python-2.7.5-94.0.5.el7.AXS7
エラータID: AXSA:2025-11503:37
リリース日:
2025/12/10 Wednesday - 09:36
題名:
python-2.7.5-94.0.5.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Python には、無限ループの発生、およびデッドロックに至る問題が
あるため、リモートの攻撃者により、サービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2025-8194)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-8194
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- python-2.7.5-94.0.5.el7.AXS7.x86_64.rpm
MD5: 7d55c253135b065e169e16cb6dc87cfe
SHA-256: 110d20956661608d3276ba0ee72ef09ee0c3a5dfd5f13bf42b782d4cbba96ec0
Size: 97.41 kB - python-devel-2.7.5-94.0.5.el7.AXS7.x86_64.rpm
MD5: e9128200684deead15df4d63e1b3c157
SHA-256: 83bb27f89216b41d02aa82ccfa675afb4df462c8e0f9da1d124dd35346a66bee
Size: 400.05 kB - python-libs-2.7.5-94.0.5.el7.AXS7.i686.rpm
MD5: 7180b5d7a6ae0f50be867b2ed42c6e43
SHA-256: 66cdb7aca2ea2c3c1154f15a6646a3413e270aa8bd46776f4fe709718a797bdf
Size: 5.60 MB - python-libs-2.7.5-94.0.5.el7.AXS7.x86_64.rpm
MD5: cd0fcdeaa17cb79e9b4770b29408b129
SHA-256: 30a2b45dfa0cc2dcb8c3be7f1f7e6950788bdf35d7dea5fab106c5d719e75bc2
Size: 5.65 MB
English