ELSA-2024-4243

Опубликовано: 03 июл. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-4243: python3 security update (MODERATE)

[3.12.3-2]

Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40776

[3.12.3-1]

Update to 3.12.3 Related: RHEL-33685

[3.12.2-3]

Move all test modules to the python3-test package, namely:
- phello
- _xxsubinterpreters
- xxlimited
- xxlimited_35
- xxsubtype

[3.12.2-2]

Fix tests for XMLPullParser with Expat with fixed CVE

[3.12.2-1]

Update to 3.12.2 Resolves: RHEL-33685

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

python3.12

3.12.3-2.el8_10

python3.12-debug

3.12.3-2.el8_10

python3.12-devel

3.12.3-2.el8_10

python3.12-idle

3.12.3-2.el8_10

python3.12-libs

3.12.3-2.el8_10

python3.12-rpm-macros

3.12.3-2.el8_10

python3.12-test

3.12.3-2.el8_10

python3.12-tkinter

3.12.3-2.el8_10

Oracle Linux x86_64

python3.12

3.12.3-2.el8_10

python3.12-debug

3.12.3-2.el8_10

python3.12-devel

3.12.3-2.el8_10

python3.12-idle

3.12.3-2.el8_10

python3.12-libs

3.12.3-2.el8_10

python3.12-rpm-macros

3.12.3-2.el8_10

python3.12-test

3.12.3-2.el8_10

python3.12-tkinter

3.12.3-2.el8_10

Связанные CVE

CVE-2024-0450

Ссылки на источники

Связанные уязвимости

CVE-2024-0450

CVSS3: 6.2

ubuntu

больше 1 года назад

An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.