Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-9371

Опубликовано: 14 нояб. 2024
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2024-9371: python3.9 security update (MODERATE)

[3.9.19-8]

  • Security fix for CVE-2024-8088 Resolves: RHEL-55967

[3.9.19-7]

  • Security fix for CVE-2024-6923 Resolves: RHEL-53045

[3.9.19-6]

  • Ensure 3rd party extension modules for the debug build use the -O0 flag

[3.9.19-5]

  • Properly propagate the optimization flags to C extensions

[3.9.19-4]

[3.9.19-3]

  • Security fix for CVE-2024-4032 Resolves: RHEL-44107

[3.9.19-2]

  • Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40750

[3.9.19-1]

  • Update to 3.9.19
  • Security fixes for CVE-2023-6597 and CVE-2024-0450
  • Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33679, RHEL-33691

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

python-unversioned-command

3.9.19-8.el9

python3

3.9.19-8.el9

python3-debug

3.9.19-8.el9

python3-devel

3.9.19-8.el9

python3-idle

3.9.19-8.el9

python3-libs

3.9.19-8.el9

python3-test

3.9.19-8.el9

python3-tkinter

3.9.19-8.el9

Oracle Linux x86_64

python-unversioned-command

3.9.19-8.el9

python3

3.9.19-8.el9

python3-debug

3.9.19-8.el9

python3-devel

3.9.19-8.el9

python3-idle

3.9.19-8.el9

python3-libs

3.9.19-8.el9

python3-test

3.9.19-8.el9

python3-tkinter

3.9.19-8.el9

Связанные CVE

CVE-2024-8088

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2024-8088

ubuntu
10 месяцев назад

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

redhat логотип

CVE-2024-8088

CVSS3: 5.3
redhat
10 месяцев назад

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

nvd логотип

CVE-2024-8088

nvd
10 месяцев назад

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

msrc логотип

CVE-2024-8088

msrc
9 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-8088

debian
10 месяцев назад

There is a HIGH severity vulnerability affecting the CPython "zipfile" ...