Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-4203-01

Red Hat Security Advisory 2023-4203-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Packet Storm
#vulnerability#linux#red_hat#js

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: python3.9 security update
Advisory ID: RHSA-2023:4203-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4203
Issue date: 2023-07-18
CVE Names: CVE-2023-24329
=====================================================================

  1. Summary:

An update for python3.9 is now available for Red Hat Enterprise Linux 9.0
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

  1. Description:

Python is an interpreted, interactive, object-oriented programming
language, which includes modules, classes, exceptions, very high level
dynamic data types and dynamic typing. Python supports interfaces to many
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: urllib.parse url blocklisting bypass (CVE-2023-24329)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass

  1. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:
python3-devel-3.9.10-4.el9_0.1.aarch64.rpm
python3-tkinter-3.9.10-4.el9_0.1.aarch64.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.aarch64.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.aarch64.rpm

noarch:
python-unversioned-command-3.9.10-4.el9_0.1.noarch.rpm

ppc64le:
python3-devel-3.9.10-4.el9_0.1.ppc64le.rpm
python3-tkinter-3.9.10-4.el9_0.1.ppc64le.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.ppc64le.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.ppc64le.rpm

s390x:
python3-devel-3.9.10-4.el9_0.1.s390x.rpm
python3-tkinter-3.9.10-4.el9_0.1.s390x.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.s390x.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.s390x.rpm

x86_64:
python3-devel-3.9.10-4.el9_0.1.i686.rpm
python3-devel-3.9.10-4.el9_0.1.x86_64.rpm
python3-tkinter-3.9.10-4.el9_0.1.x86_64.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.i686.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.x86_64.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.i686.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:
python3.9-3.9.10-4.el9_0.1.src.rpm

aarch64:
python3-3.9.10-4.el9_0.1.aarch64.rpm
python3-libs-3.9.10-4.el9_0.1.aarch64.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.aarch64.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.aarch64.rpm

ppc64le:
python3-3.9.10-4.el9_0.1.ppc64le.rpm
python3-libs-3.9.10-4.el9_0.1.ppc64le.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.ppc64le.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.ppc64le.rpm

s390x:
python3-3.9.10-4.el9_0.1.s390x.rpm
python3-libs-3.9.10-4.el9_0.1.s390x.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.s390x.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.s390x.rpm

x86_64:
python3-3.9.10-4.el9_0.1.x86_64.rpm
python3-libs-3.9.10-4.el9_0.1.i686.rpm
python3-libs-3.9.10-4.el9_0.1.x86_64.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.i686.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.x86_64.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.i686.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:
python3-debug-3.9.10-4.el9_0.1.aarch64.rpm
python3-idle-3.9.10-4.el9_0.1.aarch64.rpm
python3-test-3.9.10-4.el9_0.1.aarch64.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.aarch64.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.aarch64.rpm

ppc64le:
python3-debug-3.9.10-4.el9_0.1.ppc64le.rpm
python3-idle-3.9.10-4.el9_0.1.ppc64le.rpm
python3-test-3.9.10-4.el9_0.1.ppc64le.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.ppc64le.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.ppc64le.rpm

s390x:
python3-debug-3.9.10-4.el9_0.1.s390x.rpm
python3-idle-3.9.10-4.el9_0.1.s390x.rpm
python3-test-3.9.10-4.el9_0.1.s390x.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.s390x.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.s390x.rpm

x86_64:
python3-3.9.10-4.el9_0.1.i686.rpm
python3-debug-3.9.10-4.el9_0.1.i686.rpm
python3-debug-3.9.10-4.el9_0.1.x86_64.rpm
python3-idle-3.9.10-4.el9_0.1.i686.rpm
python3-idle-3.9.10-4.el9_0.1.x86_64.rpm
python3-test-3.9.10-4.el9_0.1.i686.rpm
python3-test-3.9.10-4.el9_0.1.x86_64.rpm
python3-tkinter-3.9.10-4.el9_0.1.i686.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.i686.rpm
python3.9-debuginfo-3.9.10-4.el9_0.1.x86_64.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.i686.rpm
python3.9-debugsource-3.9.10-4.el9_0.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2023-24329
https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJktsBRAAoJENzjgjWX9erEyioP/0Vi2/r2dpjy1L8wWxnrMws2
ccPAs3KuKo1B9BhOtjvrADbtxhr0BrXLV+wAVVBhTBEX50qno1g2irL93Iewmez7
Zk4pQpYtHrJIxqAB1koJyT0akUsJ56I3pbsMfV0bxMdOYhgbsBhfOKsonTBWIgFo
RunaglX90AZUOji5tObLQYYqB79k27k/lcHt/znt0ZF83+r5Pe4rhEVBOuZlOjaZ
grhCJG4RivugIfgcFtgux+TpwZxMbwt8h6AebVEmaRly30Weqp8yCP+o3kuDAc9o
els65TyoemkK1+9jScigMxYUSoKn2r1TCoQmiPTMRB+MwvrTq76f6pupFvSxrqJM
AHC0zLddynI+za1LsMDH8qFa9TEzThdheDvi9nAV9tKiDWPp7FIf1QHQPNPbGHKP
sg8Al42HzuYWcS0H4j7gvXccccu27wZd2zR7pEpAQuKqvKmxDQlUu0lzWMXgPCy2
HlT3Gg26L6F9qUOTbklZRqFFTmbbQsVDAk5KEAgKrLiECg5sySU2C93eLyxZgvVD
qzEKKqFFFZzvvFYp25uzlunroPDJ4sC3ldHrcRMM9AD/fuVxYVL/jFHdoK3Fg+Vd
2ViCctQ00ID7js3COA39uFj4S6KvlhsgIYYrR36bFBY7hkllr70yqqPM8tHuXU7W
fU4K2Bc2jjdcr3DZgLaG
=vR42
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Security vulnerability reporting: Who can you trust?

Good cyber security practices depend on trustworthy information sources about security vulnerabilities. This article offers guidance around who to trust for this information.In 1999, MITRE Corporation, a US Government-funded research and development company, realized the world needed a uniform standard for reporting and tracking software security bugs. MITRE worked with the IT industry to invent a concept called CVE, for Common Vulnerabilities and Exposures. The CVE concept caught on, and today, the industry acknowledges CVE as the universal standard for security vulnerability reporting.Softw

RHSA-2023:4972: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.8 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.8 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-37466: A flaw was found in the vm2 Promise handler sanitization, which allows attackers to esc...

Red Hat Security Advisory 2023-4627-01

Red Hat Security Advisory 2023-4627-01 - Migration Toolkit for Applications 6.2.0 Images. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4472-01

Red Hat Security Advisory 2023-4472-01 - Version 1.29.1 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.10, 4.11, 4.12, and 4.13. This release includes security and bug fixes, and enhancements.

Red Hat Security Advisory 2023-4310-01

Red Hat Security Advisory 2023-4310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.46. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2023-4287-01

Red Hat Security Advisory 2023-4287-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2023:4290: Red Hat Security Advisory: OpenShift sandboxed containers 1.4.1 security update

OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4225: Red Hat Security Advisory: OpenShift Container Platform 4.13.6 security and extras update

Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

RHSA-2023:4282: Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.

RHSA-2023:4238: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.9 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.9 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

Red Hat Security Advisory 2023-4038-01

Red Hat Security Advisory 2023-4038-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4032-01

Red Hat Security Advisory 2023-4032-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3888-01

Red Hat Security Advisory 2023-3888-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.4 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.12 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2023-3781-01

Red Hat Security Advisory 2023-3781-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-3780-01

Red Hat Security Advisory 2023-3780-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Red Hat Security Advisory 2023-3664-01

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

Red Hat Security Advisory 2023-3555-01

Red Hat Security Advisory 2023-3555-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-5888-1

Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution