python3.11-3.11.5-1.el9_3

エラータID: AXSA:2023-6966:07

Release date: 
Tuesday, December 12, 2023 - 13:00
Subject: 
python3.11-3.11.5-1.el9_3
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

The following packages have been upgraded to a later upstream version: python3.11 (3.11.5).

Security Fix(es):

* python: tarfile module directory traversal (CVE-2007-4559)
* python: file path truncation at \0 characters (CVE-2023-41105)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

Solution: 

Update packages.

CVEs: 
CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.11-3.11.5-1.el9_3.src.rpm
    MD5: 6d19804237eb210ce9490789e2198371
    SHA-256: c942a382514e72a70e2d232494eb1cf12666c7e0903058f1c9525d2bb2ba57a7
    Size: 19.19 MB

Asianux Server 9 for x86_64
  1. python3.11-3.11.5-1.el9_3.i686.rpm
    MD5: d3548591c6d7a2a065778d03d0b5e755
    SHA-256: 0791cb4534ae6b65687535508a4757450f047526a38a0cf407413f02bdbd3253
    Size: 25.61 kB
  2. python3.11-3.11.5-1.el9_3.x86_64.rpm
    MD5: 4da2a76f8481353dcdc1cc9b493bb659
    SHA-256: 8da14449bfc7aeb328738d560f9eb8aa574782d4382e225eb7f16a6f288dc395
    Size: 25.54 kB
  3. python3.11-debug-3.11.5-1.el9_3.i686.rpm
    MD5: c0955f82211fa6848f953f37f4646e07
    SHA-256: a6dc6bfb4535a19d116d86802c7b13b61fc76646840ef9d20f337e0899923f79
    Size: 3.18 MB
  4. python3.11-debug-3.11.5-1.el9_3.x86_64.rpm
    MD5: 59b00ea6df5c7e71ec3afcbc201d2f19
    SHA-256: 75de4c86bc855fef2837ff53f0f8fd47a9830ba776397b456411b913007a9cc7
    Size: 3.33 MB
  5. python3.11-devel-3.11.5-1.el9_3.i686.rpm
    MD5: f0feff78b0b65406417b4e3ae1811389
    SHA-256: 977d44630ca7c366ebd2402fc909137773b23818e5d64d9da5cff6e5b926dfa6
    Size: 232.49 kB
  6. python3.11-devel-3.11.5-1.el9_3.x86_64.rpm
    MD5: 55609edcf4ae7c34d4db07710c9c7629
    SHA-256: 63257dee39a0ecb819fb811a56c5d3dcf62dcae65f942939624cd2d38f6e7fb1
    Size: 232.50 kB
  7. python3.11-idle-3.11.5-1.el9_3.i686.rpm
    MD5: b77974b63f070f63ef36996d3890c56a
    SHA-256: 793c61e08a4da0a44e818edcaca6e47b99f84bfff761ae8534a3d958cd3628fb
    Size: 0.96 MB
  8. python3.11-idle-3.11.5-1.el9_3.x86_64.rpm
    MD5: cc875fd26a4c28e9e93541576c43e579
    SHA-256: 644073b61289fb030007db6f7bf4b6dccaf347bd7231c9bb84ce398e0e7ef075
    Size: 0.96 MB
  9. python3.11-libs-3.11.5-1.el9_3.i686.rpm
    MD5: 509ecc7450fd08ab55b05fb2483ffc54
    SHA-256: ab0d327d56a85ed8629ca295c5d1b26908ce4998c60f6bce4bcbef8143a70fe0
    Size: 9.37 MB
  10. python3.11-libs-3.11.5-1.el9_3.x86_64.rpm
    MD5: 5d18c5149f20c44f512d0a6dc9f0f586
    SHA-256: f7846fcdd7b7affb754960349eb61041ac52f6e61dc82be35a05fd6660359a79
    Size: 9.31 MB
  11. python3.11-test-3.11.5-1.el9_3.i686.rpm
    MD5: ec15e4d9f91ca07ad1fe5858faf0e45e
    SHA-256: 61b95eb6911f5e83829d7617c973a17b1435ccd4fcea7857bfc140d012c602a0
    Size: 14.02 MB
  12. python3.11-test-3.11.5-1.el9_3.x86_64.rpm
    MD5: 7b026000e6bc4d72658db11cb21dc1c3
    SHA-256: dac6a124c0f7951cd3191da07fe5d16d7f27b96c4b235bc57fdda9096ad53936
    Size: 14.01 MB
  13. python3.11-tkinter-3.11.5-1.el9_3.i686.rpm
    MD5: f4279b3bcd9ac16808ac2769b56a9cd4
    SHA-256: 2d3aecf4ec11d0accd3aeb5a149c3defdf852cb3a4ae50915961a7e80455978b
    Size: 393.95 kB
  14. python3.11-tkinter-3.11.5-1.el9_3.x86_64.rpm
    MD5: d97df1fe36bc7b60b1c206d09cf6fb3e
    SHA-256: c6b06dab0d5947337847ea254790e35ed8caa66fbf9ce66972ae0d2e3ee81e34
    Size: 392.25 kB