python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2024:3470-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3470-1 advisory. - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module...

SUSE-SU-2024:3470-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module bsc1228780. - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API bsc1227233. - CVE-2024-7592: Fixed Email...

MGASA-2024-0317 Updated python3 packages fix security vulnerabilities

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

SUSE: Security Advisory (SUSE-SU-2024:3447-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7040-1 configobj vulnerability

It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a regular expression denial of service...

openSUSE Security Advisory (SUSE-SU-2024:3427-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2024-1727289133 python3: Fix of 2 CVEs

CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing "-quoted cookie values with backslashes...

SUSE: Security Advisory (SUSE-SU-2024:3411-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:3430-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:3418-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:3418-1 Security update for python311

This update for python311 fixes the following issues: - Update python311 to version 3.11.10. - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. bsc1230227 - CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption...

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

USN-7015-2 python2.7, python3.5 vulnerabilities

USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for python3.5 for Ubuntu 16.04 LTS. Original advisory details: It was discovered tha...

USN-7015-2: Python vulnerabilities

USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and a second for python3.5 for Ubuntu 16.04 LTS. Original advisory details: It was discovered tha...

path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

GHSA-9WV6-86V2-598J path-to-regexp outputs backtracking regular expressions

Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...

Path-to-RegExp 安全漏洞

Path-to-RegExp is an open source tool from pillarjs. It is used to convert path strings to regular expressions. A security vulnerability exists in Path-to-RegExp, which stems from the fact that backtracking a regular expression could lead to a denial of service...

SUSE CVE-2024-6232

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...