CVE-2023-6597

Опубликовано: 19 мар. 2024

Источник: ubuntu

Приоритет: medium

CVSS3: 7.8

Описание

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Релиз	Статус	Примечание
devel	DNE
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	code not present
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/bionic	not-affected	code not present
esm-infra/xenial	not-affected	code not present
focal	not-affected	code not present
jammy	not-affected	code not present
mantic	DNE
noble	DNE

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-infra/focal	DNE
focal	DNE
jammy	released	3.10.12-1~22.04.4
mantic	DNE
noble	DNE
oracular	DNE
plucky	DNE
questing	DNE
upstream	released	3.10.14

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-apps/jammy	released	3.11.0~rc1-1~22.04.1~esm1
esm-infra/focal	DNE
focal	DNE
jammy	needed
mantic	released	3.11.6-3ubuntu0.1
noble	DNE
oracular	DNE
plucky	DNE
questing	DNE

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-infra/focal	DNE
focal	DNE
jammy	DNE
mantic	released	3.12.0-1ubuntu0.1
noble	not-affected	3.12.3-1
oracular	not-affected	3.12.4-1ubuntu1
plucky	DNE
questing	DNE
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-infra-legacy/trusty	needs-triage
esm-infra/focal	DNE
focal	DNE
jammy	DNE
mantic	DNE
noble	DNE
oracular	DNE
plucky	DNE
questing	DNE

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/focal	DNE
esm-infra/xenial	released	3.5.2-2ubuntu0~16.04.13+esm13
focal	DNE
jammy	DNE
mantic	DNE
noble	DNE
oracular	DNE
plucky	DNE

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-infra/bionic	not-affected	code not present
esm-infra/focal	DNE
focal	DNE
jammy	DNE
mantic	DNE
noble	DNE
oracular	DNE
plucky	DNE
questing	DNE

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-apps/bionic	released	3.7.5-2ubuntu1~18.04.2+esm3
esm-infra/focal	DNE
focal	DNE
jammy	DNE
mantic	DNE
noble	DNE
oracular	DNE
plucky	DNE
questing	DNE

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-apps/bionic	released	3.8.0-3ubuntu1~18.04.2+esm2
esm-infra/focal	released	3.8.10-0ubuntu1~20.04.10
focal	released	3.8.10-0ubuntu1~20.04.10
jammy	DNE
mantic	DNE
noble	DNE
oracular	DNE
plucky	DNE
questing	DNE

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-apps/focal	released	3.9.5-3ubuntu0~20.04.1+esm2
focal	ignored	end of standard support, was needed
jammy	DNE
mantic	DNE
noble	DNE
oracular	DNE
plucky	DNE
questing	DNE
upstream	released	3.9.19

Показывать по

Ссылки на источники

7.8 High

CVSS3

Связанные уязвимости

CVE-2023-6597

CVSS3: 7.8

redhat

почти 2 года назад

An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

CVE-2023-6597

CVSS3: 7.8

nvd

почти 2 года назад

CVE-2023-6597

CVSS3: 7.8

msrc

больше 1 года назад

Описание отсутствует

CVE-2023-6597

CVSS3: 7.8

debian

почти 2 года назад

An issue was found in the CPython `tempfile.TemporaryDirectory` class ...

SUSE-SU-2024:0850-1

suse-cvrf

почти 2 года назад

Security update for python3

7.8 High

CVSS3

CVE-2023-6597

Описание

Пакет python2.7

Пакет python3.10

Пакет python3.11

Пакет python3.12

Пакет python3.4

Пакет python3.5

Пакет python3.6

Пакет python3.7

Пакет python3.8

Пакет python3.9

Ссылки на источники

Связанные уязвимости