python3.11-3.11.9-7.el8_10
エラータID: AXSA:2024-8834:23
リリース日:
2024/09/26 Thursday - 13:16
題名:
python3.11-3.11.9-7.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Python の ipaddress モジュールには、特定の IPv4 および
IPv6 アドレスがプライベートアドレスかどうかに関する誤った
情報が設定されていること起因して、IANA 特殊用途アドレス
レジストリからの最新情報に沿った値が返されない問題がある
ため、リモートの攻撃者により、サービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2024-4032)
- CPython の email モジュールには、電子メールをシリアル化
する際のヘッダー部の改行の処理に問題があるため、リモート
の攻撃者により、不正なヘッダーの挿入を可能とする脆弱性が
存在します。(CVE-2024-6923)
- CPython の zipfile モジュールの zipfile.ZipFile 内の各メソッド
には、アーカイブ内のエントリの反復処理において無限ループ
の発生に至る問題があるため、リモートの攻撃者により、細工
された ZIP 形式のアーカイブファイルの読み取りを介して、
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-8088)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-4032
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
CVE-2024-8088
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.11-3.11.9-7.el8_10.src.rpm
MD5: 5102680d37f7e067acc2249d35afdd63
SHA-256: 8effa4ddcb8373bff4062af200600f1c86a469325598802f9434ccc72c1ca3c6
Size: 19.32 MB
Asianux Server 8 for x86_64
- python3.11-3.11.9-7.el8_10.i686.rpm
MD5: fdf908bdbb621fd362ce0540cbb1a2c7
SHA-256: 7be7437eeef67a7db6f6b11ec50e72e343d4d05ca135ee27de38a887747f598d
Size: 30.15 kB - python3.11-3.11.9-7.el8_10.x86_64.rpm
MD5: e6a31e3cfe6dabc1983e00b57a4513c8
SHA-256: 8e7266717e372ccee33933d3a098a9c782464ba0108d38155a4696018abb9268
Size: 30.07 kB - python3.11-debug-3.11.9-7.el8_10.i686.rpm
MD5: 47d3c584534dba3dfda5aa68dd171e45
SHA-256: 70d884c960b12366cef24718fec7c592776c78013f8eae0485953c596f9607c9
Size: 3.20 MB - python3.11-debug-3.11.9-7.el8_10.x86_64.rpm
MD5: 074b9f777d554f41a162953d2b33a935
SHA-256: 6a474a0118f880d9cb9858d86407d624c5391ae12fd229cd6d17d9e61016a785
Size: 3.33 MB - python3.11-devel-3.11.9-7.el8_10.i686.rpm
MD5: 8086d52bde39b8ffbf14cbfad3aecb67
SHA-256: bcacf3292af5d90ccb2a4d8ab9f343e0b2cf4bf1987323ed3b090d357daf90a2
Size: 248.00 kB - python3.11-devel-3.11.9-7.el8_10.x86_64.rpm
MD5: 21c63b7aeabd89fbf90f0460c1afe64c
SHA-256: 8f28a0442e9209fa896cdcf1e2c03d865dbc1eb160983450587ab03241a92b78
Size: 247.97 kB - python3.11-idle-3.11.9-7.el8_10.i686.rpm
MD5: 0fc529948d8064ed45a6574d95fefbd3
SHA-256: 1957cbaaf304f3991a17128219ffa5e3b4acab230715148fbf8d74a8c6f395be
Size: 1.32 MB - python3.11-idle-3.11.9-7.el8_10.x86_64.rpm
MD5: c9094864b3519443d431ea1db1e1e3e4
SHA-256: f2c09800096f06875c78d4cbcfae3952f60b7e6b39bf76beaaaf30c7f0444d2b
Size: 1.32 MB - python3.11-libs-3.11.9-7.el8_10.i686.rpm
MD5: acf94bc609b49374ecf91294058e9631
SHA-256: 9959fcf7ddc6cda5c72f568d291cc637ac1075838558119d0913cff4b48ff379
Size: 10.49 MB - python3.11-libs-3.11.9-7.el8_10.x86_64.rpm
MD5: c971a77a69f230d8a67e69950a7f5022
SHA-256: 6a1e5c09754743086db32b4f9c82d16c80114bfc5eda080e91dc5bee3f46493b
Size: 10.40 MB - python3.11-rpm-macros-3.11.9-7.el8_10.noarch.rpm
MD5: 5f4f75bf6c1b2c1ca9a61a8e63cd301a
SHA-256: 46ed5c6e9d383b2e7fb44b8edf54dfd9705d9a4a40a70417c2e6936148e98ba6
Size: 14.52 kB - python3.11-test-3.11.9-7.el8_10.i686.rpm
MD5: f8aa761e285c417538aa98fa930d31f3
SHA-256: 7df2566a67a01c4af9da7252228f0ec4c955a616ea45ac71d4bb84477f88b6ad
Size: 15.69 MB - python3.11-test-3.11.9-7.el8_10.x86_64.rpm
MD5: 7bd25189ebddabd72ed2d6250c116221
SHA-256: 1ba42b443811b911b35c46db08d6d4109a6ed5dc3aca61210632195284fc9177
Size: 15.68 MB - python3.11-tkinter-3.11.9-7.el8_10.i686.rpm
MD5: 17abda5d1dad64758a9765fec28f15d3
SHA-256: 36c07e38f0fe982e4e8592cd2992732be730a8d0469017d919aec10486f22e99
Size: 410.31 kB - python3.11-tkinter-3.11.9-7.el8_10.x86_64.rpm
MD5: dfb98a6c1766469f9db4aa67b9a39b50
SHA-256: 43ecc8a431677ab7c4387955018f8932467a00553f99cf2665dd5f8a4dbe22e4
Size: 408.82 kB
English