python3.12-3.12.3-2.el8_10
エラータID: AXSA:2024-8530:01
リリース日:
2024/07/05 Friday - 16:16
題名:
python3.12-3.12.3-2.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- CPython の zipfile モジュールには、クォート記号で括られた
ZIP 爆弾ファイルの展開を許容してしまう問題があるため、
ローカルの攻撃者により、細工された ZIP 形式のファイルの
処理を介して、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2024-0450)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-0450
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.12-3.12.3-2.el8_10.src.rpm
MD5: 1140f6044f957a7652cc55e12aabb5fe
SHA-256: 8092865c30f8d5cef906f1c480bb7f54bec7daaf80418b5a75a495d7220c2169
Size: 19.74 MB
Asianux Server 8 for x86_64
- python3.12-3.12.3-2.el8_10.i686.rpm
MD5: f8771a63e1de776a7c78fdfd6f3d931d
SHA-256: e4a181222c83e2ae5556c87773476881a8c3042467028fb9127fdd290755552c
Size: 28.75 kB - python3.12-3.12.3-2.el8_10.x86_64.rpm
MD5: 862918c845635871e96984703c5249e0
SHA-256: 488946696a3b1d03583fd66cbc7b790edc4d3b927eb17bc067dfcdb9788ae83f
Size: 28.67 kB - python3.12-debug-3.12.3-2.el8_10.i686.rpm
MD5: 8b3223762b0c6e6895c2949899c914dd
SHA-256: 7b612a73bbd3f254dce1c30ef5002787198cf1786ae78d8d6d02cb5a46228a2e
Size: 3.47 MB - python3.12-debug-3.12.3-2.el8_10.x86_64.rpm
MD5: 2633f39adb2f0b66c15593130a82f426
SHA-256: 0891cfeee25f986dc89cdafa2570ee421e6447119b80e99d9ce83d7f8a55fd67
Size: 3.65 MB - python3.12-devel-3.12.3-2.el8_10.i686.rpm
MD5: cb397c7cd5b0fc2d1a5ac0476d737802
SHA-256: ba378134b600a89789f8a2c4e1d03d8afc5733573afef8913b18d648e650577b
Size: 288.73 kB - python3.12-devel-3.12.3-2.el8_10.x86_64.rpm
MD5: 9a8bf3f6c8333b3eaa48f3c983930536
SHA-256: d5203dda64b02c2d8f14bc63be309d1783c87e8ea23077db6d03bfbc7d30286d
Size: 288.63 kB - python3.12-idle-3.12.3-2.el8_10.i686.rpm
MD5: f5dc05c996a586a6a2284d862377f0db
SHA-256: 765575fb619719558cd25b3c9d2285d53aa40ae007e1bdc21f14978bb7fe617e
Size: 1.29 MB - python3.12-idle-3.12.3-2.el8_10.x86_64.rpm
MD5: 989dfee6b12787acff795e9e65793917
SHA-256: 3e17ea7dcfc21e84d647332acbbe5d2bd575fd9fc71373e7f4fee0c09ed594b5
Size: 1.29 MB - python3.12-libs-3.12.3-2.el8_10.i686.rpm
MD5: f7247890eb940548ad6d6e6e66eb7f73
SHA-256: 851ea9259cf22eeaacda94fe74ae86de3554425717e05a37c3ad761335bcb094
Size: 10.09 MB - python3.12-libs-3.12.3-2.el8_10.x86_64.rpm
MD5: 84d05468ce46e3b8a07c3f365244f0ff
SHA-256: b3ad53f26e8e72af65f95b890a848f0d7a7dff05f1d1276f774ea814fe64aba4
Size: 10.01 MB - python3.12-rpm-macros-3.12.3-2.el8_10.noarch.rpm
MD5: 0b40d3c365c209272e5b5d02e2e671d8
SHA-256: d7f84144f3f047b2b2d2b0a61eb1c8243edafbc530670332843f7680c216b3fc
Size: 15.10 kB - python3.12-test-3.12.3-2.el8_10.i686.rpm
MD5: 8323eda724a33c10532eeddf9de2a91b
SHA-256: 0d9ac352bda857ab3d2d33553f14fe9ee4a8a4365544337743bf1ea7c54fdfac
Size: 15.67 MB - python3.12-test-3.12.3-2.el8_10.x86_64.rpm
MD5: 36dd5c754f35f73cd9b51788539e7fab
SHA-256: b2a123b3bf028bf50645a4df084b4c443cea59913e819d3ca272bfd7ad5264d7
Size: 15.67 MB - python3.12-tkinter-3.12.3-2.el8_10.i686.rpm
MD5: 07c81c3579f4adaed6f16dd42a53ab65
SHA-256: b78d662caaea252879ea8c76d8980815b8fcd50527367a543fc367246abea9ad
Size: 399.70 kB - python3.12-tkinter-3.12.3-2.el8_10.x86_64.rpm
MD5: 5d88df34d4e691fdde8ac8af55b013e4
SHA-256: 2476edcab9023412cb3d8830536e894506ff42ef02cb962f33c8c5b3632470e6
Size: 398.63 kB
English