ALSA-2023:7034

Source
https://errata.almalinux.org/8/ALSA-2023-7034.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:7034.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2023:7034
Related
Published
2023-11-14T00:00:00Z
Modified
2023-11-23T10:19:52Z
Summary
Moderate: python39:3.9 and python39-devel:3.9 security update
Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: tarfile module directory traversal (CVE-2007-4559)
  • python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8 / python39

Package

Name
python39

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.18-1.module_el8.9.0+3672+853baa42

AlmaLinux:8 / python39-Cython

Package

Name
python39-Cython

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.29.21-5.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-Cython

Package

Name
python39-Cython

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.29.21-5.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-PyMySQL

Package

Name
python39-PyMySQL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.1-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-attrs

Package

Name
python39-attrs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.3.0-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-cffi

Package

Name
python39-cffi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14.3-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-cffi

Package

Name
python39-cffi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14.3-2.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-chardet

Package

Name
python39-chardet

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.4-19.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-cryptography

Package

Name
python39-cryptography

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.1-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-cryptography

Package

Name
python39-cryptography

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.1-2.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-debug

Package

Name
python39-debug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.18-1.module_el8.9.0+3672+853baa42

AlmaLinux:8 / python39-devel

Package

Name
python39-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.18-1.module_el8.9.0+3672+853baa42

AlmaLinux:8 / python39-idle

Package

Name
python39-idle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.18-1.module_el8.9.0+3672+853baa42

AlmaLinux:8 / python39-idna

Package

Name
python39-idna

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-iniconfig

Package

Name
python39-iniconfig

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-libs

Package

Name
python39-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.18-1.module_el8.9.0+3672+853baa42

AlmaLinux:8 / python39-lxml

Package

Name
python39-lxml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.5-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-lxml

Package

Name
python39-lxml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.5-1.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-mod_wsgi

Package

Name
python39-mod_wsgi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.7.1-7.module_el8.9.0+3634+fb2a896c

AlmaLinux:8 / python39-more-itertools

Package

Name
python39-more-itertools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.0-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-numpy

Package

Name
python39-numpy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-numpy

Package

Name
python39-numpy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-numpy-doc

Package

Name
python39-numpy-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-numpy-f2py

Package

Name
python39-numpy-f2py

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-numpy-f2py

Package

Name
python39-numpy-f2py

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-packaging

Package

Name
python39-packaging

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.4-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pip

Package

Name
python39-pip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.2.4-8.module_el8.9.0+3634+fb2a896c

AlmaLinux:8 / python39-pip-wheel

Package

Name
python39-pip-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.2.4-8.module_el8.9.0+3634+fb2a896c

AlmaLinux:8 / python39-pluggy

Package

Name
python39-pluggy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.1-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-ply

Package

Name
python39-ply

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.11-10.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-psutil

Package

Name
python39-psutil

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.0-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-psutil

Package

Name
python39-psutil

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.0-4.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-psycopg2

Package

Name
python39-psycopg2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.6-2.module_el8.7.0+3344+df07b58a

AlmaLinux:8 / python39-psycopg2-doc

Package

Name
python39-psycopg2-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.6-2.module_el8.7.0+3344+df07b58a

AlmaLinux:8 / python39-psycopg2-tests

Package

Name
python39-psycopg2-tests

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.6-2.module_el8.7.0+3344+df07b58a

AlmaLinux:8 / python39-py

Package

Name
python39-py

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.0-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pybind11

Package

Name
python39-pybind11

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pybind11

Package

Name
python39-pybind11

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1-1.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-pybind11-devel

Package

Name
python39-pybind11-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1-1.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-pybind11-devel

Package

Name
python39-pybind11-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pycparser

Package

Name
python39-pycparser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.20-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pyparsing

Package

Name
python39-pyparsing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.7-5.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pysocks

Package

Name
python39-pysocks

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pytest

Package

Name
python39-pytest

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pyyaml

Package

Name
python39-pyyaml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.1-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pyyaml

Package

Name
python39-pyyaml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.1-1.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-requests

Package

Name
python39-requests

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.25.0-3.module_el8.9.0+3634+fb2a896c

AlmaLinux:8 / python39-rpm-macros

Package

Name
python39-rpm-macros

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.18-1.module_el8.9.0+3672+853baa42

AlmaLinux:8 / python39-scipy

Package

Name
python39-scipy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4-5.module_el8.9.0+3634+fb2a896c

AlmaLinux:8 / python39-setuptools

Package

Name
python39-setuptools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
50.3.2-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-setuptools-wheel

Package

Name
python39-setuptools-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
50.3.2-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-six

Package

Name
python39-six

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.0-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-test

Package

Name
python39-test

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.18-1.module_el8.9.0+3672+853baa42

AlmaLinux:8 / python39-tkinter

Package

Name
python39-tkinter

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.18-1.module_el8.9.0+3672+853baa42

AlmaLinux:8 / python39-toml

Package

Name
python39-toml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.1-5.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-urllib3

Package

Name
python39-urllib3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.25.10-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-wcwidth

Package

Name
python39-wcwidth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.5-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-wheel

Package

Name
python39-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.35.1-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-wheel-wheel

Package

Name
python39-wheel-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.35.1-4.module_el8.6.0+2780+a40f65e1