Описание
ELSA-2024-9192: python3.11 security update (MODERATE)
[3.11.9-7]
- Security fix for CVE-2024-8088 Resolves: RHEL-55959
[3.11.9-6]
- Security fix for CVE-2024-6923 Resolves: RHEL-53038
[3.11.9-5]
- Properly propagate the optimization flags to C extensions
[3.11.9-4]
- Build Python with -O3
- https://fedoraproject.org/wiki/Changes/Python_built_with_gcc_O3
[3.11.9-3]
- Security fix for CVE-2024-4032 Resolves: RHEL-44099
[3.11.9-2]
- Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40779
[3.11.9-1]
- Rebase to 3.11.9
- Security fixes for CVE-2023-6597 and CVE-2024-0450
- Fix expat tests for the latest expat security release Resolves: RHEL-33677, RHEL-33689
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
python3.11
3.11.9-7.el9
python3.11-debug
3.11.9-7.el9
python3.11-devel
3.11.9-7.el9
python3.11-idle
3.11.9-7.el9
python3.11-libs
3.11.9-7.el9
python3.11-test
3.11.9-7.el9
python3.11-tkinter
3.11.9-7.el9
Oracle Linux x86_64
python3.11
3.11.9-7.el9
python3.11-debug
3.11.9-7.el9
python3.11-devel
3.11.9-7.el9
python3.11-idle
3.11.9-7.el9
python3.11-libs
3.11.9-7.el9
python3.11-test
3.11.9-7.el9
python3.11-tkinter
3.11.9-7.el9
Связанные CVE
Связанные уязвимости
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.
