Описание
Moderate: python27:2.7 security update
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.
Security Fix(es):
-
pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)
-
python: use after free in heappushpop() of heapq module (CVE-2022-48560)
-
python: XML External Entity in XML processing plistlib module (CVE-2022-48565)
-
python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)
-
jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 2158559
- Red Hat - 2240059
- Red Hat - 2242493
- Red Hat - 2249755
- Red Hat - 2257854
Связанные уязвимости
ELSA-2024-2985: python39:3.9 and python39-devel:3.9 security update (MODERATE)
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.