Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:2280-1

Опубликовано: 02 июл. 2024
Источник: suse-cvrf

Описание

Security update for python39

This update for python39 fixes the following issues:

  • CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
  • CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)

Список пакетов

Container containers/python:3.9
libpython3_9-1_0-3.9.19-150300.4.46.1
python39-3.9.19-150300.4.46.1
python39-base-3.9.19-150300.4.46.1
python39-devel-3.9.19-150300.4.46.1
Image python_15_6
libpython3_9-1_0-3.9.19-150300.4.46.1
python39-3.9.19-150300.4.46.1
python39-base-3.9.19-150300.4.46.1
python39-devel-3.9.19-150300.4.46.1
SUSE Linux Enterprise Module for Legacy 15 SP5
libpython3_9-1_0-3.9.19-150300.4.46.1
python39-3.9.19-150300.4.46.1
python39-base-3.9.19-150300.4.46.1
python39-curses-3.9.19-150300.4.46.1
python39-dbm-3.9.19-150300.4.46.1
openSUSE Leap 15.5
libpython3_9-1_0-3.9.19-150300.4.46.1
libpython3_9-1_0-32bit-3.9.19-150300.4.46.1
python39-3.9.19-150300.4.46.1
python39-32bit-3.9.19-150300.4.46.1
python39-base-3.9.19-150300.4.46.1
python39-base-32bit-3.9.19-150300.4.46.1
python39-curses-3.9.19-150300.4.46.1
python39-dbm-3.9.19-150300.4.46.1
python39-devel-3.9.19-150300.4.46.1
python39-doc-3.9.19-150300.4.46.1
python39-doc-devhelp-3.9.19-150300.4.46.1
python39-idle-3.9.19-150300.4.46.1
python39-testsuite-3.9.19-150300.4.46.1
python39-tk-3.9.19-150300.4.46.1
python39-tools-3.9.19-150300.4.46.1
openSUSE Leap 15.6
libpython3_9-1_0-3.9.19-150300.4.46.1
libpython3_9-1_0-32bit-3.9.19-150300.4.46.1
python39-3.9.19-150300.4.46.1
python39-32bit-3.9.19-150300.4.46.1
python39-base-3.9.19-150300.4.46.1
python39-base-32bit-3.9.19-150300.4.46.1
python39-curses-3.9.19-150300.4.46.1
python39-dbm-3.9.19-150300.4.46.1
python39-devel-3.9.19-150300.4.46.1
python39-doc-3.9.19-150300.4.46.1
python39-doc-devhelp-3.9.19-150300.4.46.1
python39-idle-3.9.19-150300.4.46.1
python39-testsuite-3.9.19-150300.4.46.1
python39-tk-3.9.19-150300.4.46.1
python39-tools-3.9.19-150300.4.46.1

Ссылки

Описание

A defect was discovered in the Python "ssl" module where there is a memory race condition with the ssl.SSLContext methods "cert_store_stats()" and "get_ca_certs()". The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.

Затронутые продукты
Container containers/python:3.9:libpython3_9-1_0-3.9.19-150300.4.46.1
Container containers/python:3.9:python39-3.9.19-150300.4.46.1
Container containers/python:3.9:python39-base-3.9.19-150300.4.46.1
Container containers/python:3.9:python39-devel-3.9.19-150300.4.46.1
Ссылки

Описание

The "ipaddress" module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.

Затронутые продукты
Container containers/python:3.9:libpython3_9-1_0-3.9.19-150300.4.46.1
Container containers/python:3.9:python39-3.9.19-150300.4.46.1
Container containers/python:3.9:python39-base-3.9.19-150300.4.46.1
Container containers/python:3.9:python39-devel-3.9.19-150300.4.46.1
Ссылки