RHEL 9 : python3.9 (RHSA-2024:4078)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4078 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)

Summary Vulnerability in Python could allow a remote attacker to cause a denial of service CVE-2024-0450. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2024-0450 DESCRIPTION: Python CPython is vulnerable to a denial of service, caused by...

python: The zipfile module is vulnerable to zip-bombs leading to denial of service

A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed...

RHEL 8 : python3.11 (RHSA-2024:4058)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4058 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

AlmaLinux 8 : python3.11 (ALSA-2024:4058)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4058 advisory. python: Path traversal on tempfile.TemporaryDirectory CVE-2023-6597 python: The zipfile module is vulnerable to zip-bombs leading to denial of service...

RLSA-2024:3347 Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python: The zipfile module is vulnerable to zip-bombs leading to denial of service

A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed...

python: The zipfile module is vulnerable to zip-bombs leading to denial of service

A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed...

python: The zipfile module is vulnerable to zip-bombs leading to denial of service

A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python311 (SUSE-SU-2024:1556-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1556-1 advisory. - libexpat through 2.5.0 allows a denial of service resource consumption because many full...

Medium: python3.9

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2024-605)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-605 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to quoted-overlap zip-bombs which exploit the...

Medium: python3

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Amazon Linux 2 : python3 (ALAS-2024-2515)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2515 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2024-588)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-588 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to quoted-overlap zip-bombs which exploit the...

Medium: python3.11

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

SUSE-SU-2024:1162-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2024-0450: Fixed 'quoted-overlap' in zipfile module is python310 bsc1221854 - CVE-2023-52425: Fixed denial of service caused by processing large tokens in expat module in python310 bsc1219559 - CVE-2023-6597: Fixed...

Debian dla-3772 : idle-python3.7 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3772 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3772-1 [email protected]...

Debian dla-3771 : idle-python2.7 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3771 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3771-1 [email protected] https://www.debian.org/lts/security/...

Slackware Linux 15.0 / current python3 Multiple Vulnerabilities (SSA:2024-080-01)

The version of python3 installed on the remote host is prior to 3.9.19. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-080-01 advisory. - libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the...