Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

SUSE SLES12 Security Update : python3 (SUSE-SU-2024:3384-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3384-1 advisory. - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. bsc1230227 - CVE-2024-7592: quadratic algorith...

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

openSUSE Security Advisory (SUSE-SU-2024:3357-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : python3.9 (RHSA-2024:6909)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6909 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

SUSE: Security Advisory (SUSE-SU-2024:3357-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : python310 (SUSE-SU-2024:3357-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3357-1 advisory. - Update to version 3.10.15 - CVE-2024-8088: Fixed denial of service in zipfile. bsc1229704 - CVE-2024-7592: Fixed...

SUSE-SU-2024:3357-1 Security update for python310

This update for python310 fixes the following issues: - Update to version 3.10.15 - CVE-2024-8088: Fixed denial of service in zipfile. bsc1229704 - CVE-2024-7592: Fixed uncontrolled CPU resource consumption when in http.cookies module. bsc1229596 - CVE-2024-6232: Fixed ReDos via excessive...

openSUSE Security Advisory (SUSE-SU-2024:3303-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2024:3303-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3303-1 advisory. - Update to 3.12.6 - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in...

CVE-2024-45813

A regular expression denial of service ReDoS flaw was found in find-my-way. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, such as /:a-:b-. This issue may cause a denial of service in some instances. Mitigation Mitigation...

CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way

find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...

CVE-2024-45813 ReDoS vulnerability in multiparametric routes in find-my-way

find-my-way is a fast, open source HTTP router, internally using a Radix Tree aka compact Prefix Tree, supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a - at the end, like...

GHSA-RRR8-F88R-H8Q6 find-my-way has a ReDoS vulnerability in multiparametric routes

Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-. Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. Workarounds No known workarounds. References - CVE-2024-45296 - Detailed blog po...

find-my-way has a ReDoS vulnerability in multiparametric routes

Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-. Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. Workarounds No known workarounds. References - CVE-2024-45296 - Detailed blog po...

SUSE-SU-2024:3303-1 Security update for python312

This update for python312 fixes the following issues: - Update to 3.12.6 - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module. bsc1228780. - CVE-2024-7592: Fixed Email header injection due to unquoted newlines. bsc1229596 - CVE-2024-6232: Fixed ReDos via...

CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

BIT-PYTHON-2024-6232 Regular-expression DoS when parsing TarFile headers

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

SUSE SLES15 : Recommended update for google-cloud SDK (SUSE-SU-SUSE-RU-2024:1637-3)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:1637-3 advisory. - Add python311 cloud services packages and dependencies jscPED-7987, jscPED-6697 - Bellow 5 binaries Obsolete the python3.6...

K000141046: Python PyPA vulnerability CVE-2022-40897

Security Advisory Description Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py. CVE-2022-40897 Impact...