Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora 41: FEDORA-2024-cae0bcc133 critical: python3.10 security fix

fedora
Calendar Grey December 14, 2024
Dist Fedora Esm H88
Python 3.10.16 release improves safety features and guarantees correct string formatting in code. Upgrade securely today!
Python 3.10.16 security release

Summary

Python 3.10 is an accessible, high-level, dynamically typed, interpreted

programming language, designed with an emphasis on code readability.

It includes an extensive standard library, and has a vast ecosystem of

third-party libraries.

The python3.10 package provides the "python3.10" executable: the reference

interpreter for the Python language, version 3.

The majority of its standard library is provided in the python3.10-libs package,

which should be installed automatically along with python3.10.

The remaining parts of the Python standard library are broken out into the

python3.10-tkinter and python3.10-test packages, which may need to be installed

separately.

Documentation for Python is provided in the python3.10-docs package.

Packages containing additional libraries for Python are generally named with

the "python3.10-" prefix.

Update Information:

Python 3.10.16 security release. Security content in this release gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. CVE-2024-9287: gh-124651: Properly quote template strings in venv activation scripts. gh-103848: Added checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format.

Topics%20covered

Topics Covered

security advisory Fedora security release python3.10 CVE-2024-9287 IPv4-mapped activation scripts

Change Log

* Wed Dec 4 2024 Charalampos Stratakis - 3.10.16-1 - Update to 3.10.16 - Security fix for CVE-2024-9287 Resolves: rhbz#2321654 * Wed Sep 11 2024 Miro Hrončok - 3.10.15-2 - Fix ThreadedVSOCKSocketStreamTest

References


[ 1 ] Bug #2321654 - CVE-2024-9287 python3.10: Virtual environment (venv) activation scripts don't quote paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2321654

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-cae0bcc133' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python3.10
Product: Fedora 41
Version: 3.10.16
Release: 1.fc41
URL: https://www.python.org/
Summary: Version 3.10 of the Python interpreter

Topics%20covered

Topics Covered

security advisory Fedora security release python3.10 CVE-2024-9287 IPv4-mapped activation scripts

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here