python3.11-3.11.9-1.el8_10

エラータID: AXSA:2024-8471:15

Release date: 
Wednesday, June 26, 2024 - 20:21
Subject: 
python3.11-3.11.9-1.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)
* python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

CVE-2023-6597
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
CVE-2024-0450
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Solution: 

Update packages.

CVEs: 
CVE-2023-6597
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
CVE-2024-0450
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.11-3.11.9-1.el8_10.src.rpm
    MD5: b404c981c1b69220fb837aac7572ae78
    SHA-256: ebc5bb555716960a2024a84610df5e096f3ae9b1d368f7ab1cbc238661c5f7e4
    Size: 19.31 MB

Asianux Server 8 for x86_64
  1. python3.11-3.11.9-1.el8_10.i686.rpm
    MD5: dec2f0cab9419599594ee2ecceeaa702
    SHA-256: 41a90b97ac82b3cf80fad14523804c0675e68a9138e769010757fa732129f207
    Size: 29.42 kB
  2. python3.11-3.11.9-1.el8_10.x86_64.rpm
    MD5: 43ef5d7c82685efa754433a25ae4859d
    SHA-256: 2de5ba7963dcbc198f4db070e36a0ec4ce99a4affe8239b5c5f1300ad38af824
    Size: 29.34 kB
  3. python3.11-debug-3.11.9-1.el8_10.i686.rpm
    MD5: 301056dca570c0f56a0d9badd6bbc299
    SHA-256: 173ee265f9f183210eac89d663d1343fec14b081a0dd538b12b176341f1f82c7
    Size: 3.20 MB
  4. python3.11-debug-3.11.9-1.el8_10.x86_64.rpm
    MD5: 897df53ed80ff45c78ace308319105e2
    SHA-256: 2d6da6e67eaaa81e9464c6bf30fc09b6dbdb0108485c51fbf4f665487cc0a42c
    Size: 3.33 MB
  5. python3.11-devel-3.11.9-1.el8_10.i686.rpm
    MD5: 6954198316c7dfba94bccb4c15cf9ad1
    SHA-256: 82683f1d5195d8677da16a6d9a50fe8c97728a6b32db54e88b549bea20c010d3
    Size: 247.28 kB
  6. python3.11-devel-3.11.9-1.el8_10.x86_64.rpm
    MD5: fcbc826f70534cefc0cbb719f67c237b
    SHA-256: ce9d19689a0e7bb0b3a48f53bf4a07ff9f57fb42e8db536617fe47a6bedecb5e
    Size: 247.24 kB
  7. python3.11-idle-3.11.9-1.el8_10.i686.rpm
    MD5: 7b3050df3d15cdf107270737dc29943c
    SHA-256: 25bbb05e4206966a3a6763de0b287c629e8355276fe3003099691400f485159b
    Size: 1.32 MB
  8. python3.11-idle-3.11.9-1.el8_10.x86_64.rpm
    MD5: 821fcf02bcb9d9300a26d36e50786ea8
    SHA-256: 8fbdb5b815350a04c3a219fa2930e9c56efd33eb12470dbbb58f1dc6aa472b5e
    Size: 1.32 MB
  9. python3.11-libs-3.11.9-1.el8_10.i686.rpm
    MD5: a74dba04c947e16b29a6f25368ef2dde
    SHA-256: e113887014f081d57ea9d6301ae4bf5b5e01c29a77b0f391e84ca3351e8533da
    Size: 10.48 MB
  10. python3.11-libs-3.11.9-1.el8_10.x86_64.rpm
    MD5: 3515b2a8b2f603d95e5a07026c848f97
    SHA-256: 375e48ce53f806c4b681de1f1a68e6f2bb5c36e58249c1951450966aa2601fc3
    Size: 10.39 MB
  11. python3.11-rpm-macros-3.11.9-1.el8_10.noarch.rpm
    MD5: 524dc0e48e8d3e1bf4bd13c428896171
    SHA-256: 7320ac446b3709e4298f526215eb3a37367fac8417228fdfecc6b85fc139c9ed
    Size: 13.79 kB
  12. python3.11-test-3.11.9-1.el8_10.i686.rpm
    MD5: 4ca12ec6e455ee93adc8e2cd0ac3f583
    SHA-256: 5fdab7262cd23ec8ee69e4a296ab336b0de7835ee1bdfab18c73b5d2f036cb27
    Size: 15.68 MB
  13. python3.11-test-3.11.9-1.el8_10.x86_64.rpm
    MD5: 39684f5eef420d3ddd5c7a7b19d7c7a9
    SHA-256: ddd1b48df5769bfed23bd5e8cc95f73c79a3b9c7765ad7ada4b7d2c5417d8fdc
    Size: 15.67 MB
  14. python3.11-tkinter-3.11.9-1.el8_10.i686.rpm
    MD5: e04ee6c6e016302d89d894d3aea391af
    SHA-256: 652114976005ecea0300ab79566ba8757689dc5053a6f80d588415be2644d266
    Size: 409.58 kB
  15. python3.11-tkinter-3.11.9-1.el8_10.x86_64.rpm
    MD5: e1e95862789495fd28a0fadaba228bb0
    SHA-256: 985a9fdfd87e06e34c50d299908c2e49c19eae7f1002954166aeac97c8628a9a
    Size: 408.08 kB