ELSA-2022-6457

Опубликовано: 14 сент. 2022

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2022-6457: python3 security update (MODERATE)

[3.6.8-47.0.1]

Add Oracle Linux distribution in platform.py [Orabug: 20812544]

[3.6.8-47]

Security fix for CVE-2015-20107 Resolves: rhbz#2075390

[3.6.8-46]

Security fix for CVE-2022-0391: urlparse does not sanitize URLs containing ASCII newline and tabs
Fix the test suite support for Expat >= 2.4.5 Resolves: rhbz#2047376

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

platform-python

3.6.8-47.0.1.el8_6

platform-python-debug

3.6.8-47.0.1.el8_6

platform-python-devel

3.6.8-47.0.1.el8_6

python3-idle

3.6.8-47.0.1.el8_6

python3-libs

3.6.8-47.0.1.el8_6

python3-test

3.6.8-47.0.1.el8_6

python3-tkinter

3.6.8-47.0.1.el8_6

Oracle Linux x86_64

platform-python

3.6.8-47.0.1.el8_6

platform-python-debug

3.6.8-47.0.1.el8_6

platform-python-devel

3.6.8-47.0.1.el8_6

python3-idle

3.6.8-47.0.1.el8_6

python3-libs

3.6.8-47.0.1.el8_6

python3-test

3.6.8-47.0.1.el8_6

python3-tkinter

3.6.8-47.0.1.el8_6

Связанные CVE

CVE-2022-0391

CVE-2015-20107

Ссылки на источники

Связанные уязвимости

CVE-2022-0391

CVSS3: 7.5

ubuntu

больше 3 лет назад

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.