Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 870
SUSE-SU-2024:0436-1
Security update for python36
SUSE-SU-2024:0329-1
Security update for python
RLSA-2024:0256
Moderate: python3 security update
GHSA-4wxh-fpjf-c8wf
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).
CVE-2023-6507
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).
CVE-2023-6507
An issue was found in CPython 3.12.0 `subprocess` module on POSIX plat ...
CVE-2023-6507
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).
CVE-2023-6507
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).
BDU:2024-08865
Уязвимость модуля subprocess интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2024-02120
Уязвимость интерпретатора языка программирования Python, связанная с ошибками при обработке символических ссылок, позволяющая нарушителю повысить свои привилегии
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | SUSE-SU-2024:0436-1 Security update for python36 | 0% Низкий | больше 1 года назад | |
| SUSE-SU-2024:0329-1 Security update for python | 0% Низкий | больше 1 года назад | |
 | RLSA-2024:0256 Moderate: python3 security update | 0% Низкий | больше 1 года назад | |
| GHSA-4wxh-fpjf-c8wf An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
 | CVE-2023-6507 An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
| CVE-2023-6507 An issue was found in CPython 3.12.0 `subprocess` module on POSIX plat ... | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
 | CVE-2023-6507 An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
 | CVE-2023-6507 An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
 | BDU:2024-08865 Уязвимость модуля subprocess интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
| BDU:2024-02120 Уязвимость интерпретатора языка программирования Python, связанная с ошибками при обработке символических ссылок, позволяющая нарушителю повысить свои привилегии | CVSS3: 8.4 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу