EUVD-2024-16245

Malicious code in bioql PyPI...

BIT-LIBPYTHON-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

BIT-PYTHON-MIN-2024-0450 Quoted zip-bomb protection for zipfile

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython...

Astra Linux – Vulnerability in Python 3.11

A issue was discovered in the CPython zipfile module, affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, 3.8.18, and earlier versions. The zipfile module is vulnerable to “quoted-overlap” zip-bombs, which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versio...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2024-2892)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is...

OESA-2024-2141 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

CLSA-2024-1724260328 Fix CVE(s): CVE-2024-0450

SECURITY UPDATE: exploit “quoted-overlap” zip-bombs with a high compression ratio - debian/patches/CVE-2024-0450.patch: Protect zipfile from "quoted-overlap" zipbomb - CVE-2024-0450 replace TLSv1 by TLSv1.2 since TLSv1 is not supported in the following tests: - Lib/test/testftplib.py -...

CLSA-2024-1724259346 Fix CVE(s): CVE-2024-0450

SECURITY UPDATE: Prevent Quoted-Overlap Zip-Bombs - debian/patches/CVE-2024-0450.patch: Protect zipfile from quoted-overlap zipbomb by raising BadZipFile when trying to read an entry that overlaps with other entry or central directory - CVE-2024-0450...

CLSA-2024-1723482251 python2: Fix of CVE-2024-0450

CVE-2024-0450: add detection of "quoted-overlap" zip-bombs in zipfile module...

CLSA-2024-1720772189 python2: Fix of CVE-2024-0450

CVE-2024-0450: Make zipfile module reject zip archives which overlap entries in the archive. Prevent “quoted-overlap” zip-bombs exploit...

CLSA-2024-1720178375 python2: Fix of CVE-2024-0450

CVE-2024-0450: Make zipfile module reject zip archives which overlap entries in the archive. Prevent “quoted-overlap” zip-bombs exploit...

SUSE-SU-2024:1844-1 Security update for python

This update for python fixes the following issues: - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb bsc1221854...

SUSE-SU-2024:1774-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number bsc1219559. - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb bsc1221854...

SUSE-SU-2024:1556-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2024-0450: Fixed 'quoted-overlap' issue inside the zipfile module bsc1221854. - CVE-2023-6597: Fixed removing tempfile.TemporaryDirectory in some edge cases related to symlinks bsc1219666. - CVE-2023-52425: Fixed denial of service resour...

Medium: python3.9

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Medium: python3

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Medium: python3.11

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Updated python3, python packages fix security vulnerabilities

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. CVE-2023-6597 The zipfile module is...

SUSE-SU-2024:1009-1 Security update for python39

This update for python39 fixes the following issues: - CVE-2023-52425: Fixed denial of service resource consumption caused by processing large tokens in expat bsc1219559. - CVE-2023-6597: Fixed symlink race condition in tempfile.TemporaryDirectory bsc1219666. - CVE-2024-0450: Fixed 'quoted-overla...

[SECURITY] [DLA 3772-1] python3.7 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3772-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 24, 2024 https://wiki.debian.org/LTS -...