python3-3.6.8-62.el8.ML.1
エラータID: AXSA:2024-8353:03
リリース日:
2024/06/18 Tuesday - 16:51
題名:
python3-3.6.8-62.el8.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- CPython の tempfile.TemporaryDirectory クラスには、
シンボリックリンクによって参照されるファイルの
アクセス権限の不正な変更を許容してしまう問題が
あるため、ローカルの攻撃者により、特権での実行が
可能な細工されたプログラムの実行を介して、情報の
漏洩、およびデータ破壊などを可能とする脆弱性が
存在します。(CVE-2023-6597)
- CPython の zipfile モジュールには、クォート記号で
括られた ZIP 爆弾ファイルの展開を許容してしまう問題
があるため、ローカルの攻撃者により、細工された ZIP
形式のファイルの処理を介して、サービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2024-0450)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-6597
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
CVE-2024-0450
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
追加情報:
N/A
ダウンロード:
SRPMS
- python3-3.6.8-62.el8.ML.1.src.rpm
MD5: 3dd65163d3b06df358f5fe69d341c300
SHA-256: ee14ee13878623f2e79fb5bf7a67a2cb61c08ceb8706c37cf53667ab03741973
Size: 18.32 MB
Asianux Server 8 for x86_64
- platform-python-3.6.8-62.el8.ML.1.i686.rpm
MD5: 01a41bb696fa6fa727342c84b62fb31f
SHA-256: dc39f31f9daf17feb342343e72b01894b929b2a7cd5afe49f38800b68cbbab13
Size: 86.57 kB - platform-python-3.6.8-62.el8.ML.1.x86_64.rpm
MD5: 67a22e7298aa5b2b8b71d229288b7c21
SHA-256: 7d5581cdd50816c3593b774cbff3701ee8b3d773f313d2485f1ee00392623b62
Size: 86.64 kB - platform-python-debug-3.6.8-62.el8.ML.1.i686.rpm
MD5: 6e1e21e8845983c1e42baa487bc257d3
SHA-256: 5920b18e0509463b5be45dc87f4ce4b2c7d25a8cd4d0a4186ec725e90c0e7ee3
Size: 2.72 MB - platform-python-debug-3.6.8-62.el8.ML.1.x86_64.rpm
MD5: 08de0f0af3bea5968e03a923d3d6a2ef
SHA-256: 933ba3e0c26e1b5a1f9775152da79bd6325cbf6c6c885e2338808311f1d9e6fd
Size: 2.68 MB - platform-python-devel-3.6.8-62.el8.ML.1.i686.rpm
MD5: d2cf14318fb635667b4c58103c674376
SHA-256: c30daf0795a1c4457e61e800d4904ee7d3bd383a20c9517b519725e4e73f0b4e
Size: 239.91 kB - platform-python-devel-3.6.8-62.el8.ML.1.x86_64.rpm
MD5: 43af3cfd5efe49cb9460d09cd6622654
SHA-256: 800bbdb388697a84bd3d5da28cf8e0333c887c9ee1a69f62518b3e8ac339e6b5
Size: 240.16 kB - python3-idle-3.6.8-62.el8.ML.1.i686.rpm
MD5: 725812c11bde6117ec323c2d24885d59
SHA-256: e40d935b56b6340cf0d3924cb157ef770493e9237db84e01559f0e39927e8264
Size: 828.00 kB - python3-idle-3.6.8-62.el8.ML.1.x86_64.rpm
MD5: e8d4a5fc30668bfc23e4fdbd328c2c90
SHA-256: 9c4b84c7dc4542db3e3b580e677e0fcabca26374bd8ac0a3cbf996d94d7a3ab1
Size: 828.01 kB - python3-libs-3.6.8-62.el8.ML.1.i686.rpm
MD5: a15ff7a72cfefbc605a56d45d9b5a349
SHA-256: 6c50484a2a96c7ddbfb0800b12024aed33aa57d5f8f8f3cf6eafc545f9cbec93
Size: 7.90 MB - python3-libs-3.6.8-62.el8.ML.1.x86_64.rpm
MD5: d5bc56334446d65c5581f7d6bd8b9829
SHA-256: 6cf60d47547de1b0adf53251b216c1f91ecc9d3aaac4a79658571565cd6a67c7
Size: 7.83 MB - python3-test-3.6.8-62.el8.ML.1.i686.rpm
MD5: b2edd007470b5104a710eb3c7be2dec8
SHA-256: 9f3e8a7dbe36df533899d784ad888ff7b35f19156f3e738e6316461f21270b4f
Size: 8.69 MB - python3-test-3.6.8-62.el8.ML.1.x86_64.rpm
MD5: adab90631377327ac98ee1d73e5232ba
SHA-256: 15d077ae3c6a610f70394d350c818fd1e056fb23e5059dc2bdc4d5948641abba
Size: 8.68 MB - python3-tkinter-3.6.8-62.el8.ML.1.i686.rpm
MD5: 6133844e6088c14bb321467fcef93433
SHA-256: 81ae6dfb635c0fd21f674fc4e7676d6d31777c2103df8e11963270927e2a1049
Size: 374.78 kB - python3-tkinter-3.6.8-62.el8.ML.1.x86_64.rpm
MD5: ad51597f2ec63ecfd4ba5bf28ccad090
SHA-256: e11ff4f174b1f3d54416c713b98e615fdc249551252f2d877617f66268bcb5fc
Size: 373.43 kB
English