ALSA-2024:3466

Source
https://errata.almalinux.org/8/ALSA-2024-3466.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:3466.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2024:3466
Related
Published
2024-05-29T00:00:00Z
Modified
2024-05-31T15:26:20Z
Summary
Important: python39:3.9 and python39-devel:3.9 security update
Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python39:3.9/python39: python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)
  • python39:3.9/python39: python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)
  • python39:3.9/python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (CVE-2024-3651)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / python39

Package

Name
python39

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.19-1.module_el8.10.0+3849+a48d89aa

AlmaLinux:8 / python39-Cython

Package

Name
python39-Cython

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.29.21-5.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-Cython

Package

Name
python39-Cython

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.29.21-5.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-PyMySQL

Package

Name
python39-PyMySQL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.1-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-attrs

Package

Name
python39-attrs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.3.0-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-cffi

Package

Name
python39-cffi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14.3-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-cffi

Package

Name
python39-cffi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14.3-2.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-chardet

Package

Name
python39-chardet

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.4-19.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-cryptography

Package

Name
python39-cryptography

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.1-3.module_el8.10.0+3765+2f9a457d

AlmaLinux:8 / python39-debug

Package

Name
python39-debug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.19-1.module_el8.10.0+3849+a48d89aa

AlmaLinux:8 / python39-devel

Package

Name
python39-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.19-1.module_el8.10.0+3849+a48d89aa

AlmaLinux:8 / python39-idle

Package

Name
python39-idle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.19-1.module_el8.10.0+3849+a48d89aa

AlmaLinux:8 / python39-idna

Package

Name
python39-idna

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10-4.module_el8.10.0+3849+a48d89aa

AlmaLinux:8 / python39-iniconfig

Package

Name
python39-iniconfig

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-libs

Package

Name
python39-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.19-1.module_el8.10.0+3849+a48d89aa

AlmaLinux:8 / python39-lxml

Package

Name
python39-lxml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.5-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-lxml

Package

Name
python39-lxml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.5-1.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-mod_wsgi

Package

Name
python39-mod_wsgi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.7.1-7.module_el8.9.0+3634+fb2a896c

AlmaLinux:8 / python39-more-itertools

Package

Name
python39-more-itertools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.0-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-numpy

Package

Name
python39-numpy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-numpy

Package

Name
python39-numpy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-numpy-doc

Package

Name
python39-numpy-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-numpy-f2py

Package

Name
python39-numpy-f2py

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-numpy-f2py

Package

Name
python39-numpy-f2py

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-packaging

Package

Name
python39-packaging

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.4-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pip

Package

Name
python39-pip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.2.4-9.module_el8.10.0+3765+2f9a457d

AlmaLinux:8 / python39-pip-wheel

Package

Name
python39-pip-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.2.4-9.module_el8.10.0+3765+2f9a457d

AlmaLinux:8 / python39-pluggy

Package

Name
python39-pluggy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.1-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-ply

Package

Name
python39-ply

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.11-10.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-psutil

Package

Name
python39-psutil

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.0-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-psutil

Package

Name
python39-psutil

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.0-4.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-psycopg2

Package

Name
python39-psycopg2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.6-3.module_el8.10.0+3765+2f9a457d

AlmaLinux:8 / python39-psycopg2-doc

Package

Name
python39-psycopg2-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.6-3.module_el8.10.0+3765+2f9a457d

AlmaLinux:8 / python39-psycopg2-tests

Package

Name
python39-psycopg2-tests

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.6-3.module_el8.10.0+3765+2f9a457d

AlmaLinux:8 / python39-py

Package

Name
python39-py

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.0-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pybind11

Package

Name
python39-pybind11

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pybind11

Package

Name
python39-pybind11

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1-1.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-pybind11-devel

Package

Name
python39-pybind11-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1-1.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-pybind11-devel

Package

Name
python39-pybind11-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.1-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pycparser

Package

Name
python39-pycparser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.20-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pyparsing

Package

Name
python39-pyparsing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.7-5.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pysocks

Package

Name
python39-pysocks

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pytest

Package

Name
python39-pytest

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pyyaml

Package

Name
python39-pyyaml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.1-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pyyaml

Package

Name
python39-pyyaml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.1-1.module_el8.6.0+3248+c431e88c

AlmaLinux:8 / python39-requests

Package

Name
python39-requests

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.25.0-3.module_el8.9.0+3634+fb2a896c

AlmaLinux:8 / python39-rpm-macros

Package

Name
python39-rpm-macros

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.19-1.module_el8.10.0+3849+a48d89aa

AlmaLinux:8 / python39-scipy

Package

Name
python39-scipy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4-5.module_el8.9.0+3634+fb2a896c

AlmaLinux:8 / python39-setuptools

Package

Name
python39-setuptools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
50.3.2-5.module_el8.10.0+3765+2f9a457d

AlmaLinux:8 / python39-setuptools-wheel

Package

Name
python39-setuptools-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
50.3.2-5.module_el8.10.0+3765+2f9a457d

AlmaLinux:8 / python39-six

Package

Name
python39-six

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.0-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-test

Package

Name
python39-test

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.19-1.module_el8.10.0+3849+a48d89aa

AlmaLinux:8 / python39-tkinter

Package

Name
python39-tkinter

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.19-1.module_el8.10.0+3849+a48d89aa

AlmaLinux:8 / python39-toml

Package

Name
python39-toml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.1-5.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-urllib3

Package

Name
python39-urllib3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.25.10-5.module_el8.10.0+3765+2f9a457d

AlmaLinux:8 / python39-wcwidth

Package

Name
python39-wcwidth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.5-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-wheel

Package

Name
python39-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.35.1-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-wheel-wheel

Package

Name
python39-wheel-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.35.1-4.module_el8.6.0+2780+a40f65e1