ELSA-2023-7151

Опубликовано: 17 нояб. 2023

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2023-7151: python3 security update (MODERATE)

[3.6.8-56.0.1]

Add Oracle Linux distribution in platform.py [Orabug: 20812544]

[3.6.8.openela.0]

Add openela to supported dists

[3.6.8-56]

Security fix for CVE-2023-40217 Resolves: RHEL-3041

[3.6.8-55]

Fix symlink handling in the fix for CVE-2007-4559 Resolves: rhbz#263261

[3.6.8-54]

Bump release for rebuild Resolves: rhbz#2173917

[3.6.8-53]

Security fix for CVE-2023-24329 Resolves: rhbz#2173917

[3.6.8-52]

Add filters for tarfile extraction (CVE-2007-4559, PEP-706) Resolves: rhbz#263261

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

platform-python

3.6.8-56.0.1.el8_9

platform-python-debug

3.6.8-56.0.1.el8_9

platform-python-devel

3.6.8-56.0.1.el8_9

python3-idle

3.6.8-56.0.1.el8_9

python3-libs

3.6.8-56.0.1.el8_9

python3-test

3.6.8-56.0.1.el8_9

python3-tkinter

3.6.8-56.0.1.el8_9

Oracle Linux x86_64

platform-python

3.6.8-56.0.1.el8_9

platform-python-debug

3.6.8-56.0.1.el8_9

platform-python-devel

3.6.8-56.0.1.el8_9

python3-idle

3.6.8-56.0.1.el8_9

python3-libs

3.6.8-56.0.1.el8_9

python3-test

3.6.8-56.0.1.el8_9

python3-tkinter

3.6.8-56.0.1.el8_9

Связанные CVE

CVE-2007-4559

Ссылки на источники

Связанные уязвимости

CVE-2007-4559

CVSS3: 9.8

ubuntu

почти 18 лет назад

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.