ELSA-2024-3062

Опубликовано: 23 мая 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-3062: python3.11 security update (MODERATE)

[3.11.7-1.0.1]

Update rpm-macros description [Orabug: 36024572]

[3.11.7-1]

Rebase to 3.11.7 Resolves: RHEL-21915

[3.11.5-2]

Security fix for CVE-2023-27043 Resolves: RHEL-7842

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

python3.11

3.11.7-1.0.1.el8

python3.11-debug

3.11.7-1.0.1.el8

python3.11-devel

3.11.7-1.0.1.el8

python3.11-idle

3.11.7-1.0.1.el8

python3.11-libs

3.11.7-1.0.1.el8

python3.11-rpm-macros

3.11.7-1.0.1.el8

python3.11-test

3.11.7-1.0.1.el8

python3.11-tkinter

3.11.7-1.0.1.el8

Oracle Linux x86_64

python3.11

3.11.7-1.0.1.el8

python3.11-debug

3.11.7-1.0.1.el8

python3.11-devel

3.11.7-1.0.1.el8

python3.11-idle

3.11.7-1.0.1.el8

python3.11-libs

3.11.7-1.0.1.el8

python3.11-rpm-macros

3.11.7-1.0.1.el8

python3.11-test

3.11.7-1.0.1.el8

python3.11-tkinter

3.11.7-1.0.1.el8

Связанные CVE

CVE-2023-27043

Ссылки на источники

Связанные уязвимости

CVE-2023-27043

CVSS3: 5.3

ubuntu

около 2 лет назад

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.