Security update for python3

This update for python3 fixes the following issues: Security fixes: CVE-2024-9287: properly quote path names provided when creating a virtual environment bsc1232241 Other fixes: Drop .pyc files from docdir for reproducible builds bsc1230906 Patch Instructions: To install this SUSE update use the...

Exploit for CVE-2024-39205

CVE-2024-39205-Pyload-RCE Pyload RCE with js2py sandbox escape...

CLSA-2024-1727374287 python3.9: Fix of CVE-2024-4032

CVE-2024-4032: fix missing and incorrect ip address ranges in privatenetwork variables...

SUSE-RU-2024:1829-2 Recommended update for python-aliyun-python-sdk, python-aliyun-python-sdk-aas, python-aliyun-python-sdk-acm, python-aliyun-python-sdk-acms-open, python-aliyun-python-sdk-actiontrail, python-aliyun-python-sdk-adb, python-aliyun-python-sdk-adcp, python-aliyun-python-sdk-address-purification, python-aliyun-python-sdk-aegis, python-aliyun-python-sdk-afs, python-aliyun-python-sdk-aigen, python-aliyun-python-sdk-aimiaobi, python-aliyun-python-sdk-airec, python-aliyun-python-sdk-airticketopen, python-aliyun-python-sdk-alb, python-aliyun-python-sdk-alidns, python-aliyun-python-sdk-aligreen-console, python-aliyun-python-sdk-alikafka, python-aliyun-python-sdk-alimt, python-aliyun-python-sdk-alinlp, python-aliyun-python-sdk-aliyuncvc, python-aliyun-python-sdk-amptest, python-aliyun-python-sdk-amqp-open, python-aliyun-python-sdk-antiddos-public, python-aliyun-python-sdk-apds

This update for python-aliyun-python-sdk, python-aliyun-python-sdk-aas, python-aliyun-python-sdk-acm, python-aliyun-python-sdk-acms-open, python-aliyun-python-sdk-actiontrail, python-aliyun-python-sdk-adb, python-aliyun-python-sdk-adcp, python-aliyun-python-sdk-address-purification,...

CLSA-2024-1726058773 python3: Fix of CVE-2024-6923

CVE-2024-6923: encode newlines in headers, verify headers are well-formed...

OESA-2024-2052 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1...

PT-2024-36813

Name of the Vulnerable Software and Affected Versions CPython versions 3.9 and earlier Description The issue arises from configuring an empty list for SSLContext.set npn protocols, which is an invalid value for the underlying OpenSSL API, resulting in a buffer over-read when NPN is used. This is...

Magento-RCE

Magento RCE Exploit This repository contains an improved and...

Medium: python3.9

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

PT-2024-23583 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Dashing Diademata versions ROS VERSION is 2 and ROS PYTHON VERSION is 3 Description: An issue in ROS2 allows remote attackers to execute arbitrary code and escalate privileges. Recommendations: For ROS2 Dashing Diademata versions ROS...

PT-2024-23572 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: A issue was discovered that allows remote attackers to cause a denial of service DoS in the ROS2 nodes. Recommendations: For ROS2 Galactic Geochelone versio...

PT-2024-23566 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: An insecure logging vulnerability has been identified, allowing attackers to access sensitive information via inadequate security measures within the logging...

PT-2024-23547 · Ros · Ros

Name of the Vulnerable Software and Affected Versions: ROS Robot Operating System Melodic Morenia versions ROS VERSION 1 and ROS PYTHON VERSION 3 Description: The issue allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information. It is described as a Shell...

CLSA-2024-1711648611 python3.9: Fix of CVE-2023-27043

CVE-2023-27043: reject malformed addresses in email.parseaddr...

PT-2024-22900 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Humble Hawksbill versions where ROS VERSION is 2 and ROS PYTHON VERSION is 3 Description: An unauthorized access issue has been discovered, potentially allowing a malicious user to gain unauthorized access to multiple ROS2 nodes remotely...

CLSA-2024-1710437461 python3: Fix of CVE-2022-48564

CVE-2022-48564: Improve validation of Plist files that prevent DoS...

SUSE-SU-2024:0850-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory bsc1219666...

USN-6513-2 python3.8, python3.10, python3.11 vulnerability

USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into...

python: file path truncation at \0 characters

Python 3.11 os.path.normpath function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may result in bypass of allow lists if implemented before the verification of the path...

CLSA-2023-1697741309 python3: Fix of CVE-2022-48560

CVE-2022-48560: fix posible crash in heapq with custom comparison operators...