Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-8353

Опубликовано: 22 нояб. 2022
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2022-8353: python3.9 security, bug fix, and enhancement update (MODERATE)

[3.9.14-1]

  • Update to 3.9.14
  • Security fixes for CVE-2020-10735 and CVE-2021-28861 Resolves: rhbz#2120642, rhbz#1834423, rhbz#2128249

[3.9.13-3]

  • Fix test_get_ciphers in test_ssl.py for FIPS mode Resolves: rhbz#2058233

[3.9.13-2]

  • Security fix for CVE-2015-20107 Resolves: rhbz#2075390

[3.9.13-1]

  • Update to 3.9.13 Resolves: rhbz#2054702, rhbz#2059951

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

python-unversioned-command

3.9.14-1.el9

python3

3.9.14-1.el9

python3-debug

3.9.14-1.el9

python3-devel

3.9.14-1.el9

python3-idle

3.9.14-1.el9

python3-libs

3.9.14-1.el9

python3-test

3.9.14-1.el9

python3-tkinter

3.9.14-1.el9

Oracle Linux x86_64

python-unversioned-command

3.9.14-1.el9

python3

3.9.14-1.el9

python3-debug

3.9.14-1.el9

python3-devel

3.9.14-1.el9

python3-idle

3.9.14-1.el9

python3-libs

3.9.14-1.el9

python3-test

3.9.14-1.el9

python3-tkinter

3.9.14-1.el9

Связанные CVE

CVE-2021-28861
CVE-2015-20107

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2022:8353

rocky
больше 2 лет назад

Moderate: python3.9 security, bug fix, and enhancement update

ubuntu логотип

CVE-2021-28861

CVSS3: 7.4
ubuntu
почти 3 года назад

** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

redhat логотип

CVE-2021-28861

CVSS3: 7.4
redhat
почти 3 года назад

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

nvd логотип

CVE-2021-28861

CVSS3: 7.4
nvd
почти 3 года назад

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

msrc логотип

CVE-2021-28861

CVSS3: 7.4
msrc
почти 3 года назад

Описание отсутствует