Security update for python3

This update for python3 fixes the following issues: CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:0502-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. bsc1236705...

Rocky Linux Brocade SANnav OVA updates: kernel (RLSA-2024:8856) expat (RLSA-2024:9502, RLSA-2024-6989) bzip2 (RLSA-2024:8922) krb5 (RLSA-2024:8860) and python3 (RLSA-2024:6975)

Rocky Linux updates for SANnav OVA releases. The listed updates are available for OVA deployments of SANnav. kernel RLSA-2024:8856 CVE-2024-44935, CVE-2024-43854, CVE-2024-35898, CVE-2024-27062, CVE-2024-42244, CVE-2024-27017, CVE-2024-42070, CVE-2024-43880, CVE-2023-52492, CVE-2024-46826,...

Use of Weak Hash

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Weak Hash due to the use of a predictable constant value in the Python 3.12 built-in hash function. An attacker can interfere with subsequent...

Medium: python3.11

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Medium: python3

Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...

CLSA-2024-1734642829 python3.9: Fix of CVE-2024-0450

CVE-2024-0450: Reject zip archives with overlapping entries to prevent quoted- overlap zip-bombs...

Medium: python38-pip

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

CLSA-2024-1734543773 python3: Fix of CVE-2024-9287

CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...

Fedora: Security Advisory (FEDORA-2024-1a493abc67)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:14581-1 python312-3.12.8-1.1 on GA media

These are all security issues fixed in the python312-3.12.8-1.1 package on the GA media of openSUSE Tumbleweed...

Medium: python3.11

Issue Overview: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which...

Security update for python312

This update for python312 fixes the following issues: CVE-2024-12254: Fixed unbounded memory buffering in SelectorSocketTransport.writelines bsc1234290 Other fixes: - Updated to version 3.12.8 - Remove -IVendor/ from python-config bsc1231795 Patch Instructions: To install this SUSE update use the...

OESA-2024-2513 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

OESA-2024-2512 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

OESA-2024-2510 ansible security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Security update for python36

This update for python36 fixes the following issues: CVE-2024-11168: improper validation of IPv6 and IPvFuture addresses. bsc1233307 Bug fixes: Remove -IVendor/ from python-config. bsc1231795 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for python39

This update for python39 fixes the following issues: CVE-2024-11168: Improper validation of IPv6 and IPvFuture addresses bsc1233307. Bug fixes: Remove -IVendor/ from python-config bsc1231795. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Astra Linux – Vulnerability in Python 3.11

There is a medium-severity vulnerability affecting CPython. Regular expressions that allow excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS through specifically crafted tar archives...

Astra Linux – Vulnerability in Python 3.11

There is a HIGH-severity vulnerability affecting the CPython “zipfile” module, specifically the “zipfile.Path” class. It should be noted that the more commonly used API “zipfile.ZipFile” class is not affected by this vulnerability. When iterating over the names of entries in a zip archive for...