USN-7348-1 python3.5, python3.8 vulnerabilities

It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu...

CLSA-2025-1741126677 python3.11: Fix of 3 CVEs

CVE-2024-4032: update 'ipaddress' module to correct isprivate and isglobal properties based on latest IANA information - CVE-2024-6923: properly quote newlines for email headers to prevent header injection - CVE-2024-8088: fix issue causing infinite loop when iterating over names of entries in a...

Amazon Linux 2 : python-ipaddress (ALAS-2025-2761)

The version of python-ipaddress installed on the remote host is prior to 1.0.16-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2761 advisory. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as...

Low: python-ipaddress

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

Low: python-ipaddress

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

Low: python3

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

Low: python3

Issue Overview: The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address...

Medium: python3.11

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-829)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-829 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot...

BIT-PYTHON-MIN-2024-4032 Incorrect IPv4 and IPv6 private ranges

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

UBUNTU-CVE-2024-56374

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.1.6)

The version of AOS installed on the remote host is prior to 6.8.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.1.6 advisory. - An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for mgroupSiz...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.0.5)

The version of AOS installed on the remote host is prior to 6.10.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.0.5 advisory. - An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2024-790)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-790 advisory. Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2024-2971)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A defect was discovered in the Python ssl module where there is a memory race condition with the ssl.SSLContext methods certstorestats and...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2024-2985)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A defect was discovered in the Python ssl module where there is a memory race condition with the ssl.SSLContext methods certstorestats and...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2024:4151-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4151-1 advisory. - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Add ipaddress module from...

Important: python3.9

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

SUSE-SU-2024:4165-1 Security update for python

This update for python fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Add ipaddress module from https://github.com/phihag/ipaddress - Remove -IVendor/ from python-config bsc1231795 - Stop using %%defattr, it seems ...

Security update for python

This update for python fixes the following issues: CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses bsc1233307 Other fixes: - Add ipaddress module from https://github.com/phihag/ipaddress - Remove -IVendor/ from python-config bsc1231795 - Stop using %%defattr, it seems...