Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-1986

Опубликовано: 17 мая 2022
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2022-1986: python3 security update (MODERATE)

[3.6.8-45.0.1]

  • Add Oracle Linux distribution in platform.py [Orabug: 20812544]

[3.6.8-45]

  • Security fix for CVE-2021-4189: ftplib should not use the host from the PASV response Resolves: rhbz#2036020

[3.6.8-44]

  • Use the monotonic clock for theading.Condition
  • Use the monotonic clock for the global interpreter lock Resolves: rhbz#2003758

[3.6.8-43]

  • Change shouldRollover() methods of logging.handlers to only rollover regular files Resolves: rhbz#2009200

[3.6.8-42]

  • Security fix for CVE-2021-3737 Resolves: rhbz#1995162

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

platform-python

3.6.8-45.0.1.el8

platform-python-debug

3.6.8-45.0.1.el8

platform-python-devel

3.6.8-45.0.1.el8

python3-idle

3.6.8-45.0.1.el8

python3-libs

3.6.8-45.0.1.el8

python3-test

3.6.8-45.0.1.el8

python3-tkinter

3.6.8-45.0.1.el8

Oracle Linux x86_64

platform-python

3.6.8-45.0.1.el8

platform-python-debug

3.6.8-45.0.1.el8

platform-python-devel

3.6.8-45.0.1.el8

python3-idle

3.6.8-45.0.1.el8

python3-libs

3.6.8-45.0.1.el8

python3-test

3.6.8-45.0.1.el8

python3-tkinter

3.6.8-45.0.1.el8

Связанные CVE

CVE-2021-3737
CVE-2021-4189

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2022:1986

rocky
около 3 лет назад

Moderate: python3 security update

rocky логотип

RLSA-2022:1821

rocky
около 3 лет назад

Moderate: python27:2.7 security update

oracle-oval логотип

ELSA-2022-1821

oracle-oval
около 3 лет назад

ELSA-2022-1821: python27:2.7 security update (MODERATE)

ubuntu логотип

CVE-2021-4189

CVSS3: 5.3
ubuntu
почти 3 года назад

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

redhat логотип

CVE-2021-4189

CVSS3: 5.3
redhat
больше 3 лет назад

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.