09-27 04:30:52
redhatcve
redhatcve
cvelist
cvelist
CVE-2024-7592 Quadratic complexity parsing cookies with backslashes
2024-08-19 19:06:45
CVE-2024-6923 Email header injection due to unquoted newlines
2024-08-01 13:40:11
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers
2024-09-03 12:29:00
debiancve
debiancve
nvd
nvd
cbl_mariner
cbl_mariner
CVE-2024-7592 affecting package python3 for versions less than 3.12.3-2
2024-08-25 15:13:42
CVE-2024-7592 affecting package python3 for versions less than 3.9.19-4
2024-08-26 16:33:47
CVE-2024-6232 affecting package python3 for versions less than 3.9.19-5
2024-09-26 19:15:25
wolfi
wolfi
CVE-2024-7592 vulnerabilities
2024-09-30 09:32:54
CVE-2024-6232 vulnerabilities
2024-09-30 09:32:54
CVE-2024-6923 vulnerabilities
2024-09-30 09:32:54
vulnrichment
vulnrichment
CVE-2024-7592 Quadratic complexity parsing cookies with backslashes
2024-08-19 19:06:45
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers
2024-09-03 12:29:00
CVE-2024-6923 Email header injection due to unquoted newlines
2024-08-01 13:40:11
alpinelinux
alpinelinux
cve
cve
ubuntucve
ubuntucve
CVE-2024-6923
2024-08-01 00:00:00
redos
redos
ROS-20240905-02
2024-09-05 00:00:00
rocky
rocky
python3.12 security update
2024-09-17 00:55:55
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.4
Confidence
Low
Related for OSV:SUSE-SU-2024:3470-1