Описание
ELSA-2023-5994: python27:2.7 security update (IMPORTANT)
babel Cython numpy pytest python2 [2.7.18-13.0.1.2]
- Security fix for CVE-2023-40217
python2-pip python2-rpm-macros python2-setuptools python2-six python-attrs python-backports python-backports-ssl_match_hostname python-chardet python-coverage python-dns python-docs python-docutils python-funcsigs python-idna python-ipaddress python-jinja2 python-lxml python-markupsafe python-mock python-nose python-pluggy python-psycopg2 python-py python-pygments python-pymongo python-PyMySQL python-pysocks python-pytest-mock python-requests python-setuptools_scm python-sqlalchemy python-urllib3 python-virtualenv python-wheel pytz PyYAML scipy
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module python27:2.7 is enabled
babel
2.5.1-10.module+el8.5.0+20361+8a9d3d27
python-nose-docs
1.3.7-31.module+el8.5.0+20361+8a9d3d27
python-psycopg2-doc
2.7.5-7.module+el8.3.0+7833+4aaf98ce
python-sqlalchemy-doc
1.3.2-2.module+el8.3.0+7833+4aaf98ce
python2
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-Cython
0.28.1-7.module+el8.3.0+7833+4aaf98ce
python2-PyMySQL
0.8.0-10.module+el8.3.0+7833+4aaf98ce
python2-attrs
17.4.0-10.module+el8.3.0+7833+4aaf98ce
python2-babel
2.5.1-10.module+el8.5.0+20361+8a9d3d27
python2-backports
1.0-16.module+el8.4.0+20050+79c7b4ee
python2-backports-ssl_match_hostname
3.5.0.1-12.module+el8.4.0+20050+79c7b4ee
python2-bson
3.7.0-1.module+el8.5.0+20361+8a9d3d27
python2-chardet
3.0.4-10.module+el8.3.0+7833+4aaf98ce
python2-coverage
4.5.1-4.module+el8.3.0+7833+4aaf98ce
python2-debug
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-devel
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-dns
1.15.0-10.module+el8.3.0+7833+4aaf98ce
python2-docs
2.7.16-2.module+el8.3.0+7833+4aaf98ce
python2-docs-info
2.7.16-2.module+el8.3.0+7833+4aaf98ce
python2-docutils
0.14-12.module+el8.3.0+7833+4aaf98ce
python2-funcsigs
1.0.2-13.module+el8.3.0+7833+4aaf98ce
python2-idna
2.5-7.module+el8.3.0+7833+4aaf98ce
python2-ipaddress
1.0.18-6.module+el8.3.0+7833+4aaf98ce
python2-jinja2
2.10-9.module+el8.5.0+20361+8a9d3d27
python2-libs
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-lxml
4.2.3-6.module+el8.6.0+20550+a85dc526
python2-markupsafe
0.23-19.module+el8.3.0+7833+4aaf98ce
python2-mock
2.0.0-13.module+el8.3.0+7833+4aaf98ce
python2-nose
1.3.7-31.module+el8.5.0+20361+8a9d3d27
python2-numpy
1.14.2-16.module+el8.4.0+20050+79c7b4ee
python2-numpy-doc
1.14.2-16.module+el8.4.0+20050+79c7b4ee
python2-numpy-f2py
1.14.2-16.module+el8.4.0+20050+79c7b4ee
python2-pip
9.0.3-19.module+el8.6.0+20550+a85dc526
python2-pip-wheel
9.0.3-19.module+el8.6.0+20550+a85dc526
python2-pluggy
0.6.0-8.module+el8.3.0+7833+4aaf98ce
python2-psycopg2
2.7.5-7.module+el8.3.0+7833+4aaf98ce
python2-psycopg2-debug
2.7.5-7.module+el8.3.0+7833+4aaf98ce
python2-psycopg2-tests
2.7.5-7.module+el8.3.0+7833+4aaf98ce
python2-py
1.5.3-6.module+el8.3.0+7833+4aaf98ce
python2-pygments
2.2.0-22.module+el8.5.0+20361+8a9d3d27
python2-pymongo
3.7.0-1.module+el8.5.0+20361+8a9d3d27
python2-pymongo-gridfs
3.7.0-1.module+el8.5.0+20361+8a9d3d27
python2-pysocks
1.6.8-6.module+el8.3.0+7833+4aaf98ce
python2-pytest
3.4.2-13.module+el8.3.0+7833+4aaf98ce
python2-pytest-mock
1.9.0-4.module+el8.3.0+7833+4aaf98ce
python2-pytz
2017.2-12.module+el8.3.0+7833+4aaf98ce
python2-pyyaml
3.12-16.module+el8.3.0+7833+4aaf98ce
python2-requests
2.20.0-3.module+el8.3.0+7833+4aaf98ce
python2-rpm-macros
3-38.module+el8.3.0+7833+4aaf98ce
python2-scipy
1.0.0-21.module+el8.5.0+20361+8a9d3d27
python2-setuptools
39.0.1-13.module+el8.4.0+20050+79c7b4ee
python2-setuptools-wheel
39.0.1-13.module+el8.4.0+20050+79c7b4ee
python2-setuptools_scm
1.15.7-6.module+el8.3.0+7833+4aaf98ce
python2-six
1.11.0-6.module+el8.4.0+20050+79c7b4ee
python2-sqlalchemy
1.3.2-2.module+el8.3.0+7833+4aaf98ce
python2-test
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-tkinter
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-tools
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-urllib3
1.24.2-3.module+el8.4.0+20050+79c7b4ee
python2-virtualenv
15.1.0-22.module+el8.8.0+90005+95df27dc
python2-wheel
0.31.1-3.module+el8.5.0+20361+8a9d3d27
python2-wheel-wheel
0.31.1-3.module+el8.5.0+20361+8a9d3d27
Oracle Linux x86_64
Module python27:2.7 is enabled
babel
2.5.1-10.module+el8.5.0+20361+8a9d3d27
python-nose-docs
1.3.7-31.module+el8.5.0+20361+8a9d3d27
python-psycopg2-doc
2.7.5-7.module+el8.3.0+7833+4aaf98ce
python-sqlalchemy-doc
1.3.2-2.module+el8.3.0+7833+4aaf98ce
python2
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-Cython
0.28.1-7.module+el8.3.0+7833+4aaf98ce
python2-PyMySQL
0.8.0-10.module+el8.3.0+7833+4aaf98ce
python2-attrs
17.4.0-10.module+el8.3.0+7833+4aaf98ce
python2-babel
2.5.1-10.module+el8.5.0+20361+8a9d3d27
python2-backports
1.0-16.module+el8.4.0+20050+79c7b4ee
python2-backports-ssl_match_hostname
3.5.0.1-12.module+el8.4.0+20050+79c7b4ee
python2-bson
3.7.0-1.module+el8.5.0+20361+8a9d3d27
python2-chardet
3.0.4-10.module+el8.3.0+7833+4aaf98ce
python2-coverage
4.5.1-4.module+el8.3.0+7833+4aaf98ce
python2-debug
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-devel
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-dns
1.15.0-10.module+el8.3.0+7833+4aaf98ce
python2-docs
2.7.16-2.module+el8.3.0+7833+4aaf98ce
python2-docs-info
2.7.16-2.module+el8.3.0+7833+4aaf98ce
python2-docutils
0.14-12.module+el8.3.0+7833+4aaf98ce
python2-funcsigs
1.0.2-13.module+el8.3.0+7833+4aaf98ce
python2-idna
2.5-7.module+el8.3.0+7833+4aaf98ce
python2-ipaddress
1.0.18-6.module+el8.3.0+7833+4aaf98ce
python2-jinja2
2.10-9.module+el8.5.0+20361+8a9d3d27
python2-libs
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-lxml
4.2.3-6.module+el8.6.0+20550+a85dc526
python2-markupsafe
0.23-19.module+el8.3.0+7833+4aaf98ce
python2-mock
2.0.0-13.module+el8.3.0+7833+4aaf98ce
python2-nose
1.3.7-31.module+el8.5.0+20361+8a9d3d27
python2-numpy
1.14.2-16.module+el8.4.0+20050+79c7b4ee
python2-numpy-doc
1.14.2-16.module+el8.4.0+20050+79c7b4ee
python2-numpy-f2py
1.14.2-16.module+el8.4.0+20050+79c7b4ee
python2-pip
9.0.3-19.module+el8.6.0+20550+a85dc526
python2-pip-wheel
9.0.3-19.module+el8.6.0+20550+a85dc526
python2-pluggy
0.6.0-8.module+el8.3.0+7833+4aaf98ce
python2-psycopg2
2.7.5-7.module+el8.3.0+7833+4aaf98ce
python2-psycopg2-debug
2.7.5-7.module+el8.3.0+7833+4aaf98ce
python2-psycopg2-tests
2.7.5-7.module+el8.3.0+7833+4aaf98ce
python2-py
1.5.3-6.module+el8.3.0+7833+4aaf98ce
python2-pygments
2.2.0-22.module+el8.5.0+20361+8a9d3d27
python2-pymongo
3.7.0-1.module+el8.5.0+20361+8a9d3d27
python2-pymongo-gridfs
3.7.0-1.module+el8.5.0+20361+8a9d3d27
python2-pysocks
1.6.8-6.module+el8.3.0+7833+4aaf98ce
python2-pytest
3.4.2-13.module+el8.3.0+7833+4aaf98ce
python2-pytest-mock
1.9.0-4.module+el8.3.0+7833+4aaf98ce
python2-pytz
2017.2-12.module+el8.3.0+7833+4aaf98ce
python2-pyyaml
3.12-16.module+el8.3.0+7833+4aaf98ce
python2-requests
2.20.0-3.module+el8.3.0+7833+4aaf98ce
python2-rpm-macros
3-38.module+el8.3.0+7833+4aaf98ce
python2-scipy
1.0.0-21.module+el8.5.0+20361+8a9d3d27
python2-setuptools
39.0.1-13.module+el8.4.0+20050+79c7b4ee
python2-setuptools-wheel
39.0.1-13.module+el8.4.0+20050+79c7b4ee
python2-setuptools_scm
1.15.7-6.module+el8.3.0+7833+4aaf98ce
python2-six
1.11.0-6.module+el8.4.0+20050+79c7b4ee
python2-sqlalchemy
1.3.2-2.module+el8.3.0+7833+4aaf98ce
python2-test
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-tkinter
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-tools
2.7.18-13.0.1.module+el8.8.0+90005+95df27dc.2
python2-urllib3
1.24.2-3.module+el8.4.0+20050+79c7b4ee
python2-virtualenv
15.1.0-22.module+el8.8.0+90005+95df27dc
python2-wheel
0.31.1-3.module+el8.5.0+20361+8a9d3d27
python2-wheel-wheel
0.31.1-3.module+el8.5.0+20361+8a9d3d27
Связанные CVE
Связанные уязвимости
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...