PSF-2024-4

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

CVE-2024-4032 Incorrect IPv4 and IPv6 private ranges

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

CVE-2024-4032 Incorrect IPv4 and IPv6 private ranges

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

CVE-2024-4032

CVE-2024-4032 affects the Python ipaddress module, where is_private and is_global could be incorrect for IPv4/IPv6 addresses due to registry data prior to updates. Connected advisories confirm that CPython releases 3.12.4 and 3.13.0a6 include updated IANA Special-Purpose Address Registry data and...

CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

PSF-2024-5

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

cpython Security Vulnerabilities

cpython is the Python Foundation's Python interpreter implemented in the C language. A security vulnerability exists in cpython that stems from a race condition between the certstorestats function and the getcacerts function...

Fedora: Security Advisory for maturin (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : bzr (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bzr: does not strip bzr+ssh SSH options CVE-2017-14176 - Algorithmic complexity vulnerability in the...

[SECURITY] Fedora 40 Update: maturin-1.5.1-2.fc40

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

CentOS 8 : python3 (CESA-2024:3347)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3347 advisory. - An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The...

K000139698: Python vulnerabilities CVE-2016-5636, CVE-2018-1000802, CVE-2022-48565 and CVE-2023-36632

Security Advisory Description CVE-2016-5636 Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer...

Important: python3

Issue Overview: An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can r...

Amazon Linux 2 : python3 (ALAS-2024-2541)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2541 advisory. An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18...

Amazon Linux AMI : python38 (ALAS-2024-1936)

The version of python38 installed on the remote host is prior to 3.8.5-1.11. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1936 advisory. An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8....

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2024-617)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-617 advisory. An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python311 (SUSE-SU-2024:1556-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1556-1 advisory. - libexpat through 2.5.0 allows a denial of service resource consumption because many full...

PT-2024-6083

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to the next release exact version not specified CPython version 3.9 and earlier Description The issue is related to the OpenSSL API function SSL select next proto which can cause a crash or memory contents to be sent to...