python3.9-3.9.18-3.el9_4.1

エラータID: AXSA:2024-8484:03

Release date: 
Friday, June 28, 2024 - 13:24
Subject: 
python3.9-3.9.18-3.el9_4.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)
* python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

CVE-2023-6597
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
CVE-2024-0450
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Solution: 

Update packages.

CVEs: 
CVE-2023-6597
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
CVE-2024-0450
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.9-3.9.18-3.el9_4.1.src.rpm
    MD5: 42ee57859cb11dd7e9ed1ebafe04c234
    SHA-256: 60e26cfd18858ac65c4ddbc30d303131f7c898a3a20ab3fe868226fe25374d10
    Size: 19.37 MB

Asianux Server 9 for x86_64
  1. python3-3.9.18-3.el9_4.1.i686.rpm
    MD5: 049210f1f5b27f5080c7723e52b14027
    SHA-256: e637514d062a0981811ff56d159e1155866f7725ba37d3f8a5ef196b7f4b2edb
    Size: 25.38 kB
  2. python3-3.9.18-3.el9_4.1.x86_64.rpm
    MD5: 9f78debfc4af275e9c6e55e066943db7
    SHA-256: b4769dcd257831cec5a8d07b121e182c205ac4517d1dd1aa44ff10cba8f50a48
    Size: 25.29 kB
  3. python3-debug-3.9.18-3.el9_4.1.i686.rpm
    MD5: 7545ff949058c071f4c84e4dedf18496
    SHA-256: 00a2191353129c33221bf8247f989d4a39be25b7fd6097326eb88f31e34ac17c
    Size: 2.88 MB
  4. python3-debug-3.9.18-3.el9_4.1.x86_64.rpm
    MD5: c88cbd299fd3f9f1fef85035002320d7
    SHA-256: 5d7bdbccedce4df7587ef0245447d6246d8e2fc572b6c1cb786e33d32e9bd478
    Size: 3.04 MB
  5. python3-devel-3.9.18-3.el9_4.1.i686.rpm
    MD5: f74542d5fcc795c91dedc37a56760049
    SHA-256: d56a163f9f04d89acff3ac8cb8d55fd248e59dc57f745eeb2dbcf74813c470a6
    Size: 244.54 kB
  6. python3-devel-3.9.18-3.el9_4.1.x86_64.rpm
    MD5: cf2fd7b693b7503ebf52ed32d06d08e6
    SHA-256: f8f12cadf70a8f69a985f5d5643b57133d962a51d6ee26754616b2aa4be0fbeb
    Size: 244.44 kB
  7. python3-idle-3.9.18-3.el9_4.1.i686.rpm
    MD5: 80c482ad9c1efd9125dc99f55a82f66e
    SHA-256: 13d8bcffccc8d419796eb8ab6aac7be6356e727822e7745ecc7826165b05e706
    Size: 888.30 kB
  8. python3-idle-3.9.18-3.el9_4.1.x86_64.rpm
    MD5: 51eaee83b144d719752ac3d71d7863e8
    SHA-256: a907bf568e09884334a094cd31cd69c062fd0f4842d1d341f1c870196e2812a0
    Size: 888.15 kB
  9. python3-libs-3.9.18-3.el9_4.1.i686.rpm
    MD5: 54faf3b679f84606c529f4f9e13c8b08
    SHA-256: 2f67bf196953496c9587d9f019acd3fb15f0f2c531022f8bb3b6d8f79494d679
    Size: 7.88 MB
  10. python3-libs-3.9.18-3.el9_4.1.x86_64.rpm
    MD5: dfaa60bb368a1bf95153c13816880daf
    SHA-256: 664cc6ed99008086cc61507bef52804c7c8835fc394781c6128049ad97c202d5
    Size: 7.80 MB
  11. python3-test-3.9.18-3.el9_4.1.i686.rpm
    MD5: 864a28dd6e2058ab92e68f1823b28355
    SHA-256: ec87962c40c0c415f62e280a77ec437954db9e7c7f03a36c040e03bfbe935343
    Size: 10.16 MB
  12. python3-test-3.9.18-3.el9_4.1.x86_64.rpm
    MD5: acbe3aa3bcb75563c4624c7d90fc4c2f
    SHA-256: 7c8c0cb0a29c6feabf125755ea58593074f8d1809933c62ad69d248604a5e36b
    Size: 10.16 MB
  13. python3-tkinter-3.9.18-3.el9_4.1.i686.rpm
    MD5: afa3c20644d0e348f1ec5ba068f4077c
    SHA-256: 601637b4cea24ac59a81658afe2e5dafc0070f2f44b001176206cb984e805848
    Size: 342.83 kB
  14. python3-tkinter-3.9.18-3.el9_4.1.x86_64.rpm
    MD5: 782ba7ab767b5caccd08e38b661c9993
    SHA-256: f369dbd9e4af2e7730e51a8c355c77583bad1f20183b1e2381cd9be18258adef
    Size: 341.26 kB
  15. python-unversioned-command-3.9.18-3.el9_4.1.noarch.rpm
    MD5: 6e9d17d7f284f8279134eb4f9ab49c12
    SHA-256: 341773d38cf60538fc59f602d16d04139f232481d2f2912194e66a92177764ca
    Size: 8.47 kB