RLSA-2024:8836

See a problem?
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2024:8836.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2024:8836
Related
Published
2024-11-08T15:56:47.559546Z
Modified
2024-11-08T15:59:28.124005Z
Summary
Moderate: python3.12 security update
Details

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. For the unversioned "python" executable, see manual page "unversioned-python".

Security Fix(es):

  • python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / python3.12

Package

Name
python3.12
Purl
pkg:rpm/rocky-linux/python3.12?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.12.6-1.el8_10