CLSA-2024-1734543773 python3: Fix of CVE-2024-9287

CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...

Fedora: Security Advisory (FEDORA-2024-1a493abc67)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:14581-1 python312-3.12.8-1.1 on GA media

These are all security issues fixed in the python312-3.12.8-1.1 package on the GA media of openSUSE Tumbleweed...

Medium: python3.11

Issue Overview: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which...

Security update for python312

This update for python312 fixes the following issues: CVE-2024-12254: Fixed unbounded memory buffering in SelectorSocketTransport.writelines bsc1234290 Other fixes: - Updated to version 3.12.8 - Remove -IVendor/ from python-config bsc1231795 Patch Instructions: To install this SUSE update use the...

OESA-2024-2513 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

OESA-2024-2512 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

OESA-2024-2510 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Security update for python36

This update for python36 fixes the following issues: CVE-2024-11168: improper validation of IPv6 and IPvFuture addresses. bsc1233307 Bug fixes: Remove -IVendor/ from python-config. bsc1231795 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for python39

This update for python39 fixes the following issues: CVE-2024-11168: Improper validation of IPv6 and IPvFuture addresses bsc1233307. Bug fixes: Remove -IVendor/ from python-config bsc1231795. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

USN-7116-1 python3.10, python3.12, python3.8 vulnerability

It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated...

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

Important: python3.11

Issue Overview: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Affected Packages: python3.11 Issue Correction: Ru...

Security update for python311

This update for python311 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for python3

This update for python3 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...

Security update for python36

This update for python36 fixes the following issues: Security fixes: CVE-2024-9287: properly quote path names provided when creating a virtual environment bsc1232241 Other fixes: Drop .pyc files from docdir for reproducible builds bsc1230906 Patch Instructions: To install this SUSE update use the...

Security update for python310

This update for python310 fixes the following issues: CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment bsc1232241. Bug fixes: Drop .pyc files from docdir for reproducible builds bsc1230906. Patch Instructions: To install this SUSE update use the SUSE recommended...