13 matches found
CLSA-2026-1778979189 Fix CVE(s): CVE-2024-6232, CVE-2024-7592, CVE-2024-9287
SECURITY UPDATE: ReDoS in tarfile PAX header parsing - debian/patches/CVE-2024-6232.patch: rewrite Lib/tarfile.py PAX-record parser to scan length-prefixed records via a bounded regex headerlengthprefixre plus direct slicing, eliminating quadratic backtracking in three pre-existing regexes. Adapt...
TencentOS Server 3: python39:3.9 (TSSA-2025:1001)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:1001 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
MGASA-2025-0280 Updated python3 packages fix security vulnerabilities
URL parser allowed square brackets in domain names. CVE-2025-0938 Mishandling of comma during folding and unicode-encoding of email headers. CVE-2025-1795 Virtual environment venv activation scripts don't quote paths. CVE-2024-9287 Use-after-free in "unicodeescape" decoder with error handler...
OESA-2025-2574 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
CLSA-2025-1747854434 Fix CVE(s): CVE-2024-9287
SECURITY UPDATE: Path names provided when creating a virtual environment were not quoted properly - debian/patches/CVE-2024-9287.patch: Quote template strings in venv activation - CVE-2024-9287...
RLSA-2024:11111 Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Medium: python3.11
Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...
Important: python3.12
Issue Overview: Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the...
CLSA-2024-1734543773 python3: Fix of CVE-2024-9287
CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...
RHEL 9 : python3.11 (RHSA-2024:11111)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11111 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...
AlmaLinux 8 : python3.12 (ALSA-2024:10980)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:10980 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Unbounded memory buffering in...
Fedora 40 : python3.9 (2024-607a0047bc)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-607a0047bc advisory. Python 3.9.21 security release. Security content in this release -------------------------------- - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to...
AlmaLinux 8 : python3:3.6.8 (ALSA-2024:10779)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:10779 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Improper validation of IPv6 and IPvFuture addresses...