ELSA-2025-23342

Опубликовано: 18 дек. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-23342: python3.9 security update (MODERATE)

[3.9.25-2.0.1]

Remove upstream URL reference

[3.9.25-2]

Move _sysconfigdata_d_linux*.py to the debug subpackage

[3.9.25-1]

Update to Python 3.9.25

[3.9.24-1]

Update to Python 3.9.24

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

python-unversioned-command

3.9.25-2.0.1.el9_7

python3

3.9.25-2.0.1.el9_7

python3-debug

3.9.25-2.0.1.el9_7

python3-devel

3.9.25-2.0.1.el9_7

python3-idle

3.9.25-2.0.1.el9_7

python3-libs

3.9.25-2.0.1.el9_7

python3-test

3.9.25-2.0.1.el9_7

python3-tkinter

3.9.25-2.0.1.el9_7

Oracle Linux x86_64

python-unversioned-command

3.9.25-2.0.1.el9_7

python3

3.9.25-2.0.1.el9_7

python3-debug

3.9.25-2.0.1.el9_7

python3-devel

3.9.25-2.0.1.el9_7

python3-idle

3.9.25-2.0.1.el9_7

python3-libs

3.9.25-2.0.1.el9_7

python3-test

3.9.25-2.0.1.el9_7

python3-tkinter

3.9.25-2.0.1.el9_7

Связанные CVE

Ссылки на источники

Связанные уязвимости

RLSA-2025:23530

rocky

3 дня назад

Important: python39:3.9 security update

CVE-2024-5642

CVSS3: 6.5

ubuntu

больше 1 года назад

CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).

CVE-2024-5642

CVSS3: 2.7

redhat

больше 1 года назад

CVE-2024-5642

CVSS3: 6.5

nvd

больше 1 года назад

CVE-2024-5642

msrc

4 месяца назад

Buffer overread when using an empty list with SSLContext.set_npn_protocols()