RHEL 9 : python3.11 (RHSA-2024:2292)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2292 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

RHEL 9 : python3.11-urllib3 (RHSA-2024:2159)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2159 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: python-urllib3: Cookie...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2024-588)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-588 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to quoted-overlap zip-bombs which exploit the...

python3.11-pip bug fix and enhancement update

An update is available for python3.11-pip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list pip is a package management system used to install and manage software...

CentOS 9 : python3.11-3.11.5-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the python3.11-3.11.5-1.el9 build changelog. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily...

CentOS 9 : python3.11-3.11.4-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python3.11-3.11.4-1.el9 build changelog. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts...

CentOS 9 : python3.11-cryptography-37.0.2-4.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python3.11-cryptography-37.0.2-4.el9 build changelog. - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions...

CentOS 9 : python3.11-3.11.4-3.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the python3.11-3.11.4-3.el9 build changelog. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts...

CentOS 9 : python3.11-urllib3-1.26.12-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python3.11-urllib3-1.26.12-2.el9 build changelog. - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helper...

CentOS 8 : python3.11 (CESA-2023:5463)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:5463 advisory. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HT...

CentOS 8 : python3.11 (CESA-2023:7024)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:7024 advisory. - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers t...

CentOS 8 : python3.11 (CESA-2023:3594)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:3594 advisory. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2024-500)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-500 advisory. 2025-01-16: CVE-2024-11168 was added to this advisory. An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that...

Fedora: Security Advisory for python3.11 (FEDORA-2023-0583eedde7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 / 9 : python3.11-cryptography (ELSA-2024-12078)

The remote Oracle Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-12078 advisory. 37.0.2-5.0.1 - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates Orabug: 36143834 Tenable has extracted the preceding description block...

Ubuntu: Security Advisory (USN-6547-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6513-2: Python vulnerability

USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. Original advisory details: It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into...

Oracle Linux 8 : python3.11-pip (ELSA-2023-6914)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6914 advisory. - Use tarfile.datafilter for extracting CVE-2007-4559, PEP-721, PEP-706 Resolves: RHBZ2218249 Tenable has extracted the preceding description block directly fro...

Oracle Linux 8 : python3.11 (ELSA-2023-7024)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7024 advisory. - Security fixes for CVE-2023-40217 and CVE-2023-41105 Resolves: RHEL-3047, RHEL-3267 - Fix symlink handling in the fix for CVE-2023-24329 Resolves:...

python3.11 security update

3.11.5-1 - Rebase to 3.11.5 - Security fixes for CVE-2023-40217 and CVE-2023-41105 Resolves: RHEL-3047, RHEL-3267 3.11.4-4 - Add the importallmodulespy311.py file for the python3.11-rpm-macros subpackage Resolves: rhbz2207631 3.11.4-3 - Fix symlink handling in the fix for CVE-2023-24329 Resolves:...