python-2.7.5-94.0.2.el7.AXS7
エラータID: AXSA:2024-8864:47
リリース日:
2024/09/30 Monday - 14:52
題名:
python-2.7.5-94.0.2.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Python の e-mail モジュールには、特殊文字が含まれる
電子メールアドレスを誤って解析してしまう問題がある
ため、リモートの攻撃者により、通常送信が拒否される
電子メールアドレスからのメッセージの送信を可能と
する脆弱性が存在します。(CVE-2023-27043)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- python-2.7.5-94.0.2.el7.AXS7.x86_64.rpm
MD5: d793d85b362e1d5ac33f02c04b46f2f3
SHA-256: f068e57cfe648b91f63a59d154b3ea59523c61380d065922b9ac251b07bbd530
Size: 96.59 kB - python-devel-2.7.5-94.0.2.el7.AXS7.x86_64.rpm
MD5: 15af6a99634d3474ed7c79b67cfe617f
SHA-256: 7136d43b821e5b637b13bd46a7f1272a8cb1719dd12ec305e8bff0955f5eb318
Size: 399.23 kB - python-libs-2.7.5-94.0.2.el7.AXS7.i686.rpm
MD5: 2a6c0446eaafcc8c33b2037722c27605
SHA-256: 77b00279e56cd76fcda261e88da4a8bab76955593b49c6bc97b50223bf5a7287
Size: 5.60 MB - python-libs-2.7.5-94.0.2.el7.AXS7.x86_64.rpm
MD5: 60d5c1f8151a18b160be31e09ccd9da8
SHA-256: cc34c301db61ef42acf2e18a7f398f22624d378f69ad8fa527a4ac92a68b8bf6
Size: 5.65 MB