Stay Vigilant with Timely Linux Security Advisories

security advisorysoftware updatemoderate severity

Oracle Linux 8 ELSA-2024-8359: Moderate python Security Update

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-8359 http://linux.oracle.com/errata/ELSA-2024-8359.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: python39-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-cffi-1.14.3-2.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-chardet-3.0.4-19.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-cryptography-3.3.1-3.0.1.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-debug-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-devel-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-idle-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-idna-2.10-4.module+el8.10.0+90341+71ca88f4.noarch.rpm python39-libs-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-lxml-4.6.5-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-mod_wsgi-4.7.1-7.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-numpy-1.19.4-3.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-numpy-doc-1.19.4-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-numpy-f2py-1.19.4-3.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-pip-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-pip-wheel-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-ply-3.11-10.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-psutil-5.8.0-4.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-psycopg2-2.8.6-3.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-psycopg2-doc-2.8.6-3.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-psycopg2-tests-2.8.6-3.module+el8.10.0+90269+2fa22b99.x86_64.rpm python39-pycparser-2.20-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-PyMySQL-0.10.1-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pysocks-1.7.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pyyaml-5.4.1-1.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-requests-2.25.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-rpm-macros-3.9.20-1.module+el8.10.0+90419+54594e05.noarch.rpm python39-scipy-1.5.4-5.module+el8.9.0+90016+9c2d6573.x86_64.rpm python39-setuptools-50.3.2-6.module+el8.10.0+90395+b6c4aad1.noarch.rpm python39-setuptools-wheel-50.3.2-6.module+el8.10.0+90395+b6c4aad1.noarch.rpm python39-six-1.15.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-test-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-tkinter-3.9.20-1.module+el8.10.0+90419+54594e05.x86_64.rpm python39-toml-0.10.1-5.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-urllib3-1.25.10-5.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-wheel-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm aarch64: python39-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-cffi-1.14.3-2.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-chardet-3.0.4-19.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-cryptography-3.3.1-3.0.1.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-debug-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-devel-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-idle-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-idna-2.10-4.module+el8.10.0+90341+71ca88f4.noarch.rpm python39-libs-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-lxml-4.6.5-1.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-mod_wsgi-4.7.1-7.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-numpy-1.19.4-3.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-numpy-doc-1.19.4-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-numpy-f2py-1.19.4-3.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-pip-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-pip-wheel-20.2.4-9.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-ply-3.11-10.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-psutil-5.8.0-4.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-psycopg2-2.8.6-3.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-psycopg2-doc-2.8.6-3.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-psycopg2-tests-2.8.6-3.module+el8.10.0+90269+2fa22b99.aarch64.rpm python39-pycparser-2.20-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-PyMySQL-0.10.1-2.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pysocks-1.7.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-pyyaml-5.4.1-1.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-requests-2.25.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-rpm-macros-3.9.20-1.module+el8.10.0+90419+54594e05.noarch.rpm python39-scipy-1.5.4-5.module+el8.9.0+90016+9c2d6573.aarch64.rpm python39-setuptools-50.3.2-6.module+el8.10.0+90395+b6c4aad1.noarch.rpm python39-setuptools-wheel-50.3.2-6.module+el8.10.0+90395+b6c4aad1.noarch.rpm python39-six-1.15.0-3.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-test-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-tkinter-3.9.20-1.module+el8.10.0+90419+54594e05.aarch64.rpm python39-toml-0.10.1-5.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-urllib3-1.25.10-5.module+el8.10.0+90269+2fa22b99.noarch.rpm python39-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm python39-wheel-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//mod_wsgi-4.7.1-7.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//numpy-1.19.4-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python39-3.9.20-1.module+el8.10.0+90419+54594e05.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python3x-pip-20.2.4-9.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python3x-setuptools-50.3.2-6.module+el8.10.0+90395+b6c4aad1.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python3x-six-1.15.0-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-cffi-1.14.3-2.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-chardet-3.0.4-19.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-cryptography-3.3.1-3.0.1.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-idna-2.10-4.module+el8.10.0+90341+71ca88f4.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-lxml-4.6.5-1.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-ply-3.11-10.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-psutil-5.8.0-4.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-psycopg2-2.8.6-3.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-pycparser-2.20-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-PyMySQL-0.10.1-2.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-pysocks-1.7.1-4.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-requests-2.25.0-3.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-toml-0.10.1-5.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-urllib3-1.25.10-5.module+el8.10.0+90269+2fa22b99.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//python-wheel-0.35.1-4.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//PyYAML-5.4.1-1.module+el8.9.0+90016+9c2d6573.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//scipy-1.5.4-5.module+el8.9.0+90016+9c2d6573.src.rpm Related CVEs: CVE-2024-6232 Description of changes: mod_wsgi numpy python39 [3.9.20-1] - Update to 3.9.20 Resolves: RHEL-60007 python3x-pip python3x-setuptools python3x-six python-cffi python-chardet python-cryptography python-idna python-lxml python-ply python-psutil python-psycopg2 python-pycparser python-PyMySQL python-pysocks python-requests python-toml python-urllib3 python-wheel PyYAML scipy _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8 brings essential updates for python39 and its libraries, focusing on major enhancements, bug fixes, and security improvements that strengthen system integrity. Oracle Linux, Python updates, Security advisory updates. . LinuxSecurity.com Team

Oct 25, 2024 Oracle

security advisorygcc updatepython security

SUSE: Recommended Updates for Crypto-Policies, GCC, Python Security

The container sles-15-sp5-chost-byos-v20231213-arm64 was updated. The following patches have been included in this update:. SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20231213-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:873-1 Image Tags : sles-15-sp5-chost-byos-v20231213-arm64:20231213 Image Release : Severity : important Type : security References : 1041742 1111622 1170175 1176785 1184753 1199282 1200528 1203760 1206480 1206667 1206684 1207325 1209998 1210286 1210557 1210660 1211427 1212101 1212418 1212422 1212759 1213639 1213915 1214052 1214460 1214546 1214572 1215427 1215947 1215979 1216091 1216377 1216410 1216419 1216576 1216664 1216862 1217212 1217215 1217573 1217574 CVE-2022-1996 CVE-2022-40897 CVE-2023-2137 CVE-2023-22745 CVE-2023-38470 CVE-2023-38473 CVE-2023-4039 CVE-2023-45803 CVE-2023-46218 CVE-2023-46219 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20231213-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:526-1 Released: Mon Feb 27 13:52:39 2023 Summary: Security update for tpm2-0-tss Type: security Severity: moderate References: 1207325,CVE-2023-22745 This update for tpm2-0-tss fixes the following issues: - CVE-2023-22745: Fixed a memory safety issue that could be exploited by local attackers with TPM access (bsc#1207325). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4450-1 Released: Wed Nov 15 10:55:20 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1209998 This update for crypto-policies fixes thefollowing issues: - Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands (jsc#PED-5041) - Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby and add a note for transactional systems - Ship the man pages for fips-mode-setup and fips-finish-install - Make the supported versions change in the update-crypto-policies(8) man page persistent (bsc#1209998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) -Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the samebuild. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4460-1 Released: Thu Nov 16 15:00:20 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4503-1 Released: Tue Nov 21 13:25:12 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947). - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4517-1 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4534-1 Released: Thu Nov 23 08:13:57 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypperfixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4610-1 Released: Wed Nov 29 14:04:12 2023 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1212418,1212759,1214546,1214572 This update for google-guest-configs fixes the following issues: - Update to version 20230808.00 (bsc#1214546, bsc#1214572, bsc#1212418, bsc#1212759) - Replace xxd with dd for google_nvme_id - Setup irq binding for a3 8g vm - dracut: Add a new dracut module for gcpudev rules - src/lib/udev: only create symlinks for GCP devices - Set hostname: consider fully qualified static hostname - Support multiple local SSD controllers - Update OWNERS file - DHCP hostname: don't reset hostname if the hostname hasn't changed ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4620-1 Released: Thu Nov 30 11:13:43 2023 Summary: Recommended update for libhugetlbfs Type: recommended Severity: moderate References: 1213639,1216576 This update for libhugetlbfs fixes the following issue: - Add patch for upstream issue (bsc#1216576, bsc#1213639) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4659-1 Released: Wed Dec 6 13:04:57 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,1217574,CVE-2023-46218,CVE-2023-46219 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). - CVE-2023-46219: HSTS long file name clears contents (bsc#1217574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license toGPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 The following package changes have been done: - containerd-ctr-1.7.8-150000.103.1 updated - containerd-1.7.8-150000.103.1 updated - crypto-policies-20210917.c9d86d1-150400.3.6.1 updated - curl-8.0.1-150400.5.36.1 updated - dracut-055+suse.375.g1167ed75-150500.3.15.1 updated - google-guest-configs-20230808.00-150400.13.6.1 updated - gpg2-2.2.27-150300.3.8.1 updated - grub2-i386-pc-2.06-150500.29.11.1 updated - grub2-x86_64-efi-2.06-150500.29.11.1 updated - grub2-2.06-150500.29.11.1 updated - kernel-default-5.14.21-150500.55.39.1 updated - libavahi-client3-0.8-150400.7.10.1 updated - libavahi-common3-0.8-150400.7.10.1 updated - libcurl4-8.0.1-150400.5.36.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 updated - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libhugetlbfs-2.20-150000.3.8.1 updated - libopeniscsiusr0-0.2.0-150500.46.3.1 updated - libopenssl1_1-1.1.1l-150500.17.22.1 updated - libp11-kit0-0.23.22-150500.8.3.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libtss2-esys0-3.1.0-150400.3.3.1 added - libtss2-fapi1-3.1.0-150400.3.3.1 added - libtss2-mu0-3.1.0-150400.3.3.1 added - libtss2-rc0-3.1.0-150400.3.3.1 added - libtss2-sys1-3.1.0-150400.3.3.1 added - libtss2-tctildr0-3.1.0-150400.3.3.1 added - libxml2-2-2.10.3-150500.5.11.1 updated - libzypp-17.31.22-150400.3.43.1 updated -nvme-cli-2.4+31.gf7ec09-150500.4.12.1 updated - open-iscsi-2.1.9-150500.46.3.1 updated - openssl-1_1-1.1.1l-150500.17.22.1 updated - p11-kit-tools-0.23.22-150500.8.3.1 updated - p11-kit-0.23.22-150500.8.3.1 updated - python3-requests-2.25.1-150300.3.6.1 updated - python3-setuptools-44.1.1-150400.9.6.1 updated - python3-urllib3-1.25.10-150300.4.9.1 updated - rsyslog-module-relp-8.2306.0-150400.5.21.1 updated - rsyslog-8.2306.0-150400.5.21.1 updated - runc-1.1.10-150000.55.1 updated - samba-client-libs-4.17.12+git.427.2619dc0bed-150500.3.14.1 updated - suse-build-key-12.0-150000.8.37.1 updated - suseconnect-ng-1.4.0~git0.b0f7c25bfdfa-150500.3.6.1 updated - system-group-hardware-20170617-150400.24.2.1 updated - system-group-kvm-20170617-150400.24.2.1 updated - system-group-wheel-20170617-150400.24.2.1 updated - system-user-nobody-20170617-150400.24.2.1 updated - tpm2.0-tools-5.2-150400.4.6 added - vim-data-common-9.0.2103-150500.20.6.1 updated - vim-9.0.2103-150500.20.6.1 updated - xen-libs-4.17.2_08-150500.3.15.1 updated - zypper-1.14.66-150400.3.35.1 updated . Recent SUSE security enhancements and advised updates addressing diverse packages and significant vulnerabilities.. SUSE Security Update,SUSE Advisory,SUSE Packages,Recommended Patches. . Severity: Important. LinuxSecurity.com Team

Dec 15, 2023 •Important SuSE

security advisorysecurity updateimportant

RHEL 8: RHSA-2023-5463-01 Important: Python3.11 TLS Handshake Issue

An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: python3.11 security update Advisory ID: RHSA-2023:5463-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:5463 Issue date: 2023-10-05 CVE Names: CVE-2023-40217 ===================================================================== 1. Summary: An update for python3.11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: TLS handshake bypass (CVE-2023-40217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 2235789 - CVE-2023-40217 python: TLS handshake bypass 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: python3.11-3.11.2-2.el8_8.2.src.rpm aarch64: python3.11-3.11.2-2.el8_8.2.aarch64.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.aarch64.rpm python3.11-debugsource-3.11.2-2.el8_8.2.aarch64.rpm python3.11-devel-3.11.2-2.el8_8.2.aarch64.rpm python3.11-libs-3.11.2-2.el8_8.2.aarch64.rpm python3.11-tkinter-3.11.2-2.el8_8.2.aarch64.rpm noarch: python3.11-rpm-macros-3.11.2-2.el8_8.2.noarch.rpm ppc64le: python3.11-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-debugsource-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-devel-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-libs-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-tkinter-3.11.2-2.el8_8.2.ppc64le.rpm s390x: python3.11-3.11.2-2.el8_8.2.s390x.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.s390x.rpm python3.11-debugsource-3.11.2-2.el8_8.2.s390x.rpm python3.11-devel-3.11.2-2.el8_8.2.s390x.rpm python3.11-libs-3.11.2-2.el8_8.2.s390x.rpm python3.11-tkinter-3.11.2-2.el8_8.2.s390x.rpm x86_64: python3.11-3.11.2-2.el8_8.2.x86_64.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.i686.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.x86_64.rpm python3.11-debugsource-3.11.2-2.el8_8.2.i686.rpm python3.11-debugsource-3.11.2-2.el8_8.2.x86_64.rpm python3.11-devel-3.11.2-2.el8_8.2.i686.rpm python3.11-devel-3.11.2-2.el8_8.2.x86_64.rpm python3.11-libs-3.11.2-2.el8_8.2.i686.rpm python3.11-libs-3.11.2-2.el8_8.2.x86_64.rpm python3.11-tkinter-3.11.2-2.el8_8.2.x86_64.rpm Red Hat Enterprise Linux CRB (v.8): aarch64: python3.11-debug-3.11.2-2.el8_8.2.aarch64.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.aarch64.rpm python3.11-debugsource-3.11.2-2.el8_8.2.aarch64.rpm python3.11-idle-3.11.2-2.el8_8.2.aarch64.rpm python3.11-test-3.11.2-2.el8_8.2.aarch64.rpm ppc64le: python3.11-debug-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-debugsource-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-idle-3.11.2-2.el8_8.2.ppc64le.rpm python3.11-test-3.11.2-2.el8_8.2.ppc64le.rpm s390x: python3.11-debug-3.11.2-2.el8_8.2.s390x.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.s390x.rpm python3.11-debugsource-3.11.2-2.el8_8.2.s390x.rpm python3.11-idle-3.11.2-2.el8_8.2.s390x.rpm python3.11-test-3.11.2-2.el8_8.2.s390x.rpm x86_64: python3.11-3.11.2-2.el8_8.2.i686.rpm python3.11-debug-3.11.2-2.el8_8.2.i686.rpm python3.11-debug-3.11.2-2.el8_8.2.x86_64.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.i686.rpm python3.11-debuginfo-3.11.2-2.el8_8.2.x86_64.rpm python3.11-debugsource-3.11.2-2.el8_8.2.i686.rpm python3.11-debugsource-3.11.2-2.el8_8.2.x86_64.rpm python3.11-idle-3.11.2-2.el8_8.2.i686.rpm python3.11-idle-3.11.2-2.el8_8.2.x86_64.rpm python3.11-test-3.11.2-2.el8_8.2.i686.rpm python3.11-test-3.11.2-2.el8_8.2.x86_64.rpm python3.11-tkinter-3.11.2-2.el8_8.2.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-40217 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJlHtXQAAoJENzjgjWX9erEOhsP/ReoNfsCP0hmC7S3cjL6i8Lj Ts3DyJiC3CXlMxxNUFkh27nnqSIRvSXxb/dEu/D7+zDDw7cpecXUqNA5pvikTDcj iAGVhLygOLtqzYuEqtX1BxOydIsP4jEK8e3PTs/TzgNmIhBqwoOWk/q7MCe84m1+ DMoK38WHWmpIQAuQy+icogCy3PLqXuvCzeKcQPYEiyoBfT9a6xJ5EiCEGsJzSOkx G5GoSfnLniUsBpWsXvz6bW9eJxSAmZ5Sv2UY4m0aHbTkEv/Tc+VBlR+wQoOQBIcy HHoXmhDSh8OzJejzyyupP6JB6R7NqKfEg/LG7xuD6k3c4nBYAPcvcyl/fijSAmw4 qs8S4Waeee50T8cODB5PSwkSZwVhfCuF3o9OpciXRbWwO/4cGgM2p7vFfeH57cGT hbFkXGA/4B3kVZChLuFQH/TpBtDH2VDCDlo5ct9hszZSkU9HuXkClVxscUWVB6VK UkTxgKaK6tzuQwJaWq+xXif3jGULtDbqCbWVKPb/Omp4nFlMYDwJBaW5gLkzwAK/ DcD9uTOv1HosLlTT9aj6pbb70Bu5JMyEmSla7pzFCStbgh6EFIodhnF1i3GrNrZd RODlCuY3h5YXGpzMNxjTzFvkyWMbnlvpdDi8mzTIHi0z22Jd9BcNLNd27Q5HOraT 48GSuHvaS3JTTfyBwjlE =uuGk -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial security patch released for python3.11 on RHEL8 targeting vulnerabilities in TLS handshake that could be exploited.. Python Security Update, Red Hat Advisory, TLS Handshake Issue, RHEL Update, Important Python Fix. . Severity: Important. LinuxSecurity.com Team

Oct 05, 2023 •Important Red Hat

security advisorysoftware updatered hat enterprise linux

Red Hat Enterprise Linux 8.6 RHSA-2023:4032 Important: Python38 URL Bypass

An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: python38:3.8 and python38-devel:3.8 security update Advisory ID: RHSA-2023:4032-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4032 Issue date: 2023-07-12 CVE Names: CVE-2023-24329 ==================================================================== 1. Summary: An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v.8.6) - noarch Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update,which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.8.6): Source: Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.src.rpm PyYAML-5.4.1-1.module+el8.5.0+10721+14d8e0d5.src.rpm babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.src.rpm mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.src.rpm numpy-1.17.3-6.module+el8.5.0+12205+a865257a.src.rpm python-PyMySQL-0.10.1-1.module+el8.4.0+9692+8e86ab84.src.rpm python-asn1crypto-1.2.0-3.module+el8.4.0+8888+89bc7e79.src.rpm python-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.src.rpm python-chardet-3.0.4-19.module+el8.4.0+8888+89bc7e79.src.rpm python-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.src.rpm python-idna-2.8-6.module+el8.4.0+8888+89bc7e79.src.rpm python-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.src.rpm python-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.src.rpm python-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.src.rpm python-ply-3.11-10.module+el8.4.0+9579+e9717e18.src.rpm python-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.src.rpm python-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.src.rpm python-pycparser-2.19-3.module+el8.4.0+8888+89bc7e79.src.rpm python-pysocks-1.7.1-4.module+el8.4.0+8888+89bc7e79.src.rpm python-requests-2.22.0-9.module+el8.4.0+8888+89bc7e79.src.rpm python-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.src.rpm python-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.src.rpm python38-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.src.rpm python3x-pip-19.3.1-5.module+el8.6.0+13002+70cfc74a.src.rpm python3x-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a.src.rpm python3x-six-1.12.0-10.module+el8.4.0+8888+89bc7e79.src.rpm pytz-2019.3-3.module+el8.4.0+8888+89bc7e79.src.rpm scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.src.rpm aarch64: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.aarch64.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-debug-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.aarch64.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.aarch64.rpm python38-debugsource-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.aarch64.rpm python38-devel-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.aarch64.rpm python38-idle-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.aarch64.rpm python38-libs-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.aarch64.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-test-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.aarch64.rpm python38-tkinter-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.aarch64.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm noarch: python38-PyMySQL-0.10.1-1.module+el8.4.0+9692+8e86ab84.noarch.rpm python38-asn1crypto-1.2.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.noarch.rpm python38-chardet-3.0.4-19.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-idna-2.8-6.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.noarch.rpm python38-numpy-doc-1.17.3-6.module+el8.5.0+12205+a865257a.noarch.rpm python38-pip-19.3.1-5.module+el8.6.0+13002+70cfc74a.noarch.rpm python38-pip-wheel-19.3.1-5.module+el8.6.0+13002+70cfc74a.noarch.rpm python38-ply-3.11-10.module+el8.4.0+9579+e9717e18.noarch.rpm python38-pycparser-2.19-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pysocks-1.7.1-4.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pytz-2019.3-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-requests-2.22.0-9.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-rpm-macros-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.noarch.rpm python38-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a.noarch.rpm python38-setuptools-wheel-41.6.0-5.module+el8.5.0+12205+a865257a.noarch.rpm python38-six-1.12.0-10.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.noarch.rpm python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm python38-wheel-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm ppc64le: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.ppc64le.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-debug-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.ppc64le.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.ppc64le.rpm python38-debugsource-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.ppc64le.rpm python38-devel-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.ppc64le.rpm python38-idle-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.ppc64le.rpm python38-libs-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.ppc64le.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-test-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.ppc64le.rpm python38-tkinter-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.ppc64le.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm s390x: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.s390x.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-debug-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.s390x.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.s390x.rpm python38-debugsource-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.s390x.rpm python38-devel-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.s390x.rpm python38-idle-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.s390x.rpm python38-libs-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.s390x.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-test-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.s390x.rpm python38-tkinter-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.s390x.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm x86_64: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.x86_64.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-debug-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.x86_64.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.x86_64.rpm python38-debugsource-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.x86_64.rpm python38-devel-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.x86_64.rpm python38-idle-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.x86_64.rpm python38-libs-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.x86_64.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-test-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.x86_64.rpm python38-tkinter-3.8.12-1.module+el8.6.0+19204+eee15c0a.2.x86_64.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm Red Hat CodeReady Linux Builder EUS(v.8.6): Source: pytest-4.6.6-3.module+el8.4.0+8888+89bc7e79.src.rpm python-atomicwrites-1.3.0-8.module+el8.4.0+8888+89bc7e79.src.rpm python-attrs-19.3.0-3.module+el8.4.0+8888+89bc7e79.src.rpm python-more-itertools-7.2.0-5.module+el8.4.0+8888+89bc7e79.src.rpm python-packaging-19.2-3.module+el8.4.0+8888+89bc7e79.src.rpm python-pluggy-0.13.0-3.module+el8.4.0+8888+89bc7e79.src.rpm python-py-1.8.0-8.module+el8.4.0+8888+89bc7e79.src.rpm python-wcwidth-0.1.7-16.module+el8.4.0+8888+89bc7e79.src.rpm python3x-pyparsing-2.4.5-3.module+el8.4.0+8888+89bc7e79.src.rpm noarch: python38-atomicwrites-1.3.0-8.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-attrs-19.3.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-more-itertools-7.2.0-5.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-packaging-19.2-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pluggy-0.13.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-py-1.8.0-8.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pyparsing-2.4.5-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pytest-4.6.6-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-wcwidth-0.1.7-16.module+el8.4.0+8888+89bc7e79.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkrqzgAAoJENzjgjWX9erEu/wP/i6MU+4cys3q6tLEm7H+nbPj DzFt8DCAjeF522u3murf/u8SxdQYo3zZGOAxI4vWYtCC3V/kTWvqAPFsf7QlNpXO Sp3V/CxgYT7EcrTssmlIsaPpDS/SINq4wKMwOlm6PC0Ri5O+ivJCWxeXrFLS7yZ7 /NVEfMUXGveaFGfLwYqUGKZvgumo0LcPH/quimRbiuW996BOReTj5FwZe8jC2jyj kQ3AxYQud7Z5l19OzdlZAI/tlbEuOHTiRA7GRYBfJtcjfpY/oTTjyG8BDuQ4lk1u zql7T4uTQ4/qD4A2zMOgO6V0X4Fv/KAGQIPRzHTkQZQaz8NOpZUKKHdCk5ChaOIa xh3sEE7mpQNzRPBKZVNIDBFAQgmSejgPFeGS2o+1qMu51gqBU67XtfNi2koJxNB/ oVvRA+gf/SzTgmhZ+WXZzCN75sJC9dQ6PJThW4y0Is7H6KyNKREG9EeAs5E8YozC bJlBSNn5QSb5dv23JggGfry0kc/tibTh7TDlDpbu+w0oCJ5vfJhEcPQWz/9rQLRb jnBMfzPwj+ukq2s6hWs8oeRP1XcGeEeil1dkt+pMMfLjzxohS61TumsIhqicdejT aXF0vqlClQj2YtdOfu/GRw+VMrRX/lOBF1y+stPbdQkkdJ1/HHOGGjGQcAE+EihS 8W7h7vFt7tD3jGkk3vFI =3VhL -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical patch has been released for python39 and python39-devel addressing a significant security vulnerability flagged by Red Hat.. Python Update, Red Hat Security, Important Update, Enterprise Security. . Severity: Important. LinuxSecurity.com Team

Jul 12, 2023 •Important Red Hat

security advisorymoderate severityDoS protection

openSUSE Leap 42.3: Security Advisory 2018:2712-1 Moderate: DoS

An update that solves two vulnerabilities and has two fixes is now available.. openSUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2712-1 Rating: moderate References: #1086001 #1088004 #1088009 #1107030 Cross-References: CVE-2018-1060 CVE-2018-1061 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for python3 provides the following fixes: These security issues were fixed: - CVE-2018-1061: Prevent catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could have used this flaw to cause denial of service (bsc#1088004). - CVE-2018-1060: Prevent catastrophic backtracking in pop3lib's apop() method. An attacker could have used this flaw to cause denial of service (bsc#1088009). These non-security issues were fixed: - Sort files and directories when creating tarfile archives so that they are created in a more predictable way. (bsc#1086001) - Add -fwrapv to OPTS (bsc#1107030) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1001=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): libpython3_4m1_0-3.4.6-12.6.1 libpython3_4m1_0-debuginfo-3.4.6-12.6.1 python3-3.4.6-12.6.1 python3-base-3.4.6-12.6.1 python3-base-debuginfo-3.4.6-12.6.1 python3-base-debugsource-3.4.6-12.6.1 python3-curses-3.4.6-12.6.1 python3-curses-debuginfo-3.4.6-12.6.1 python3-dbm-3.4.6-12.6.1 python3-dbm-debuginfo-3.4.6-12.6.1 python3-debuginfo-3.4.6-12.6.1 python3-debugsource-3.4.6-12.6.1 python3-devel-3.4.6-12.6.1 python3-devel-debuginfo-3.4.6-12.6.1 python3-idle-3.4.6-12.6.1 python3-testsuite-3.4.6-12.6.1 python3-testsuite-debuginfo-3.4.6-12.6.1 python3-tk-3.4.6-12.6.1 python3-tk-debuginfo-3.4.6-12.6.1 python3-tools-3.4.6-12.6.1 - openSUSE Leap 42.3 (x86_64): libpython3_4m1_0-32bit-3.4.6-12.6.1 libpython3_4m1_0-debuginfo-32bit-3.4.6-12.6.1 python3-32bit-3.4.6-12.6.1 python3-base-32bit-3.4.6-12.6.1 python3-base-debuginfo-32bit-3.4.6-12.6.1 python3-debuginfo-32bit-3.4.6-12.6.1 - openSUSE Leap 42.3 (noarch): python3-doc-3.4.6-12.6.1 python3-doc-pdf-3.4.6-12.6.1 References: https://www.suse.com/security/cve/CVE-2018-1060.html https://www.suse.com/security/cve/CVE-2018-1061.html https://bugzilla.suse.com/1086001 https://bugzilla.suse.com/1088004 https://bugzilla.suse.com/1088009 https://bugzilla.suse.com/1107030 -- . An updated version of Arch Linux for python3 resolves significant vulnerabilities and introduces improvements to bolster overall system safety and reliability.. openSUSE Update, Python DoS Fix, System Security Patch. . LinuxSecurity.com Team

Sep 14, 2018 OpenSUSE

security advisorymoderateupdate

Red Hat 7: RHSA-2015:2101-01 Moderate: Fix for Python Memory Issues

Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: python security, bug fix, and enhancement update Advisory ID: RHSA-2015:2101-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:2101.html Issue date: 2015-11-19 CVE Names: CVE-2013-1752 CVE-2013-1753 CVE-2014-4616 CVE-2014-4650 CVE-2014-7185 ==================================================================== 1. Summary: Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Pythonsupports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to theKnowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs: * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an "Invalid argument" error. Subprocesses have been fixed to close the file descriptorsonly once. (BZ#1103452) * When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301) * The cProfile utility has been fixed to print all values that the "-s" option supports when this option is used without a correct value. (BZ#1237107) * The load_cert_chain() function now accepts "None" as a keyfile argument. (BZ#1250611) In addition, this update adds the following enhancements: * Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more. (BZ#1111461) * Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015) * The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421) All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1046170 - CVE-2013-1753 python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding 1046174 - CVE-2013-1752 python: multiple unbound readline() DoS flaws in python stdlib 1058482 - tmpwatch removes pythonmultiprocessing sockets 1112285 - CVE-2014-4616 python: missing boundary check in JSON module 1113527 - CVE-2014-4650 python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs 1146026 - CVE-2014-7185 python: buffer() integer overflow leading to out of bounds read 1173041 - CVE-2014-9365 python: failure to validate certificates in the HTTP client with TLS (PEP 476) 1177613 - setup.py bdist_rpm NameError: global name 'get_python_version' is not defined 1181624 - multiprocessing BaseManager serve_client() does not check EINTR on recv 1237107 - cProfile main() traceback if options syntax is invalid 1250611 - SSLContext.load_cert_chain() keyfile argument can't be set to None 1259421 - Backport SSLSocket.version() to python 2.7.5 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: python-2.7.5-34.el7.src.rpm x86_64: python-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.i686.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-libs-2.7.5-34.el7.i686.rpm python-libs-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: python-debug-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-devel-2.7.5-34.el7.x86_64.rpm python-test-2.7.5-34.el7.x86_64.rpm python-tools-2.7.5-34.el7.x86_64.rpm tkinter-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: python-2.7.5-34.el7.src.rpm x86_64: python-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.i686.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-devel-2.7.5-34.el7.x86_64.rpm python-libs-2.7.5-34.el7.i686.rpm python-libs-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: python-debug-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-test-2.7.5-34.el7.x86_64.rpm python-tools-2.7.5-34.el7.x86_64.rpm tkinter-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: python-2.7.5-34.el7.src.rpm aarch64: python-2.7.5-34.el7.aarch64.rpm python-debuginfo-2.7.5-34.el7.aarch64.rpm python-devel-2.7.5-34.el7.aarch64.rpm python-libs-2.7.5-34.el7.aarch64.rpm ppc64: python-2.7.5-34.el7.ppc64.rpm python-debuginfo-2.7.5-34.el7.ppc.rpm python-debuginfo-2.7.5-34.el7.ppc64.rpm python-devel-2.7.5-34.el7.ppc64.rpm python-libs-2.7.5-34.el7.ppc.rpm python-libs-2.7.5-34.el7.ppc64.rpm ppc64le: python-2.7.5-34.el7.ppc64le.rpm python-debuginfo-2.7.5-34.el7.ppc64le.rpm python-devel-2.7.5-34.el7.ppc64le.rpm python-libs-2.7.5-34.el7.ppc64le.rpm s390x: python-2.7.5-34.el7.s390x.rpm python-debuginfo-2.7.5-34.el7.s390.rpm python-debuginfo-2.7.5-34.el7.s390x.rpm python-devel-2.7.5-34.el7.s390x.rpm python-libs-2.7.5-34.el7.s390.rpm python-libs-2.7.5-34.el7.s390x.rpm x86_64: python-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.i686.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-devel-2.7.5-34.el7.x86_64.rpm python-libs-2.7.5-34.el7.i686.rpm python-libs-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: python-debug-2.7.5-34.el7.aarch64.rpm python-debuginfo-2.7.5-34.el7.aarch64.rpm python-test-2.7.5-34.el7.aarch64.rpm python-tools-2.7.5-34.el7.aarch64.rpm tkinter-2.7.5-34.el7.aarch64.rpm ppc64: python-debug-2.7.5-34.el7.ppc64.rpm python-debuginfo-2.7.5-34.el7.ppc64.rpm python-test-2.7.5-34.el7.ppc64.rpm python-tools-2.7.5-34.el7.ppc64.rpm tkinter-2.7.5-34.el7.ppc64.rpm ppc64le: python-debug-2.7.5-34.el7.ppc64le.rpm python-debuginfo-2.7.5-34.el7.ppc64le.rpm python-test-2.7.5-34.el7.ppc64le.rpm python-tools-2.7.5-34.el7.ppc64le.rpm tkinter-2.7.5-34.el7.ppc64le.rpm s390x: python-debug-2.7.5-34.el7.s390x.rpm python-debuginfo-2.7.5-34.el7.s390x.rpm python-test-2.7.5-34.el7.s390x.rpm python-tools-2.7.5-34.el7.s390x.rpm tkinter-2.7.5-34.el7.s390x.rpm x86_64: python-debug-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-test-2.7.5-34.el7.x86_64.rpm python-tools-2.7.5-34.el7.x86_64.rpm tkinter-2.7.5-34.el7.x86_64.rpm Red HatEnterprise Linux Workstation (v. 7): Source: python-2.7.5-34.el7.src.rpm x86_64: python-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.i686.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-devel-2.7.5-34.el7.x86_64.rpm python-libs-2.7.5-34.el7.i686.rpm python-libs-2.7.5-34.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: python-debug-2.7.5-34.el7.x86_64.rpm python-debuginfo-2.7.5-34.el7.x86_64.rpm python-test-2.7.5-34.el7.x86_64.rpm python-tools-2.7.5-34.el7.x86_64.rpm tkinter-2.7.5-34.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-1752 https://access.redhat.com/security/cve/CVE-2013-1753 https://access.redhat.com/security/cve/CVE-2014-4616 https://access.redhat.com/security/cve/CVE-2014-4650 https://access.redhat.com/security/cve/CVE-2014-7185 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/2039753 https://peps.python.org/pep-0466/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWTj/SXlSAg2UNWIIRAuXcAKCCJdw1P4H3y4fnhu6lXW2AcADYJgCfRO+v qMX3qLAXBobeDiPX4eN9Pxc=JQMw -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The advisory from Red Hat regarding Python packages tackles various vulnerabilities, resolutions for bugs, and improvements.. Python Security Update, Red Hat Security Advisory, Bug Fixes. . LinuxSecurity.com Team

Nov 19, 2015 Red Hat

security advisoryred hatbug fix

Red Hat: RHSA-2015-1064-01 Moderate Python27 Security Updates

Updated python27 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: python27 security, bug fix, and enhancement update Advisory ID: RHSA-2015:1064-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2015:1064.html Issue date: 2015-06-04 CVE Names: CVE-2013-1752 CVE-2013-1753 CVE-2014-1912 CVE-2014-4616 CVE-2014-4650 CVE-2014-7185 ==================================================================== 1. Summary: Updated python27 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language that supportsmodules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectorsfor MySQL and PostgreSQL. The python27-python packages have been upgraded to upstream version 2.7.8, which provides numerous bug fixes over the previous version. (BZ#1167912) The following security issues were fixed in the python27-python component: It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912) It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) The following security issue was fixed in the python27-python and python27-python-simplejson components: A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed toone of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) In addition, this update adds the following enhancement: * The python27 Software Collection now includes the python-wheel and python-pip modules. (BZ#994189, BZ#1167902) All python27 users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running python27 instances must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 994189 - Please create a python-pip build for the python 2.7 and 3.3 SCL environments on RHEL 6 1046170 - CVE-2013-1753 python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding 1046174 - CVE-2013-1752 python: multiple unbound readline() DoS flaws in python stdlib 1062370 - CVE-2014-1912 python: buffer overflow in socket.recvfrom_into() 1112285 - CVE-2014-4616 python: missing boundary check in JSON module 1113527 - CVE-2014-4650 python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs 1146026 - CVE-2014-7185 python: buffer() integer overflow leading to out of bounds read 1167912 - Update Python in python27 SCL to Python 2.7.8 1170993 - RPM macro rpm/macros.python2.python27 references non-existing /usr/lib/rpm/brp-scl-compress 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v.6): Source: python27-1.1-17.el6.src.rpm python27-python-2.7.8-3.el6.src.rpm python27-python-pip-1.5.6-5.el6.src.rpm python27-python-setuptools-0.9.8-3.el6.src.rpm python27-python-simplejson-3.2.0-2.el6.src.rpm python27-python-wheel-0.24.0-2.el6.src.rpm noarch: python27-python-pip-1.5.6-5.el6.noarch.rpm python27-python-setuptools-0.9.8-3.el6.noarch.rpm python27-python-wheel-0.24.0-2.el6.noarch.rpm x86_64: python27-1.1-17.el6.x86_64.rpm python27-python-2.7.8-3.el6.x86_64.rpm python27-python-debug-2.7.8-3.el6.x86_64.rpm python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm python27-python-devel-2.7.8-3.el6.x86_64.rpm python27-python-libs-2.7.8-3.el6.x86_64.rpm python27-python-simplejson-3.2.0-2.el6.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm python27-python-test-2.7.8-3.el6.x86_64.rpm python27-python-tools-2.7.8-3.el6.x86_64.rpm python27-runtime-1.1-17.el6.x86_64.rpm python27-scldevel-1.1-17.el6.x86_64.rpm python27-tkinter-2.7.8-3.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: python27-1.1-17.el6.src.rpm python27-python-2.7.8-3.el6.src.rpm python27-python-pip-1.5.6-5.el6.src.rpm python27-python-setuptools-0.9.8-3.el6.src.rpm python27-python-simplejson-3.2.0-2.el6.src.rpm python27-python-wheel-0.24.0-2.el6.src.rpm noarch: python27-python-pip-1.5.6-5.el6.noarch.rpm python27-python-setuptools-0.9.8-3.el6.noarch.rpm python27-python-wheel-0.24.0-2.el6.noarch.rpm x86_64: python27-1.1-17.el6.x86_64.rpm python27-python-2.7.8-3.el6.x86_64.rpm python27-python-debug-2.7.8-3.el6.x86_64.rpm python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm python27-python-devel-2.7.8-3.el6.x86_64.rpm python27-python-libs-2.7.8-3.el6.x86_64.rpm python27-python-simplejson-3.2.0-2.el6.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm python27-python-test-2.7.8-3.el6.x86_64.rpm python27-python-tools-2.7.8-3.el6.x86_64.rpm python27-runtime-1.1-17.el6.x86_64.rpm python27-scldevel-1.1-17.el6.x86_64.rpm python27-tkinter-2.7.8-3.el6.x86_64.rpm RedHat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: python27-1.1-17.el6.src.rpm python27-python-2.7.8-3.el6.src.rpm python27-python-pip-1.5.6-5.el6.src.rpm python27-python-setuptools-0.9.8-3.el6.src.rpm python27-python-simplejson-3.2.0-2.el6.src.rpm python27-python-wheel-0.24.0-2.el6.src.rpm noarch: python27-python-pip-1.5.6-5.el6.noarch.rpm python27-python-setuptools-0.9.8-3.el6.noarch.rpm python27-python-wheel-0.24.0-2.el6.noarch.rpm x86_64: python27-1.1-17.el6.x86_64.rpm python27-python-2.7.8-3.el6.x86_64.rpm python27-python-debug-2.7.8-3.el6.x86_64.rpm python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm python27-python-devel-2.7.8-3.el6.x86_64.rpm python27-python-libs-2.7.8-3.el6.x86_64.rpm python27-python-simplejson-3.2.0-2.el6.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm python27-python-test-2.7.8-3.el6.x86_64.rpm python27-python-tools-2.7.8-3.el6.x86_64.rpm python27-runtime-1.1-17.el6.x86_64.rpm python27-scldevel-1.1-17.el6.x86_64.rpm python27-tkinter-2.7.8-3.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v.6): Source: python27-1.1-17.el6.src.rpm python27-python-2.7.8-3.el6.src.rpm python27-python-pip-1.5.6-5.el6.src.rpm python27-python-setuptools-0.9.8-3.el6.src.rpm python27-python-simplejson-3.2.0-2.el6.src.rpm python27-python-wheel-0.24.0-2.el6.src.rpm noarch: python27-python-pip-1.5.6-5.el6.noarch.rpm python27-python-setuptools-0.9.8-3.el6.noarch.rpm python27-python-wheel-0.24.0-2.el6.noarch.rpm x86_64: python27-1.1-17.el6.x86_64.rpm python27-python-2.7.8-3.el6.x86_64.rpm python27-python-debug-2.7.8-3.el6.x86_64.rpm python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm python27-python-devel-2.7.8-3.el6.x86_64.rpm python27-python-libs-2.7.8-3.el6.x86_64.rpm python27-python-simplejson-3.2.0-2.el6.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm python27-python-test-2.7.8-3.el6.x86_64.rpm python27-python-tools-2.7.8-3.el6.x86_64.rpm python27-runtime-1.1-17.el6.x86_64.rpm python27-scldevel-1.1-17.el6.x86_64.rpm python27-tkinter-2.7.8-3.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: python27-1.1-20.el7.src.rpm python27-python-2.7.8-3.el7.src.rpm python27-python-pip-1.5.6-5.el7.src.rpm python27-python-setuptools-0.9.8-5.el7.src.rpm python27-python-simplejson-3.2.0-3.el7.src.rpm python27-python-wheel-0.24.0-2.el7.src.rpm noarch: python27-python-pip-1.5.6-5.el7.noarch.rpm python27-python-setuptools-0.9.8-5.el7.noarch.rpm python27-python-wheel-0.24.0-2.el7.noarch.rpm x86_64: python27-1.1-20.el7.x86_64.rpm python27-python-2.7.8-3.el7.x86_64.rpm python27-python-debug-2.7.8-3.el7.x86_64.rpm python27-python-debuginfo-2.7.8-3.el7.x86_64.rpm python27-python-devel-2.7.8-3.el7.x86_64.rpm python27-python-libs-2.7.8-3.el7.x86_64.rpm python27-python-simplejson-3.2.0-3.el7.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-3.el7.x86_64.rpm python27-python-test-2.7.8-3.el7.x86_64.rpm python27-python-tools-2.7.8-3.el7.x86_64.rpm python27-runtime-1.1-20.el7.x86_64.rpm python27-scldevel-1.1-20.el7.x86_64.rpm python27-tkinter-2.7.8-3.el7.x86_64.rpm Red HatSoftware Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: python27-1.1-20.el7.src.rpm python27-python-2.7.8-3.el7.src.rpm python27-python-pip-1.5.6-5.el7.src.rpm python27-python-setuptools-0.9.8-5.el7.src.rpm python27-python-simplejson-3.2.0-3.el7.src.rpm python27-python-wheel-0.24.0-2.el7.src.rpm noarch: python27-python-pip-1.5.6-5.el7.noarch.rpm python27-python-setuptools-0.9.8-5.el7.noarch.rpm python27-python-wheel-0.24.0-2.el7.noarch.rpm x86_64: python27-1.1-20.el7.x86_64.rpm python27-python-2.7.8-3.el7.x86_64.rpm python27-python-debug-2.7.8-3.el7.x86_64.rpm python27-python-debuginfo-2.7.8-3.el7.x86_64.rpm python27-python-devel-2.7.8-3.el7.x86_64.rpm python27-python-libs-2.7.8-3.el7.x86_64.rpm python27-python-simplejson-3.2.0-3.el7.x86_64.rpm python27-python-simplejson-debuginfo-3.2.0-3.el7.x86_64.rpm python27-python-test-2.7.8-3.el7.x86_64.rpm python27-python-tools-2.7.8-3.el7.x86_64.rpm python27-runtime-1.1-20.el7.x86_64.rpm python27-scldevel-1.1-20.el7.x86_64.rpm python27-tkinter-2.7.8-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2013-1752 https://access.redhat.com/security/cve/CVE-2013-1753 https://access.redhat.com/security/cve/CVE-2014-1912 https://access.redhat.com/security/cve/CVE-2014-4616 https://access.redhat.com/security/cve/CVE-2014-4650 https://access.redhat.com/security/cve/CVE-2014-7185 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVcBZ/XlSAg2UNWIIRAojaAKC/1aPfLPbhJulkzyGMdfoFYq3itwCgns9a lOwtT2ZeE8hH6JpnObD51MU=ulrW -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Tackling existingvulnerabilities in Python 2.7 through enhanced security patches and bug rectifications offered by Red Hat Software Collections.. Red Hat Python, Security Advisory, Python Upgrade, Bug Fix, Package Update. . LinuxSecurity.com Team

Jun 04, 2015 Red Hat

security advisorybug fixlow severity

Red Hat: RHSA-2011:0027-01 Low: Python Bug Fix and Security Update

Updated python packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: python security, bug fix, and enhancement update Advisory ID: RHSA-2011:0027-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0027.html Issue date: 2011-01-13 CVE Names: CVE-2008-5983 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 CVE-2010-1634 CVE-2010-2089 ==================================================================== 1. Summary: Updated python packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path (sys.path). A local attacker able to trick a victim into running such an application in an attacker-controlled directorycould use this flaw to execute code with the victim's privileges. This update adds the PySys_SetArgvEx API. Developerscan modify their applications to use this new API, which sets sys.argv without modifying sys.path. (CVE-2008-5983) Multiple flaws were found in the Python rgbimg module. If an application written in Python was using the rgbimg module and loaded a specially-crafted SGI image file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450) Multiple flaws were found in the Python audioop module. Supplying certain inputs could cause the audioop module to crash or, possibly, execute arbitrary code. (CVE-2010-1634, CVE-2010-2089) This update also fixes the following bugs: * When starting a child process from the subprocess module in Python 2.4, the parent process could leak file descriptors if an error occurred. This update resolves the issue. (BZ#609017) * Prior to Python 2.7, programs that used "ulimit -n" to enable communication with large numbers of subprocesses could still monitor only 1024 file descriptors at a time, which caused an exception: ValueError: filedescriptor out of range in select() This was due to the subprocess module using the "select" system call. The module now uses the "poll" system call, removing this limitation. (BZ#609020) * Prior to Python 2.5, the tarfile module failed to unpack tar files if the path was longer than 100 characters. This update backports the tarfile module from Python 2.5 and the issue no longer occurs. (BZ#263401) * The email module incorrectly implemented the logic for obtaining attachment file names: the get_filename() fallback for using the deprecated "name" parameter of the "Content-Type" header erroneously used the "Content-Disposition" header. This update backports a fix from Python 2.6, which resolves this issue. (BZ#644147) * Prior to version 2.5, Python's optimized memory allocator never released memory back to thesystem. The memory usage of a long-running Python process would resemble a "high-water mark". This update backports a fix from Python 2.5a1, which frees unused arenas, and adds a non-standard sys._debugmallocstats() function, which prints diagnostic information to stderr. Finally, when running under Valgrind, the optimized allocator is deactivated, to allow more convenient debugging of Python memory usage issues. (BZ#569093) * The urllib and urllib2 modules ignored the no_proxy variable, which could lead to programs such as "yum" erroneously accessing a proxy server for URLs covered by a "no_proxy" exclusion. This update backports fixes of urllib and urllib2, which respect the "no_proxy" variable, which fixes these issues. (BZ#549372) As well, this update adds the following enhancements: * This update introduces a new python-libs package, subsuming the majority of the content of the core python package. This makes both 32-bit and 64-bit Python libraries available on PowerPC systems. (BZ#625372) * The python-libs.i386 package is now available for 64-bit Itanium with the 32-bit Itanium compatibility mode. (BZ#644761) All Python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 482814 - CVE-2008-5983 python: untrusted python modules search path 541698 - CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 python: rgbimg: multiple security issues 569093 - Python 2.4's arena allocator does not release memory back to the system, leading to "high-water mark" memory usage 590690 - CVE-2010-1634 python: audioop: incorrect integer overflow checks 598197 - CVE-2010-2089 Python: Memory corruption in audioop module 609017 - subprocess leavesopen fds on construction error 609020 - subprocess fails in select when descriptors are large 625372 - split python-libs subpackage 644147 - Patch for get_filename in email.message when content-disposition is missing 644761 - python-libs conflict on ia64 compatlayer 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: python-2.4.3-43.el5.i386.rpm python-debuginfo-2.4.3-43.el5.i386.rpm python-libs-2.4.3-43.el5.i386.rpm python-tools-2.4.3-43.el5.i386.rpm tkinter-2.4.3-43.el5.i386.rpm x86_64: python-2.4.3-43.el5.x86_64.rpm python-debuginfo-2.4.3-43.el5.x86_64.rpm python-libs-2.4.3-43.el5.x86_64.rpm python-tools-2.4.3-43.el5.x86_64.rpm tkinter-2.4.3-43.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: python-debuginfo-2.4.3-43.el5.i386.rpm python-devel-2.4.3-43.el5.i386.rpm x86_64: python-debuginfo-2.4.3-43.el5.i386.rpm python-debuginfo-2.4.3-43.el5.x86_64.rpm python-devel-2.4.3-43.el5.i386.rpm python-devel-2.4.3-43.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: python-2.4.3-43.el5.i386.rpm python-debuginfo-2.4.3-43.el5.i386.rpm python-devel-2.4.3-43.el5.i386.rpm python-libs-2.4.3-43.el5.i386.rpm python-tools-2.4.3-43.el5.i386.rpm tkinter-2.4.3-43.el5.i386.rpm ia64: python-2.4.3-43.el5.ia64.rpm python-debuginfo-2.4.3-43.el5.i386.rpm python-debuginfo-2.4.3-43.el5.ia64.rpm python-devel-2.4.3-43.el5.ia64.rpm python-libs-2.4.3-43.el5.i386.rpm python-libs-2.4.3-43.el5.ia64.rpm python-tools-2.4.3-43.el5.ia64.rpm tkinter-2.4.3-43.el5.ia64.rpm ppc: python-2.4.3-43.el5.ppc.rpm python-debuginfo-2.4.3-43.el5.ppc.rpm python-debuginfo-2.4.3-43.el5.ppc64.rpm python-devel-2.4.3-43.el5.ppc.rpm python-devel-2.4.3-43.el5.ppc64.rpm python-libs-2.4.3-43.el5.ppc.rpm python-libs-2.4.3-43.el5.ppc64.rpm python-tools-2.4.3-43.el5.ppc.rpm tkinter-2.4.3-43.el5.ppc.rpm s390x: python-2.4.3-43.el5.s390x.rpm python-debuginfo-2.4.3-43.el5.s390.rpm python-debuginfo-2.4.3-43.el5.s390x.rpm python-devel-2.4.3-43.el5.s390.rpm python-devel-2.4.3-43.el5.s390x.rpm python-libs-2.4.3-43.el5.s390x.rpm python-tools-2.4.3-43.el5.s390x.rpm tkinter-2.4.3-43.el5.s390x.rpm x86_64: python-2.4.3-43.el5.x86_64.rpm python-debuginfo-2.4.3-43.el5.i386.rpm python-debuginfo-2.4.3-43.el5.x86_64.rpm python-devel-2.4.3-43.el5.i386.rpm python-devel-2.4.3-43.el5.x86_64.rpm python-libs-2.4.3-43.el5.x86_64.rpm python-tools-2.4.3-43.el5.x86_64.rpm tkinter-2.4.3-43.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2008-5983 https://access.redhat.com/security/cve/CVE-2009-4134 https://access.redhat.com/security/cve/CVE-2010-1449 https://access.redhat.com/security/cve/CVE-2010-1450 https://access.redhat.com/security/cve/CVE-2010-1634 https://access.redhat.com/security/cve/CVE-2010-2089 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . Morecontact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNLuEeXlSAg2UNWIIRAnsvAJ4u14+FXfrlN6U+GhB+QE9j4u/ljgCfdfMY GImamCsc46O7oiqsjceWlkc=iAA8 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Recent updates to Python packages for Red Hat address security vulnerabilities and introduce enhancements, assessed as low severity.. Python Security Update, Red Hat Advisory, Low Severity Updates. . Severity: Low. LinuxSecurity.com Team

Jan 13, 2011 •Low Red Hat

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Oracle Linux 8 ELSA-2024-8359: Moderate python Security Update

SUSE: Recommended Updates for Crypto-Policies, GCC, Python Security

RHEL 8: RHSA-2023-5463-01 Important: Python3.11 TLS Handshake Issue

Red Hat Enterprise Linux 8.6 RHSA-2023:4032 Important: Python38 URL Bypass

openSUSE Leap 42.3: Security Advisory 2018:2712-1 Moderate: DoS

Red Hat 7: RHSA-2015:2101-01 Moderate: Fix for Python Memory Issues

Red Hat: RHSA-2015-1064-01 Moderate Python27 Security Updates

Red Hat: RHSA-2011:0027-01 Low: Python Bug Fix and Security Update

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!