Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-2292

Опубликовано: 02 мая 2024
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2024-2292: python3.11 security update (MODERATE)

[3.11.7-1]

  • Rebase to 3.11.7 Resolves: RHEL-20233

[3.11.5-2]

  • Security fix for CVE-2023-27043 Resolves: RHEL-21325

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

python3.11

3.11.7-1.el9

python3.11-debug

3.11.7-1.el9

python3.11-devel

3.11.7-1.el9

python3.11-idle

3.11.7-1.el9

python3.11-libs

3.11.7-1.el9

python3.11-test

3.11.7-1.el9

python3.11-tkinter

3.11.7-1.el9

Oracle Linux x86_64

python3.11

3.11.7-1.el9

python3.11-debug

3.11.7-1.el9

python3.11-devel

3.11.7-1.el9

python3.11-idle

3.11.7-1.el9

python3.11-libs

3.11.7-1.el9

python3.11-test

3.11.7-1.el9

python3.11-tkinter

3.11.7-1.el9

Связанные CVE

CVE-2023-27043

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2023-27043

CVSS3: 5.3
ubuntu
около 2 лет назад

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

redhat логотип

CVE-2023-27043

CVSS3: 5.3
redhat
около 2 лет назад

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

nvd логотип

CVE-2023-27043

CVSS3: 5.3
nvd
около 2 лет назад

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

msrc логотип

CVE-2023-27043

CVSS3: 5.3
msrc
5 месяцев назад

Описание отсутствует

debian логотип

CVE-2023-27043

CVSS3: 5.3
debian
около 2 лет назад

The email module of Python through 3.11.3 incorrectly parses e-mail ad ...