python3.11-3.11.5-1.el8

エラータID: AXSA:2023-7136:08

Release date: 
Friday, December 22, 2023 - 13:06
Subject: 
python3.11-3.11.5-1.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: tarfile module directory traversal (CVE-2007-4559)
* python: file path truncation at \0 characters (CVE-2023-41105)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.9 Release Notes linked from the References section.

CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

Solution: 

Update packages.

CVEs: 
CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.11-3.11.5-1.el8.src.rpm
    MD5: c9aba9e1906fa81ec6632cb791045dcf
    SHA-256: 0bbd73d247677de0ccb82234258410e5d4da289658101daa4e7bc5a254eb13d6
    Size: 19.19 MB

Asianux Server 8 for x86_64
  1. python3.11-3.11.5-1.el8.i686.rpm
    MD5: 6820e0bf60b65deb37a779bec1391c28
    SHA-256: 706f35df480d6ec9e8e2e19c1bda3dee91325c18a3f0c1675bbeeeec42ff3e9b
    Size: 28.99 kB
  2. python3.11-3.11.5-1.el8.x86_64.rpm
    MD5: e366d8215ece4d0a195b7406e7b4bba0
    SHA-256: fa9d24100c631d991414f89553c032f7ce747cf14ce09469cbe5ae61d59ad227
    Size: 28.91 kB
  3. python3.11-debug-3.11.5-1.el8.i686.rpm
    MD5: 520b47a3a86d879aa188903006c07c3c
    SHA-256: 929e497daebe7c670b7c45bb2d5f1d0a7263827494bc101df62cf1f665e3d1af
    Size: 3.19 MB
  4. python3.11-debug-3.11.5-1.el8.x86_64.rpm
    MD5: d7651b761c02e40138ba6ef6cd02d5b5
    SHA-256: 7ac434c8cde1298b44b4fca60c5ab4997beb6daed93009453c1646b4a37da84c
    Size: 3.32 MB
  5. python3.11-devel-3.11.5-1.el8.i686.rpm
    MD5: 00f8f56e561e8772f294b1c28bbe6f35
    SHA-256: 20e0262332d8938c5457bdab794652e08610b3e316d57cbae3d97a0e12789369
    Size: 246.53 kB
  6. python3.11-devel-3.11.5-1.el8.x86_64.rpm
    MD5: c956969223c59e58393178ec945fa134
    SHA-256: 74a68be8cfaf9bc24c243be91f3a4411e2336e8b5b2d72ceb6dc65e639eab93c
    Size: 246.49 kB
  7. python3.11-idle-3.11.5-1.el8.i686.rpm
    MD5: 0c8127bba496ec667c96f37f9b3941b1
    SHA-256: 65ab2ce6f5e5f86de87da21a843cc6980bb417f51765a3751c18f8439e6c4854
    Size: 1.31 MB
  8. python3.11-idle-3.11.5-1.el8.x86_64.rpm
    MD5: 3847581a4756abb75fb3537613aa5ae1
    SHA-256: cb20fb7d4374a4de36e0caa7116587cd12b45c01bc751fa9c782fe15eacb4193
    Size: 1.31 MB
  9. python3.11-libs-3.11.5-1.el8.i686.rpm
    MD5: 27f732052f5fd30fceb36893701ed536
    SHA-256: 871f36b5d200436a47dea74051360352a67b310a8ad462d439a3cae2f55bfbe0
    Size: 10.45 MB
  10. python3.11-libs-3.11.5-1.el8.x86_64.rpm
    MD5: 54e05b8cf7d88e179c1712aa6dedbc5c
    SHA-256: e69e765c1c51851cc0643c37e7ac410b93f47a8f5a7c027a74397a749cdd741d
    Size: 10.35 MB
  11. python3.11-rpm-macros-3.11.5-1.el8.noarch.rpm
    MD5: 9c2ae0d3acdf3ba11edcb42bfdfe9abe
    SHA-256: 340983ee427b3ce1066d12c3626890da208bc9d76927542f49ae360996c6f092
    Size: 13.24 kB
  12. python3.11-test-3.11.5-1.el8.i686.rpm
    MD5: ad987f480460f407432fa0346aac6936
    SHA-256: d13ee9ce67a4f170e47882d740eda1f830cd90d33c6813c87ee3e4218322813b
    Size: 15.37 MB
  13. python3.11-test-3.11.5-1.el8.x86_64.rpm
    MD5: cdde11de3f8527868da362c77ec6681c
    SHA-256: a3e3c52ca8675493547a6ad218c2a528e725246e19ebaa36025daa97758c7840
    Size: 15.36 MB
  14. python3.11-tkinter-3.11.5-1.el8.i686.rpm
    MD5: 79345345b3b5e8062442551db7e5afb9
    SHA-256: a00fd3637e0e066e86716c5a771070b24d41ddb6bfe65decdabcbe1bd2614bc0
    Size: 408.03 kB
  15. python3.11-tkinter-3.11.5-1.el8.x86_64.rpm
    MD5: 3a200c26df4471bb9d66f4a3de3c2615
    SHA-256: d9b826b7c6cecb8a00dfe3224a07f69251f34ce6a9d0ae175be332a8778b84f7
    Size: 406.62 kB