python3.9-3.9.14-1.el9
エラータID: AXSA:2022-4524:02
Release date:
Monday, December 26, 2022 - 10:18
Subject:
python3.9-3.9.14-1.el9
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
Python is an interpreted, interactive, object-oriented programming language,
which includes modules, classes, exceptions, very high level dynamic data types
and dynamic typing. Python supports interfaces to many system calls and
libraries, as well as to various windowing systems.
The following packages have been upgraded to a later upstream version: python3.9
(3.9.14).
Security Fix(es):
python: mailcap: findmatch() function does not sanitize the second argument
(CVE-2015-20107)
python: open redirection vulnerability in lib/http/server.py may lead to
information disclosure (CVE-2021-28861)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2015-20107
CVE-2021-28861
Solution:
Update packages.
CVEs:
CVE-2015-20107
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
CVE-2021-28861
** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
Additional Info:
N/A
Download:
SRPMS
- python3.9-3.9.14-1.el9.src.rpm
MD5: 84654029099a96be04e1699c8cc870b6
SHA-256: 42bb75b026cad030401d54afc560e73221e11fa41311415efcc0ccd6a0ef5c36
Size: 19.43 MB
Asianux Server 9 for x86_64
- python3-3.9.14-1.el9.x86_64.rpm
MD5: 046887bbfca4c369cb9b5989b2d32eb8
SHA-256: 1cc7293c68029eb19e4065d79d21d31758a01e3e72173bd30a9646ef516c837e
Size: 27.58 kB - python3-debug-3.9.14-1.el9.x86_64.rpm
MD5: 1653382e155f0e1ce10a521ab4ae3cab
SHA-256: 6b9f6d0598378fe4e86693920114e478a7fef8e82b84c9937cd788e98bc81add
Size: 2.98 MB - python3-devel-3.9.14-1.el9.x86_64.rpm
MD5: 42581a95da2c8e2b89c48b8e39760501
SHA-256: a475f46dd4016acc2df44603e6fb9b966622aa04721ed0eb78a6f26ccd2928ea
Size: 206.85 kB - python3-idle-3.9.14-1.el9.x86_64.rpm
MD5: d9a1b02663290e0bb5c3351f16f544b9
SHA-256: d2269d0ac72e65719d171c72f90d845a7f8e478564b294a09f77051d4e8df00f
Size: 772.08 kB - python3-libs-3.9.14-1.el9.x86_64.rpm
MD5: 0cad798e09a3ad308d8eda4df57a4497
SHA-256: c504886484329040fff3447d328ce3518ffcfbee2c3523d7df2aa970f97ae22c
Size: 7.28 MB - python3-test-3.9.14-1.el9.x86_64.rpm
MD5: 01b166eb2edb8843d937d8b3cb5be59c
SHA-256: e883e98d3a0c1a4514af068be7ff1b8d0daf0f09ab8f41c773271dc90ed52a99
Size: 9.25 MB - python3-tkinter-3.9.14-1.el9.x86_64.rpm
MD5: 9a10036f368cdf17416a4963c6c523e6
SHA-256: a26cf6ccc72089c36b14dec6b893cf8c21e1c8029292adb03815d83c1c468231
Size: 310.40 kB - python-unversioned-command-3.9.14-1.el9.noarch.rpm
MD5: 66c724be0aa5afbd49fc331788ebf7a0
SHA-256: 189603fc2bb310b4e66ffd57b37dcc218794f110b19fb771862c80a73d80cae3
Size: 10.94 kB - python3-3.9.14-1.el9.i686.rpm
MD5: a64b20301350ffbdf30f124b04faa3ef
SHA-256: ca752783fa3eb85d9f271938df91654d1c61e8cd5b28820bfdcb942a6cbe42d9
Size: 27.67 kB - python3-debug-3.9.14-1.el9.i686.rpm
MD5: d838ac6217b4b4ef078276ebcc4d51c2
SHA-256: 14ae7951033c5cec3c0b6d369fc69b7617d23669ff6363c41202b4366369798b
Size: 2.82 MB - python3-devel-3.9.14-1.el9.i686.rpm
MD5: d93af22f2af3012559d09d71c45da4eb
SHA-256: 1145f86420cc12c760d5ff52047969c29d46b7897b239a70fb5f421c87285c6b
Size: 206.89 kB - python3-idle-3.9.14-1.el9.i686.rpm
MD5: 3e79bdc970f34ed69027d1a955b96b7b
SHA-256: 6f1909a97be5b5757fd477daa07a4cb761908e89d739cddce9a11c0657b9c878
Size: 772.06 kB - python3-libs-3.9.14-1.el9.i686.rpm
MD5: a32d0244b0f17eefa3ce5512e65d6f71
SHA-256: 68d8bbac0b63372d909abda8bccf9750fcf42d900fa58a5e4af60c93ece4c123
Size: 7.36 MB - python3-test-3.9.14-1.el9.i686.rpm
MD5: ca5ce414e023272b324136ce7ecd80bc
SHA-256: d36dc9426707127364e9bef29778ffc2a4674059f244a0e8d2c159d7d35a0d24
Size: 9.26 MB - python3-tkinter-3.9.14-1.el9.i686.rpm
MD5: 1a0ef16122078511f73a937f2c8c3c59
SHA-256: 70562e34b23d1610e8e87b0c8ccf3e5274d62df7da5ebd8590c9d3d1109c6386
Size: 312.14 kB
日本語