ELSA-2024-0466

Опубликовано: 25 янв. 2024

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2024-0466: python3.9 security update (MODERATE)

[3.9.18-1.1]

Security fix for CVE-2023-27043 Resolves: RHEL-20613

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

python-unversioned-command

3.9.18-1.el9_3.1

python3

3.9.18-1.el9_3.1

python3-debug

3.9.18-1.el9_3.1

python3-devel

3.9.18-1.el9_3.1

python3-idle

3.9.18-1.el9_3.1

python3-libs

3.9.18-1.el9_3.1

python3-test

3.9.18-1.el9_3.1

python3-tkinter

3.9.18-1.el9_3.1

Oracle Linux x86_64

python-unversioned-command

3.9.18-1.el9_3.1

python3

3.9.18-1.el9_3.1

python3-debug

3.9.18-1.el9_3.1

python3-devel

3.9.18-1.el9_3.1

python3-idle

3.9.18-1.el9_3.1

python3-libs

3.9.18-1.el9_3.1

python3-test

3.9.18-1.el9_3.1

python3-tkinter

3.9.18-1.el9_3.1

Связанные CVE

CVE-2023-27043

Ссылки на источники

Связанные уязвимости

CVE-2023-27043

CVSS3: 5.3

ubuntu

около 2 лет назад

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.