python3.11-3.11.11-1.el8_10
エラータID: AXSA:2024-9396:32
リリース日:
2024/12/17 Tuesday - 10:27
題名:
python3.11-3.11.11-1.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- CPython の venv モジュールおよびコンソールには、仮想
環境の作成時に指定するパス名に引用符を付加しない問題が
あるため、ローカルの攻撃者により、細工された仮想環境の
アクティベーションスクリプトの実行を介して、任意の
コマンドの実行を可能とする脆弱性が存在します。
(CVE-2024-9287)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
追加情報:
N/A
ダウンロード:
SRPMS
- python3.11-3.11.11-1.el8_10.src.rpm
MD5: 0899dbb2097e7f61504d6fde6a1d3bb0
SHA-256: 881d0d5e9554821131c7761cc2440fc46639c7035322323c7a2a303cfa2f8f8d
Size: 19.22 MB
Asianux Server 8 for x86_64
- python3.11-3.11.11-1.el8_10.i686.rpm
MD5: 9c035f1cb0c105e1b49f7d45f3ec4f13
SHA-256: fab2ba28026bd7e4e66738543fa77451444fc8306709afe06950b09a8bdeddbe
Size: 30.34 kB - python3.11-3.11.11-1.el8_10.x86_64.rpm
MD5: f7159dfe61e19c7259a93a3cea214243
SHA-256: 165807cf8cd6555f7c91d4f78c19990769db20e3af73fa0307b0a6f1729942ce
Size: 30.25 kB - python3.11-debug-3.11.11-1.el8_10.i686.rpm
MD5: b05369a7df06f0995b86fe2ec00c7c91
SHA-256: e5e54809085e1de91c0577ef253ea6c8c13298528a5d628f88234633177effd1
Size: 3.20 MB - python3.11-debug-3.11.11-1.el8_10.x86_64.rpm
MD5: a36febeb09ee98be0da57231bfe60ca6
SHA-256: 7a29fad101377fe8a2bc09355aad8c62f46e07034fa284dd24c7a1d72db2da0e
Size: 3.33 MB - python3.11-devel-3.11.11-1.el8_10.i686.rpm
MD5: 88487bf8debf8871390274004b3c0ae4
SHA-256: f0ffd5205090f36de1631ee9ffb5a7d6a3a405ad4434fa4af225e3226cfdaf99
Size: 248.20 kB - python3.11-devel-3.11.11-1.el8_10.x86_64.rpm
MD5: a119f5b614a9977171c5f23ed125d5dc
SHA-256: bd81cceadb9eb3ec52bfd11b6454069075dc5b6d827ce21cf0a63fd1cdd2027d
Size: 248.16 kB - python3.11-idle-3.11.11-1.el8_10.i686.rpm
MD5: 2a5426bc833f8f861b1a65cd6a15fa11
SHA-256: d8956367cc31ad02449a6db021dba740cfcbd7830cb9f560b3d55264deb913c9
Size: 1.32 MB - python3.11-idle-3.11.11-1.el8_10.x86_64.rpm
MD5: c0973d249d41f04afa17eec25176b861
SHA-256: 1ece5bce9e37c3fc22fb4571da428c36d06d38bb14ce1de22b43b7e738f493ec
Size: 1.32 MB - python3.11-libs-3.11.11-1.el8_10.i686.rpm
MD5: 2ed19d715e9d313dbe4b077a84dae4bc
SHA-256: dd285a66e9202a32cf05bf74e77b395ea6452a8a88e4b183a8e500911b82004a
Size: 10.50 MB - python3.11-libs-3.11.11-1.el8_10.x86_64.rpm
MD5: 1741d4e1372fb5ac81f8005ea8cfca5d
SHA-256: 9a9535333a44a46c528c420030f9147f8a04be63b2f4913716b75ef4cfa9db3b
Size: 10.39 MB - python3.11-rpm-macros-3.11.11-1.el8_10.noarch.rpm
MD5: dba406796e423c8ac549f5076d60cac7
SHA-256: ef31b1c52a6a348376143bb3f88d5d3f5f1b6397f3e85269dc3365092f61d3fc
Size: 14.70 kB - python3.11-test-3.11.11-1.el8_10.i686.rpm
MD5: 1651b7cfe2a04bcd05cf45f802075226
SHA-256: 36ed54b5b0f2463e356d75f6bc3155f36aa1e3cdddf808d9101652413d4f97f8
Size: 15.70 MB - python3.11-test-3.11.11-1.el8_10.x86_64.rpm
MD5: c4445492b6f667e15f5d1ccfbaa45314
SHA-256: b94959c7795660cd2b3ea61a017a31845dc84d0d97eac4737d2a2590f07777f8
Size: 15.69 MB - python3.11-tkinter-3.11.11-1.el8_10.i686.rpm
MD5: 5d7d02ceb21b19422d9658cb14cfce7a
SHA-256: 3ba094dd871b56750e9ef8c9346d4ae13fbaea7d0601e0bd0606296ddc8acbed
Size: 410.41 kB - python3.11-tkinter-3.11.11-1.el8_10.x86_64.rpm
MD5: ab26a060cd42d9d1bbcada28bfabf277
SHA-256: 40dabc169b9e7b27651bf15bf553a1359523d13c36ff3c36c8d3eede0c81f2b0
Size: 408.91 kB
English