python3.11-3.11.9-7.el9_5.2

エラータID: AXSA:2024-9495:34

Release date: 
Wednesday, December 25, 2024 - 14:33
Subject: 
python3.11-3.11.9-7.el9_5.2
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: Virtual environment (venv) activation scripts don't quote paths (CVE-2024-9287)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.

Solution: 

Update packages.

CVEs: 
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.11-3.11.9-7.el9_5.2.src.rpm
    MD5: 1f77c88968f6234ffdc23771e4245d90
    SHA-256: f5c520d203171ca2c02300770b7498bf43e7ddb466dc6cbf57b084e9fad912bb
    Size: 19.33 MB

Asianux Server 9 for x86_64
  1. python3.11-3.11.9-7.el9_5.2.i686.rpm
    MD5: da2e6abdeeb19921c93d803c886c0e81
    SHA-256: 9436175f931204fc0f7734e48f72feaaf2e0d723ec5a05ee585b4f020b57926c
    Size: 27.04 kB
  2. python3.11-3.11.9-7.el9_5.2.x86_64.rpm
    MD5: 798467023b9d17af752d0349bf96a790
    SHA-256: 8624ddef20ba211de5bb31626bcd2b8f32a5683b0b208464d1cdeebe68254702
    Size: 26.97 kB
  3. python3.11-debug-3.11.9-7.el9_5.2.i686.rpm
    MD5: 85b356e14e2a8b26cfc0047b54dc1158
    SHA-256: 8e18713b54f6cad0c29782cbb2f403e36200c60ccf3d963f88f2bbc8212fac9a
    Size: 3.25 MB
  4. python3.11-debug-3.11.9-7.el9_5.2.x86_64.rpm
    MD5: 82153888e37f246463c5542503586dc7
    SHA-256: 0fac271f87c54282f680505559e391a810988dbc1b162b7adf66481340005238
    Size: 3.41 MB
  5. python3.11-devel-3.11.9-7.el9_5.2.i686.rpm
    MD5: dc410e8dc5e8c054f3e39bd645bab092
    SHA-256: 92274f8823baca52acf474975605e51a1fb8faa5049fef3454971b263b8709f5
    Size: 281.66 kB
  6. python3.11-devel-3.11.9-7.el9_5.2.x86_64.rpm
    MD5: 3f72a5c6a2f6146581fd2c4726ca272f
    SHA-256: ff7b8d90b20ffbef73013341cdeff4aa6bd62dafc49b0a4deff517cde3da9f84
    Size: 281.77 kB
  7. python3.11-idle-3.11.9-7.el9_5.2.i686.rpm
    MD5: d03ff71a3cbd982a87ceb1d86c2b8a68
    SHA-256: f52f0abf2c0f13ec838a539fa4847ffd0124c3a4d8cb41211c02122152c0f74b
    Size: 1.09 MB
  8. python3.11-idle-3.11.9-7.el9_5.2.x86_64.rpm
    MD5: 7c561dbac08cff817bed10c4c7f0187a
    SHA-256: d8492e54ccb6c688d51d4b01f8908d309ccbf9f821c4a329f821b599ddfb5637
    Size: 1.09 MB
  9. python3.11-libs-3.11.9-7.el9_5.2.i686.rpm
    MD5: 1f02bd2dc81eb53a79585d3dfcb4258e
    SHA-256: 3a7488f4985520f4ca5e648d9e51e2154d161ac198b022e23c2750a759b6b9f5
    Size: 10.22 MB
  10. python3.11-libs-3.11.9-7.el9_5.2.x86_64.rpm
    MD5: 86ed35565fdacd550737b23c615f3f91
    SHA-256: 4022ef0ceea152af854de2e7552a9da9951c3b02434d6024d3a500e7fe3975ea
    Size: 10.17 MB
  11. python3.11-test-3.11.9-7.el9_5.2.i686.rpm
    MD5: 9e3c7e18f2d5503624cb4a59fd272f19
    SHA-256: 04809aab578045a6a2d0eb062d04e9ffc1e083d72392e24afc618c5d52184d89
    Size: 15.31 MB
  12. python3.11-test-3.11.9-7.el9_5.2.x86_64.rpm
    MD5: e49743ba9a1963030bcecb4562a4bd15
    SHA-256: 2bf5abb82bdd2acd0e1aec3ebb57a45bfa568ee57d724b2c4ba7f980a0e4269a
    Size: 15.31 MB
  13. python3.11-tkinter-3.11.9-7.el9_5.2.i686.rpm
    MD5: 4691892e49821f9c93492a90621854b4
    SHA-256: a808a7b992e358f2f0f466133d6464bc4a5771c0494729896d745f0af6092fda
    Size: 429.65 kB
  14. python3.11-tkinter-3.11.9-7.el9_5.2.x86_64.rpm
    MD5: 3230016bf5599e676d985fde6aaa5092
    SHA-256: 0a3810ad6cd01bf6889a0a9aa4c33e6e3bdeb923dece84013782531c350c2c19
    Size: 428.14 kB