ELSA-2021-9129

Опубликовано: 22 мар. 2021

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2021-9129: python36:3.6 security update (IMPORTANT)

python36 [3.6.8-2.0.1]

Rebuild with python containing fix for [Orabug: 32551171][CVE-2021-3177]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module python36:3.6 is enabled

python-nose-docs

1.3.7-30.module+el8.3.0+7694+550a8252

python-pymongo-doc

3.6.1-11.module+el8.3.0+7694+550a8252

python-sqlalchemy-doc

1.3.2-2.module+el8.3.0+7694+550a8252

python-virtualenv-doc

15.1.0-19.module+el8.3.0+7694+550a8252

python3-PyMySQL

0.8.0-10.module+el8.3.0+7694+550a8252

python3-bson

3.6.1-11.module+el8.3.0+7694+550a8252

python3-distro

1.4.0-2.module+el8.3.0+7694+550a8252

python3-docs

3.6.7-2.module+el8.3.0+7694+550a8252

python3-docutils

0.14-12.module+el8.3.0+7694+550a8252

python3-nose

1.3.7-30.module+el8.3.0+7694+550a8252

python3-pygments

2.2.0-20.module+el8.3.0+7694+550a8252

python3-pymongo

3.6.1-11.module+el8.3.0+7694+550a8252

python3-pymongo-gridfs

3.6.1-11.module+el8.3.0+7694+550a8252

python3-scipy

1.0.0-20.module+el8.3.0+7694+550a8252

python3-sqlalchemy

1.3.2-2.module+el8.3.0+7694+550a8252

python3-virtualenv

15.1.0-19.module+el8.3.0+7694+550a8252

python3-wheel

0.31.1-2.module+el8.3.0+7694+550a8252

python3-wheel-wheel

0.31.1-2.module+el8.3.0+7694+550a8252

python36

3.6.8-2.0.1.module+el8.3.0+el8+9688+bb1990d3

python36-debug

3.6.8-2.0.1.module+el8.3.0+el8+9688+bb1990d3

python36-devel

3.6.8-2.0.1.module+el8.3.0+el8+9688+bb1990d3

python36-rpm-macros

3.6.8-2.0.1.module+el8.3.0+el8+9688+bb1990d3

Oracle Linux x86_64

Module python36:3.6 is enabled

python-nose-docs

1.3.7-30.module+el8.3.0+7694+550a8252

python-pymongo-doc

3.6.1-11.module+el8.3.0+7694+550a8252

python-sqlalchemy-doc

1.3.2-2.module+el8.3.0+7694+550a8252

python-virtualenv-doc

15.1.0-19.module+el8.3.0+7694+550a8252

python3-PyMySQL

0.8.0-10.module+el8.3.0+7694+550a8252

python3-bson

3.6.1-11.module+el8.3.0+7694+550a8252

python3-distro

1.4.0-2.module+el8.3.0+7694+550a8252

python3-docs

3.6.7-2.module+el8.3.0+7694+550a8252

python3-docutils

0.14-12.module+el8.3.0+7694+550a8252

python3-nose

1.3.7-30.module+el8.3.0+7694+550a8252

python3-pygments

2.2.0-20.module+el8.3.0+7694+550a8252

python3-pymongo

3.6.1-11.module+el8.3.0+7694+550a8252

python3-pymongo-gridfs

3.6.1-11.module+el8.3.0+7694+550a8252

python3-scipy

1.0.0-20.module+el8.3.0+7694+550a8252

python3-sqlalchemy

1.3.2-2.module+el8.3.0+7694+550a8252

python3-virtualenv

15.1.0-19.module+el8.3.0+7694+550a8252

python3-wheel

0.31.1-2.module+el8.3.0+7694+550a8252

python3-wheel-wheel

0.31.1-2.module+el8.3.0+7694+550a8252

python36

3.6.8-2.0.1.module+el8.3.0+el8+9688+bb1990d3

python36-debug

3.6.8-2.0.1.module+el8.3.0+el8+9688+bb1990d3

python36-devel

3.6.8-2.0.1.module+el8.3.0+el8+9688+bb1990d3

python36-rpm-macros

3.6.8-2.0.1.module+el8.3.0+el8+9688+bb1990d3

Связанные CVE

CVE-2021-3177

Ссылки на источники

Связанные уязвимости

CVE-2021-3177

CVSS3: 9.8

ubuntu

больше 4 лет назад

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.