python3.9-3.9.19-8.el9

エラータID: AXSA:2024-9269:08

Release date: 
Thursday, December 12, 2024 - 18:42
Subject: 
python3.9-3.9.19-8.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service (CVE-2024-8088)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.5 Release Notes linked from the References section.

CVE-2024-8088
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.

Solution: 

Update packages.

CVEs: 
CVE-2024-8088
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.9-3.9.19-8.el9.src.rpm
    MD5: cbeaeed65787a69a2c151a0ee622b023
    SHA-256: c306e4e486bbc3254dbc316f2d0f04c15ed2b393837a73569570266a9f28e762
    Size: 19.38 MB

Asianux Server 9 for x86_64
  1. python3-3.9.19-8.el9.i686.rpm
    MD5: 828ff372277be469b4cadd2f2455f5bc
    SHA-256: ad0534327901c6f33715a9ac32dec9046fd64bb326465dc79544a59534bb0d87
    Size: 25.70 kB
  2. python3-3.9.19-8.el9.x86_64.rpm
    MD5: 44228c0cfc63897772c883c9a149280d
    SHA-256: 5820e3dd6fe98d9a1e1c42a01f4118c40d4d9cdf5635901751b55955aabb3635
    Size: 25.63 kB
  3. python3-debug-3.9.19-8.el9.i686.rpm
    MD5: 0f00af5f99ab3924dc46ae645331b4bb
    SHA-256: feb36dc7300600bec6615f89d8d1adf750b77606f21be9a7ebf11851b2590e5e
    Size: 2.88 MB
  4. python3-debug-3.9.19-8.el9.x86_64.rpm
    MD5: ac974b464e5d3bcc4c4f550089992326
    SHA-256: fc17e0db9fad2bcccf653ecdfba58c277c16b516d5ecc4d213e5acf00c356286
    Size: 3.04 MB
  5. python3-devel-3.9.19-8.el9.i686.rpm
    MD5: 7e05cf1fec9c03da146407e0856e045a
    SHA-256: 037ff61e056771cdc626cbdc9856dfb2107026e6dbf753f9d77665a4d2b8fa67
    Size: 244.90 kB
  6. python3-devel-3.9.19-8.el9.x86_64.rpm
    MD5: bbcdedeacc94094a454b72772cf51307
    SHA-256: 5db03cb4ebbd9d40b35da23268f918c60f1afe94a78089bff2518d9d240b3f31
    Size: 244.82 kB
  7. python3-idle-3.9.19-8.el9.i686.rpm
    MD5: fe4fb8ee6a7d81fa2bf2f8d4ca4dd4d3
    SHA-256: 85c0e4825c2844f9e9f37dba056f6d293b088e42b9d536aa1bb92daa36b54d36
    Size: 888.66 kB
  8. python3-idle-3.9.19-8.el9.x86_64.rpm
    MD5: 813c9022e19fb30b8554f3ffb9c793c6
    SHA-256: 901fd6b7a552a09c8dc030a7cd020b3f993ec5f5f207b085d76f69d943015d30
    Size: 888.73 kB
  9. python3-libs-3.9.19-8.el9.i686.rpm
    MD5: cf3e6d8c9dc7da736a175349f1ea0079
    SHA-256: bd5a7854800bab26956acbd8008d88a8d14b5d167b5f97f68e3edaa9c755cf69
    Size: 8.10 MB
  10. python3-libs-3.9.19-8.el9.x86_64.rpm
    MD5: f1c03704d83b5c7c7c048e281e3a4889
    SHA-256: 190b0639f4afabf3bc1860ad1f5936e29f3905ff7238e330ad2a9ae34ac6a569
    Size: 8.05 MB
  11. python3-test-3.9.19-8.el9.i686.rpm
    MD5: 9c6925990694e75cca9cf0ef54ef5b8c
    SHA-256: afb7c2ea630b6fde52c86eaec635666c4abaa9f448003a4230c71399dc9e4481
    Size: 10.18 MB
  12. python3-test-3.9.19-8.el9.x86_64.rpm
    MD5: 5581913da128db97b261bee901c4ac5d
    SHA-256: 975ead2ecc16bfad00b7374c44bfca0dbbcdc2f327aa5dbf41392001091fb1a9
    Size: 10.17 MB
  13. python3-tkinter-3.9.19-8.el9.i686.rpm
    MD5: cc809233e199f28f998a7f854aeb18d3
    SHA-256: 88141ee5b8f1efaf68e47f470881544986a69fd1261ae882369437ebe35181d3
    Size: 343.41 kB
  14. python3-tkinter-3.9.19-8.el9.x86_64.rpm
    MD5: 6368ce6001d3a9b6bb1cc1a19aaf2bef
    SHA-256: 5a09d201c1000dce3c21c7008b28beb2cc4fde6303a773d202c4c632c93e3e32
    Size: 341.81 kB
  15. python-unversioned-command-3.9.19-8.el9.noarch.rpm
    MD5: 79b860329cc94e8ebd54c43a3ce70521
    SHA-256: af3ded8ef2ae40735fb33bf1ffe6f19cc613838de5c1626ec6a7095722b09bf3
    Size: 8.83 kB