python3.9-3.9.21-1.el9_5
エラータID: AXSA:2024-9439:09
Release date:
Thursday, December 19, 2024 - 23:01
Subject:
python3.9-3.9.21-1.el9_5
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
Python is an interpreted, interactive, object-oriented programming language,
which includes modules, classes, exceptions, very high level dynamic data types
and dynamic typing. Python supports interfaces to many system calls and
libraries, as well as to various windowing systems.
Security Fix(es):
python: Virtual environment (venv) activation scripts don't quote paths
(CVE-2024-9287)
python: Improper validation of IPv6 and IPvFuture addresses (CVE-2024-11168)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2024-9287
CVE-2024-11168
Solution:
Update packages.
CVEs:
CVE-2024-11168
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
Additional Info:
N/A
Download:
SRPMS
- python3.9-3.9.21-1.el9_5.src.rpm
MD5: 38bb05363dec0dd405c1d43ba429ed65
SHA-256: eda2886a7193f30378c43a9efdf31befecad079a2155ab34b47ece3324b60373
Size: 19.33 MB
Asianux Server 9 for x86_64
- python3-3.9.21-1.el9_5.i686.rpm
MD5: 32915252023e179486b15b8ba13f72a4
SHA-256: cfaa32d45f5858362e650492b6c8d7c3146ffb994d6d33d5a69053ddd313dcbd
Size: 25.93 kB - python3-3.9.21-1.el9_5.x86_64.rpm
MD5: 397d15820e319a97fbbfa7afcd2e3e2e
SHA-256: fb8f9ebfd08050d26b92b70d9637e460e9693c31273cfd3a49afe85ea9eea7fd
Size: 25.87 kB - python3-debug-3.9.21-1.el9_5.i686.rpm
MD5: fe696bb4c515e4bc9fd4f5b211ad692e
SHA-256: 495cc9f90a752c0f75343405057171f4e75d89d22609535a8d9fb6c05fcd7a35
Size: 2.88 MB - python3-debug-3.9.21-1.el9_5.x86_64.rpm
MD5: edb9d59c9e6a39a27a972acbf2dba6da
SHA-256: 349cb7f99e81829a6408ee5dfecbfd3aab8563ac51d958f55aff5ea8d2fa2286
Size: 3.04 MB - python3-devel-3.9.21-1.el9_5.i686.rpm
MD5: 941f7cf283a8459d460b7ce9727f8534
SHA-256: 4600a2adfe937dc849f2421ffcc8189160fe1629a255b8f7c895956eda6c4101
Size: 245.13 kB - python3-devel-3.9.21-1.el9_5.x86_64.rpm
MD5: ded14c6726b874f643d5a290101d1fbb
SHA-256: 7e1c2aba87115d342599c7bd85f1dda86cc74f54738d630448de160a57cf095c
Size: 245.06 kB - python3-idle-3.9.21-1.el9_5.i686.rpm
MD5: d0ca3beaac564fa77aaf7327168f67ce
SHA-256: 817adbde3eb393b6c9249ec2e91cc6a55075b89454701ff329134089d6b66c11
Size: 888.95 kB - python3-idle-3.9.21-1.el9_5.x86_64.rpm
MD5: 2c873b9c8a765fbd7a7e06c08d519f43
SHA-256: 6ec1c83d589d51b821db09606051d426a1046f11f4b27f70990a862b6818de43
Size: 888.92 kB - python3-libs-3.9.21-1.el9_5.i686.rpm
MD5: 104e7641b4908f3e346e4959b977a817
SHA-256: 2b324979f4d809966f17da1fabe81c2e0aa473a0bf89953c7737c045a8031fbd
Size: 8.11 MB - python3-libs-3.9.21-1.el9_5.x86_64.rpm
MD5: d1e3a30235beaee89cb7de0541c6e359
SHA-256: e1b0417359a78692d397b95aaeb027a6c65653e4161aa52c1d115a37d66b141f
Size: 8.05 MB - python3-test-3.9.21-1.el9_5.i686.rpm
MD5: 88767c1eb389b0954048947b39f24b7c
SHA-256: 9164e681ea15cbeed003fe6509571e280e339b77c8023502a7394d6480eec3c3
Size: 10.19 MB - python3-test-3.9.21-1.el9_5.x86_64.rpm
MD5: ca15c49f86ad2786ce31da371012a410
SHA-256: 9b4b554db192874ad7a42fbf0636a8b2025d1814c304e942cf1cfde16d69a55f
Size: 10.18 MB - python3-tkinter-3.9.21-1.el9_5.i686.rpm
MD5: d24fadeaac7ab07b985065ee1f4b0ca2
SHA-256: 963b8fe81754336cf729669bdee2f15e198f13e8d3366f301c70665d669073d4
Size: 343.72 kB - python3-tkinter-3.9.21-1.el9_5.x86_64.rpm
MD5: 785e0926eb26b568105858316e992225
SHA-256: 5ec311a0c4852fb399b85ba059f4158f0935475c2a6a60dbf54d6beff907e7cc
Size: 342.16 kB - python-unversioned-command-3.9.21-1.el9_5.noarch.rpm
MD5: ce8f0822b2a6f469a4533536ada46e1d
SHA-256: 9da551f52ac061f89c816dbb98fb23e8abdea495121c6155593de1a98858e6d0
Size: 9.07 kB
日本語