ELSA-2023-6494

Опубликовано: 11 нояб. 2023

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2023-6494: python3.11 security update (MODERATE)

[3.11.5-1]

Rebase to 3.11.5
Security fixes for CVE-2023-40217 and CVE-2023-41105 Resolves: RHEL-3045, RHEL-3269

[3.11.4-3]

Fix symlink handling in the fix for CVE-2023-24329 Resolves: rhbz#263261

[3.11.4-2]

Security fix for CVE-2007-4559 Resolves: rhbz#263261

[3.11.4-1]

Update to 3.11.4
Security fix for CVE-2023-24329 Resolves: rhbz#2173917

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

python3.11

3.11.5-1.el9_3

python3.11-debug

3.11.5-1.el9_3

python3.11-devel

3.11.5-1.el9_3

python3.11-idle

3.11.5-1.el9_3

python3.11-libs

3.11.5-1.el9_3

python3.11-test

3.11.5-1.el9_3

python3.11-tkinter

3.11.5-1.el9_3

Oracle Linux x86_64

python3.11

3.11.5-1.el9_3

python3.11-debug

3.11.5-1.el9_3

python3.11-devel

3.11.5-1.el9_3

python3.11-idle

3.11.5-1.el9_3

python3.11-libs

3.11.5-1.el9_3

python3.11-test

3.11.5-1.el9_3

python3.11-tkinter

3.11.5-1.el9_3

Связанные CVE

CVE-2023-41105

CVE-2007-4559

Ссылки на источники

Связанные уязвимости

ELSA-2023-7024

oracle-oval

больше 1 года назад

ELSA-2023-7024: python3.11 security update (MODERATE)

CVE-2023-41105

CVSS3: 7.5

ubuntu

почти 2 года назад

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

CVE-2023-41105

CVSS3: 7.5

redhat

почти 2 года назад

CVE-2023-41105

CVSS3: 7.5

nvd

почти 2 года назад

CVE-2023-41105

CVSS3: 7.5

debian

почти 2 года назад

An issue was discovered in Python 3.11 through 3.11.4. If a path conta ...