ELSA-2024-0256

Опубликовано: 16 янв. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-0256: python3 security update (MODERATE)

[3.6.8-56.0.1.3]

Security fix for CVE-2023-27043 Resolves: rhbz#2196183

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

platform-python

3.6.8-56.0.1.el8_9.3

platform-python-debug

3.6.8-56.0.1.el8_9.3

platform-python-devel

3.6.8-56.0.1.el8_9.3

python3-idle

3.6.8-56.0.1.el8_9.3

python3-libs

3.6.8-56.0.1.el8_9.3

python3-test

3.6.8-56.0.1.el8_9.3

python3-tkinter

3.6.8-56.0.1.el8_9.3

Oracle Linux x86_64

platform-python

3.6.8-56.0.1.el8_9.3

platform-python-debug

3.6.8-56.0.1.el8_9.3

platform-python-devel

3.6.8-56.0.1.el8_9.3

python3-idle

3.6.8-56.0.1.el8_9.3

python3-libs

3.6.8-56.0.1.el8_9.3

python3-test

3.6.8-56.0.1.el8_9.3

python3-tkinter

3.6.8-56.0.1.el8_9.3

Связанные CVE

CVE-2023-27043

Ссылки на источники

Связанные уязвимости

CVE-2023-27043

CVSS3: 5.3

ubuntu

около 2 лет назад

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.