python3.11-3.11.9-7.el8_10

エラータID: AXSA:2024-8834:23

Release date: 
Thursday, September 26, 2024 - 13:16
Subject: 
python3.11-3.11.9-7.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)
* cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923)
* python: cpython: From NVD collector (CVE-2024-8088)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-4032
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
CVE-2024-8088
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

Solution: 

Update packages.

CVEs: 
CVE-2024-4032
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
CVE-2024-8088
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.11-3.11.9-7.el8_10.src.rpm
    MD5: 5102680d37f7e067acc2249d35afdd63
    SHA-256: 8effa4ddcb8373bff4062af200600f1c86a469325598802f9434ccc72c1ca3c6
    Size: 19.32 MB

Asianux Server 8 for x86_64
  1. python3.11-3.11.9-7.el8_10.i686.rpm
    MD5: fdf908bdbb621fd362ce0540cbb1a2c7
    SHA-256: 7be7437eeef67a7db6f6b11ec50e72e343d4d05ca135ee27de38a887747f598d
    Size: 30.15 kB
  2. python3.11-3.11.9-7.el8_10.x86_64.rpm
    MD5: e6a31e3cfe6dabc1983e00b57a4513c8
    SHA-256: 8e7266717e372ccee33933d3a098a9c782464ba0108d38155a4696018abb9268
    Size: 30.07 kB
  3. python3.11-debug-3.11.9-7.el8_10.i686.rpm
    MD5: 47d3c584534dba3dfda5aa68dd171e45
    SHA-256: 70d884c960b12366cef24718fec7c592776c78013f8eae0485953c596f9607c9
    Size: 3.20 MB
  4. python3.11-debug-3.11.9-7.el8_10.x86_64.rpm
    MD5: 074b9f777d554f41a162953d2b33a935
    SHA-256: 6a474a0118f880d9cb9858d86407d624c5391ae12fd229cd6d17d9e61016a785
    Size: 3.33 MB
  5. python3.11-devel-3.11.9-7.el8_10.i686.rpm
    MD5: 8086d52bde39b8ffbf14cbfad3aecb67
    SHA-256: bcacf3292af5d90ccb2a4d8ab9f343e0b2cf4bf1987323ed3b090d357daf90a2
    Size: 248.00 kB
  6. python3.11-devel-3.11.9-7.el8_10.x86_64.rpm
    MD5: 21c63b7aeabd89fbf90f0460c1afe64c
    SHA-256: 8f28a0442e9209fa896cdcf1e2c03d865dbc1eb160983450587ab03241a92b78
    Size: 247.97 kB
  7. python3.11-idle-3.11.9-7.el8_10.i686.rpm
    MD5: 0fc529948d8064ed45a6574d95fefbd3
    SHA-256: 1957cbaaf304f3991a17128219ffa5e3b4acab230715148fbf8d74a8c6f395be
    Size: 1.32 MB
  8. python3.11-idle-3.11.9-7.el8_10.x86_64.rpm
    MD5: c9094864b3519443d431ea1db1e1e3e4
    SHA-256: f2c09800096f06875c78d4cbcfae3952f60b7e6b39bf76beaaaf30c7f0444d2b
    Size: 1.32 MB
  9. python3.11-libs-3.11.9-7.el8_10.i686.rpm
    MD5: acf94bc609b49374ecf91294058e9631
    SHA-256: 9959fcf7ddc6cda5c72f568d291cc637ac1075838558119d0913cff4b48ff379
    Size: 10.49 MB
  10. python3.11-libs-3.11.9-7.el8_10.x86_64.rpm
    MD5: c971a77a69f230d8a67e69950a7f5022
    SHA-256: 6a1e5c09754743086db32b4f9c82d16c80114bfc5eda080e91dc5bee3f46493b
    Size: 10.40 MB
  11. python3.11-rpm-macros-3.11.9-7.el8_10.noarch.rpm
    MD5: 5f4f75bf6c1b2c1ca9a61a8e63cd301a
    SHA-256: 46ed5c6e9d383b2e7fb44b8edf54dfd9705d9a4a40a70417c2e6936148e98ba6
    Size: 14.52 kB
  12. python3.11-test-3.11.9-7.el8_10.i686.rpm
    MD5: f8aa761e285c417538aa98fa930d31f3
    SHA-256: 7df2566a67a01c4af9da7252228f0ec4c955a616ea45ac71d4bb84477f88b6ad
    Size: 15.69 MB
  13. python3.11-test-3.11.9-7.el8_10.x86_64.rpm
    MD5: 7bd25189ebddabd72ed2d6250c116221
    SHA-256: 1ba42b443811b911b35c46db08d6d4109a6ed5dc3aca61210632195284fc9177
    Size: 15.68 MB
  14. python3.11-tkinter-3.11.9-7.el8_10.i686.rpm
    MD5: 17abda5d1dad64758a9765fec28f15d3
    SHA-256: 36c07e38f0fe982e4e8592cd2992732be730a8d0469017d919aec10486f22e99
    Size: 410.31 kB
  15. python3.11-tkinter-3.11.9-7.el8_10.x86_64.rpm
    MD5: dfb98a6c1766469f9db4aa67b9a39b50
    SHA-256: 43ecc8a431677ab7c4387955018f8932467a00553f99cf2665dd5f8a4dbe22e4
    Size: 408.82 kB