Описание
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.12 | fixed | 3.12.1-1 | package | |
| python3.11 | fixed | 3.11.8-1 | package | |
| python3.11 | fixed | 3.11.2-6+deb12u2 | bookworm | package |
| python3.10 | removed | package | ||
| python3.9 | removed | package | ||
| python3.7 | removed | package | ||
| python2.7 | not-affected | package | ||
| pypy3 | fixed | 7.3.13+dfsg-1 | package | |
| pypy3 | fixed | 7.3.11+dfsg-2+deb12u2 | bookworm | package |
| pypy3 | no-dsa | buster | package |
Примечания
https://github.com/python/cpython/pull/99930
https://github.com/python/cpython/issues/91133
https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5 (v3.12.1)
https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25 (v3.11.8)
https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82 (v3.10.14)
https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b (v3.9.19)
https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/
Introduced by: https://github.com/python/cpython/commit/e9b51c0ad81da1da11ae65840ac8b50a8521373c (v3.8.0b1)
Связанные уязвимости
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
