python3-3.6.8-67.el8_10.ML.1
エラータID: AXSA:2024-8859:05
リリース日:
2024/09/27 Friday - 17:08
題名:
python3-3.6.8-67.el8_10.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Python の ipaddress モジュールには、特定の IPv4 および
IPv6 アドレスがプライベートアドレスかどうかに関する
誤った情報が設定されていること起因して、IANA 特殊用途
アドレスレジストリからの最新情報に沿った値が返されない
問題があるため、リモートの攻撃者により、サービス拒否攻撃
を可能とする脆弱性が存在します。(CVE-2024-4032)
- CPython には、リモートの攻撃者により、巧妙に細工された
TAR 形式のアーカイブファイルの処理を介して、正規表現
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-6232)
- CPython の email モジュールには、電子メールをシリアル化
する際のヘッダー部の改行の処理に問題があるため、リモート
の攻撃者により、不正なヘッダーの挿入を可能とする脆弱性が
存在します。(CVE-2024-6923)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-4032
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
追加情報:
N/A
ダウンロード:
SRPMS
- python3-3.6.8-67.el8_10.ML.1.src.rpm
MD5: f883bf0710dd6c6f766fd4d74d12a4f6
SHA-256: a2e0b3a8d60d53d2913ff9070b8607d65e1ec15ca4856a87d5527ce0ba183d37
Size: 18.33 MB
Asianux Server 8 for x86_64
- platform-python-3.6.8-67.el8_10.ML.1.i686.rpm
MD5: 4548d2ae1cbfa9b1d22c5128062d2831
SHA-256: fe83a60c9b2d0b1b03296283d875011f860d18490087b7bb9416806bf85e55a8
Size: 87.37 kB - platform-python-3.6.8-67.el8_10.ML.1.x86_64.rpm
MD5: f3c35a49f7402abf2bbb0035e7c6b7c3
SHA-256: 78f4afd1100f194815e61a262f4e9d248470d5071f86ad13fd6dc86c2f27ea94
Size: 87.43 kB - platform-python-debug-3.6.8-67.el8_10.ML.1.i686.rpm
MD5: dc35b0ea12ec4da8963ebc448949dd54
SHA-256: e6f75c3c117097077ea7055530cbd231a32e984640060ec798516cf75574b4d7
Size: 2.72 MB - platform-python-debug-3.6.8-67.el8_10.ML.1.x86_64.rpm
MD5: 0612040c933beee03427884a39b6c92b
SHA-256: 37d9da656cc5604b572fb9d033780884765074e2a8590fa9566a7e3879283fb4
Size: 2.68 MB - platform-python-devel-3.6.8-67.el8_10.ML.1.i686.rpm
MD5: 05ac9013edfbba1473b86a72bada13e8
SHA-256: 9465983eb901afb0ee40bebdfd3550e046c0c171aed3778d1247fdcaab9bf2be
Size: 240.69 kB - platform-python-devel-3.6.8-67.el8_10.ML.1.x86_64.rpm
MD5: 1238d5a959fed083e287576197818854
SHA-256: f2beae7f2b37a0e22252974b1e8d96acdfde862d245ed7bd174e442ca22645f8
Size: 240.94 kB - python3-idle-3.6.8-67.el8_10.ML.1.i686.rpm
MD5: ffe104d1089c1eb74d931c72681de3fd
SHA-256: abaca3db5bcc10c29037cf46229d7cf7bc2fb6db99cb13663f08f5e2eec22aac
Size: 828.79 kB - python3-idle-3.6.8-67.el8_10.ML.1.x86_64.rpm
MD5: ee1ea082c5d68c60b9140f0224be6492
SHA-256: 8a345e3edb8bd7ed2c399c830629273879fbcf6d2075f7258331521e2d1ae21f
Size: 828.79 kB - python3-libs-3.6.8-67.el8_10.ML.1.i686.rpm
MD5: f8f040c24f9392028c8c165112d28ce9
SHA-256: 482a78d3c09a570c648d2a6cb2809ac608b7b42041fbe71a91ccfa1aa1e45e20
Size: 7.90 MB - python3-libs-3.6.8-67.el8_10.ML.1.x86_64.rpm
MD5: b3d0669eac03f20b9b3bf4dfa86ace66
SHA-256: ebe5e4501ffa16ebcc6e58da815a4d029449a00b5f84f0b540087fa450a94a22
Size: 7.84 MB - python3-test-3.6.8-67.el8_10.ML.1.i686.rpm
MD5: 536ee1db1e35d69801da03493e9b0104
SHA-256: 3514f72ddb44a2f5035be52f83229f47a584144919e88295b21a31e895abab78
Size: 8.69 MB - python3-test-3.6.8-67.el8_10.ML.1.x86_64.rpm
MD5: 3398ccb387145a3795bd9abe82cbf94f
SHA-256: 938035191aa235d32944bbcf761d9fb6540573d30933080cc34d7a84c4821dbe
Size: 8.70 MB - python3-tkinter-3.6.8-67.el8_10.ML.1.i686.rpm
MD5: 17000a7c166db982b56aeacabb6908d0
SHA-256: f2ce4aa054aab9047d48f234c320b1694891e0170d7d662732fec31220288b09
Size: 375.67 kB - python3-tkinter-3.6.8-67.el8_10.ML.1.x86_64.rpm
MD5: 2df566503935876e96537e8689d0569d
SHA-256: 2d3d1660a10b3833c12d88c4bd7d7fbaf290c63c164ccd24389a6706b282bf65
Size: 374.12 kB