Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:7034

Опубликовано: 17 фев. 2026
Источник: rocky
Оценка: Moderate

Описание

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: tarfile module directory traversal (CVE-2007-4559)

  • python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
python39-cffix86_642.module+el8.10.0+1582+bc278001python39-cffi-1.14.3-2.module+el8.10.0+1582+bc278001.x86_64.rpm
python39-chardetnoarch19.module+el8.10.0+1582+bc278001python39-chardet-3.0.4-19.module+el8.10.0+1582+bc278001.noarch.rpm
python39-mod_wsgix86_647.module+el8.10.0+1582+bc278001python39-mod_wsgi-4.7.1-7.module+el8.10.0+1582+bc278001.x86_64.rpm
python39-mod_wsgix86_647.module+el8.10.0+1860+afcc1c71python39-mod_wsgi-4.7.1-7.module+el8.10.0+1860+afcc1c71.x86_64.rpm
python39-numpyx86_643.module+el8.10.0+1582+bc278001python39-numpy-1.19.4-3.module+el8.10.0+1582+bc278001.x86_64.rpm
python39-numpy-docnoarch3.module+el8.10.0+1582+bc278001python39-numpy-doc-1.19.4-3.module+el8.10.0+1582+bc278001.noarch.rpm
python39-numpy-f2pyx86_643.module+el8.10.0+1582+bc278001python39-numpy-f2py-1.19.4-3.module+el8.10.0+1582+bc278001.x86_64.rpm
python39-plynoarch10.module+el8.10.0+1582+bc278001python39-ply-3.11-10.module+el8.10.0+1582+bc278001.noarch.rpm
python39-pycparsernoarch3.module+el8.10.0+1582+bc278001python39-pycparser-2.20-3.module+el8.10.0+1582+bc278001.noarch.rpm
python39-PyMySQLnoarch2.module+el8.10.0+1582+bc278001python39-PyMySQL-0.10.1-2.module+el8.10.0+1582+bc278001.noarch.rpm

Показывать по

Связанные CVE

CVE-2007-4559
CVE-2023-32681

Ссылки на источники

Исправления

Связанные уязвимости

rocky логотип

RLSA-2023:7050

rocky
около 1 месяца назад

Moderate: python38:3.8 and python38-devel:3.8 security update

oracle-oval логотип

ELSA-2023-7050

oracle-oval
больше 2 лет назад

ELSA-2023-7050: python38:3.8 and python38-devel:3.8 security update (MODERATE)

oracle-oval логотип

ELSA-2023-7034

oracle-oval
больше 2 лет назад

ELSA-2023-7034: python39:3.9 and python39-devel:3.9 security update (MODERATE)

ubuntu логотип

CVE-2023-32681

CVSS3: 6.1
ubuntu
почти 3 года назад

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.

redhat логотип

CVE-2023-32681

CVSS3: 6.1
redhat
почти 3 года назад

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.