MGASA-2024-0096

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0096.html

Import Source

https://advisories.mageia.org/MGASA-2024-0096.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2024-0096

Related

Published

2024-03-28T03:52:55Z

Modified

2024-03-28T03:37:40Z

Summary

Updated python3, python packages fix security vulnerabilities

Details

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. (CVE-2023-6597) The zipfile module is vulnerable to âquoted-overlapâ zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. (CVE-2024-0450)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / python3

Package

Name: python3
Purl: pkg:rpm/mageia/python3?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.11-1.2.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / python

Package

Name: python
Purl: pkg:rpm/mageia/python?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.18-15.2.mga9

Ecosystem specific

{
    "section": "core"
}