Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 924
SUSE-SU-2023:3804-1
Security update for python3
SUSE-SU-2023:3731-1
Security update for python36
SUSE-SU-2023:3730-1
Security update for python
SUSE-SU-2023:3708-1
Security update for python39
RLSA-2023:3585
Important: python3.11 security update
RLSA-2023:3595
Important: python3.9 security update
RLSA-2023:3781
Important: python38:3.8 and python38-devel:3.8 security update
RLSA-2023:3594
Important: python3.11 security update
RLSA-2023:3811
Important: python39:3.9 and python39-devel:3.9 security update
GHSA-4j9r-82g6-9mj3
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | SUSE-SU-2023:3804-1 Security update for python3 | 1% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:3731-1 Security update for python36 | 1% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:3730-1 Security update for python | 1% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:3708-1 Security update for python39 | 1% Низкий | больше 2 лет назад | |
 | RLSA-2023:3585 Important: python3.11 security update | 2% Низкий | больше 2 лет назад | |
| RLSA-2023:3595 Important: python3.9 security update | 2% Низкий | больше 2 лет назад | |
| RLSA-2023:3781 Important: python38:3.8 and python38-devel:3.8 security update | 2% Низкий | больше 2 лет назад | |
| RLSA-2023:3594 Important: python3.11 security update | 2% Низкий | больше 2 лет назад | |
| RLSA-2023:3811 Important: python39:3.9 and python39-devel:3.9 security update | 2% Низкий | больше 2 лет назад | |
| GHSA-4j9r-82g6-9mj3 An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
Уязвимостей на страницу