python3-3.6.8-67.el8_10.ML.1

エラータID: AXSA:2024-8859:05

Release date: 
Friday, September 27, 2024 - 17:08
Subject: 
python3-3.6.8-67.el8_10.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)
* cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923)
* python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-4032
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

Solution: 

Update packages.

CVEs: 
CVE-2024-4032
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
Additional Info: 

N/A

Download: 

SRPMS
  1. python3-3.6.8-67.el8_10.ML.1.src.rpm
    MD5: f883bf0710dd6c6f766fd4d74d12a4f6
    SHA-256: a2e0b3a8d60d53d2913ff9070b8607d65e1ec15ca4856a87d5527ce0ba183d37
    Size: 18.33 MB

Asianux Server 8 for x86_64
  1. platform-python-3.6.8-67.el8_10.ML.1.i686.rpm
    MD5: 4548d2ae1cbfa9b1d22c5128062d2831
    SHA-256: fe83a60c9b2d0b1b03296283d875011f860d18490087b7bb9416806bf85e55a8
    Size: 87.37 kB
  2. platform-python-3.6.8-67.el8_10.ML.1.x86_64.rpm
    MD5: f3c35a49f7402abf2bbb0035e7c6b7c3
    SHA-256: 78f4afd1100f194815e61a262f4e9d248470d5071f86ad13fd6dc86c2f27ea94
    Size: 87.43 kB
  3. platform-python-debug-3.6.8-67.el8_10.ML.1.i686.rpm
    MD5: dc35b0ea12ec4da8963ebc448949dd54
    SHA-256: e6f75c3c117097077ea7055530cbd231a32e984640060ec798516cf75574b4d7
    Size: 2.72 MB
  4. platform-python-debug-3.6.8-67.el8_10.ML.1.x86_64.rpm
    MD5: 0612040c933beee03427884a39b6c92b
    SHA-256: 37d9da656cc5604b572fb9d033780884765074e2a8590fa9566a7e3879283fb4
    Size: 2.68 MB
  5. platform-python-devel-3.6.8-67.el8_10.ML.1.i686.rpm
    MD5: 05ac9013edfbba1473b86a72bada13e8
    SHA-256: 9465983eb901afb0ee40bebdfd3550e046c0c171aed3778d1247fdcaab9bf2be
    Size: 240.69 kB
  6. platform-python-devel-3.6.8-67.el8_10.ML.1.x86_64.rpm
    MD5: 1238d5a959fed083e287576197818854
    SHA-256: f2beae7f2b37a0e22252974b1e8d96acdfde862d245ed7bd174e442ca22645f8
    Size: 240.94 kB
  7. python3-idle-3.6.8-67.el8_10.ML.1.i686.rpm
    MD5: ffe104d1089c1eb74d931c72681de3fd
    SHA-256: abaca3db5bcc10c29037cf46229d7cf7bc2fb6db99cb13663f08f5e2eec22aac
    Size: 828.79 kB
  8. python3-idle-3.6.8-67.el8_10.ML.1.x86_64.rpm
    MD5: ee1ea082c5d68c60b9140f0224be6492
    SHA-256: 8a345e3edb8bd7ed2c399c830629273879fbcf6d2075f7258331521e2d1ae21f
    Size: 828.79 kB
  9. python3-libs-3.6.8-67.el8_10.ML.1.i686.rpm
    MD5: f8f040c24f9392028c8c165112d28ce9
    SHA-256: 482a78d3c09a570c648d2a6cb2809ac608b7b42041fbe71a91ccfa1aa1e45e20
    Size: 7.90 MB
  10. python3-libs-3.6.8-67.el8_10.ML.1.x86_64.rpm
    MD5: b3d0669eac03f20b9b3bf4dfa86ace66
    SHA-256: ebe5e4501ffa16ebcc6e58da815a4d029449a00b5f84f0b540087fa450a94a22
    Size: 7.84 MB
  11. python3-test-3.6.8-67.el8_10.ML.1.i686.rpm
    MD5: 536ee1db1e35d69801da03493e9b0104
    SHA-256: 3514f72ddb44a2f5035be52f83229f47a584144919e88295b21a31e895abab78
    Size: 8.69 MB
  12. python3-test-3.6.8-67.el8_10.ML.1.x86_64.rpm
    MD5: 3398ccb387145a3795bd9abe82cbf94f
    SHA-256: 938035191aa235d32944bbcf761d9fb6540573d30933080cc34d7a84c4821dbe
    Size: 8.70 MB
  13. python3-tkinter-3.6.8-67.el8_10.ML.1.i686.rpm
    MD5: 17000a7c166db982b56aeacabb6908d0
    SHA-256: f2ce4aa054aab9047d48f234c320b1694891e0170d7d662732fec31220288b09
    Size: 375.67 kB
  14. python3-tkinter-3.6.8-67.el8_10.ML.1.x86_64.rpm
    MD5: 2df566503935876e96537e8689d0569d
    SHA-256: 2d3d1660a10b3833c12d88c4bd7d7fbaf290c63c164ccd24389a6706b282bf65
    Size: 374.12 kB