RHSA-2016:1629 Red Hat Security Advisory: python33-python security update

Bulletin has no description...

RHSA-2024:4456 Red Hat Security Advisory: python3 security update

Bulletin has no description...

Medium: python3.9

Issue Overview: A defect was discovered in the Python "ssl" module where there is a memory race condition with the ssl.SSLContext methods "certstorestats" and "getcacerts". The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContex...

AZL-42811 CVE-2024-4032 affecting package python3 for versions less than 3.9.19-6

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

python3.12-cffi bug fix and enhancement update

An update is available for python3.12-cffi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

SUSE-SU-2024:1667-1 Security update for python

This update for python fixes the following issues: - CVE-2023-52425: Fixed using the system libexpat bsc1219559. - CVE-2023-27043: Modifed fix for unicode string handling in email.utils.parseaddr bsc1222537. - CVE-2022-48560: Fixed use-after-free in Python via heappushpop in heapq bsc1214675. Bug...

PT-2024-7267 · Python +1 · Python +1

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.13 Description: The issue is related to the tempfile.mkdtemp function in Python, which on Windows, may not always set the correct permissions for the temporary directory, allowing other users to read and write to it...

SUSE-FU-2024:1448-1 Feature update for python-M2Crypto

This update for python-M2Crypto fixes the following issue: - Build for modern python stack - Adds python311-M2Crypto...

Medium: python3.11

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

SUSE-SU-2024:0782-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory bsc1219666. - CVE-2023-27043: Fixed incorrect e-mqil parsing bsc1210638. - CVE-2022-25236: Fixed an expat vulnerability by supporting expat = 2.4.4 bsc1212015...

PT-2024-1782

Name of the Vulnerable Software and Affected Versions: libexpat versions 2.5.0 and earlier Description: The issue is related to an uncontrolled resource consumption in the libexpat library, which is used for XML parsing. This can be exploited by a remote attacker to cause a denial of service. The...

Medium: python3.11

Issue Overview: An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing host...

SUSE-SU-2023:3828-2 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692...

SUSE-SU-2023:3824-1 Security update for python310

This update for python310 fixes the following issues: - Update to 3.10.13. - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692 The following non-security bug was fixed: - stabilizing FLAGREF usage required for reproduceability bsc1213463...

SUSE-SU-2023:3731-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692...

SUSE-SU-2023:3730-1 Security update for python

This update for python fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets bsc1214692...

SUSE-SU-2023:2937-1 Security update for python311

This update for python311 fixes the following issues: python was updated to version 3.11.4: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. - CVE-2007-4559: Fixed python tarfile module directory traversal...

SUSE-SU-2023:2884-1 Security update for python310

This update for python310 fixes the following issues: - Make marshalling of set and frozenset deterministic bsc1211765 python310 was updated to 3.10.12: - urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to...

SUSE-SU-2023:0736-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. The following non-security bugs were fixed: - Fixed a crash in the garbage collection bsc1188607 - Fixed...

SUSE-SU-2023:0616-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names bsc1205244. Bugfixes: - Solve a program error in the Python Garbage Collection. bsc1188607 - Fixed issue where email.generator.py replaces a non-existent header bsc120844...