Headline
RHSA-2023:3555: Red Hat Security Advisory: python security update
An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
Synopsis
Important: python security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for python is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- python: urllib.parse url blocklisting bypass (CVE-2023-24329)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass
Red Hat Enterprise Linux Server 7
SRPM
python-2.7.5-93.el7_9.src.rpm
SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8
x86_64
python-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 8184362be05fc82c8c7fa7e9d84f18ddbb2001fa3a8257287c593040e9d1c529
python-debug-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 8f8237f5cb1e4bd32f1cf44ef5475f9bdb0a08ab0e8f1183aafdc349a17e35d2
python-debuginfo-2.7.5-93.el7_9.i686.rpm
SHA-256: d9b9be07bdf889771f611914f090aac41ec586b919958d9ae15bdcdfa68f07b2
python-debuginfo-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858
python-debuginfo-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858
python-devel-2.7.5-93.el7_9.x86_64.rpm
SHA-256: e3be1a1f20437d5268121db41ec19e6127bbfa804ce40ae31de2c5cfc837cd55
python-libs-2.7.5-93.el7_9.i686.rpm
SHA-256: 1789291fb04b7232568697310d1689fe9fe2a775045df7c61332264351a2e194
python-libs-2.7.5-93.el7_9.x86_64.rpm
SHA-256: ef25b9a46a9ae8f88aea5dbfc6c5bfa79d122aeb081ec34e3c6298515a4c80b2
python-test-2.7.5-93.el7_9.x86_64.rpm
SHA-256: cba54d589702d8cc07383edbe78d2c6456b148bb1ec364b704c356a5258df812
python-tools-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5f148069e6a7bebc53e088ed221c7cf254507e55254da264593877d84dfee090
tkinter-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 542f33d28eba2ed7c27268392638ef6a1f5031c8497de6500534f12241b7b23c
Red Hat Enterprise Linux Workstation 7
SRPM
python-2.7.5-93.el7_9.src.rpm
SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8
x86_64
python-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 8184362be05fc82c8c7fa7e9d84f18ddbb2001fa3a8257287c593040e9d1c529
python-debug-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 8f8237f5cb1e4bd32f1cf44ef5475f9bdb0a08ab0e8f1183aafdc349a17e35d2
python-debuginfo-2.7.5-93.el7_9.i686.rpm
SHA-256: d9b9be07bdf889771f611914f090aac41ec586b919958d9ae15bdcdfa68f07b2
python-debuginfo-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858
python-debuginfo-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858
python-devel-2.7.5-93.el7_9.x86_64.rpm
SHA-256: e3be1a1f20437d5268121db41ec19e6127bbfa804ce40ae31de2c5cfc837cd55
python-libs-2.7.5-93.el7_9.i686.rpm
SHA-256: 1789291fb04b7232568697310d1689fe9fe2a775045df7c61332264351a2e194
python-libs-2.7.5-93.el7_9.x86_64.rpm
SHA-256: ef25b9a46a9ae8f88aea5dbfc6c5bfa79d122aeb081ec34e3c6298515a4c80b2
python-test-2.7.5-93.el7_9.x86_64.rpm
SHA-256: cba54d589702d8cc07383edbe78d2c6456b148bb1ec364b704c356a5258df812
python-tools-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5f148069e6a7bebc53e088ed221c7cf254507e55254da264593877d84dfee090
tkinter-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 542f33d28eba2ed7c27268392638ef6a1f5031c8497de6500534f12241b7b23c
Red Hat Enterprise Linux Desktop 7
SRPM
python-2.7.5-93.el7_9.src.rpm
SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8
x86_64
python-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 8184362be05fc82c8c7fa7e9d84f18ddbb2001fa3a8257287c593040e9d1c529
python-debug-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 8f8237f5cb1e4bd32f1cf44ef5475f9bdb0a08ab0e8f1183aafdc349a17e35d2
python-debuginfo-2.7.5-93.el7_9.i686.rpm
SHA-256: d9b9be07bdf889771f611914f090aac41ec586b919958d9ae15bdcdfa68f07b2
python-debuginfo-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858
python-debuginfo-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858
python-devel-2.7.5-93.el7_9.x86_64.rpm
SHA-256: e3be1a1f20437d5268121db41ec19e6127bbfa804ce40ae31de2c5cfc837cd55
python-libs-2.7.5-93.el7_9.i686.rpm
SHA-256: 1789291fb04b7232568697310d1689fe9fe2a775045df7c61332264351a2e194
python-libs-2.7.5-93.el7_9.x86_64.rpm
SHA-256: ef25b9a46a9ae8f88aea5dbfc6c5bfa79d122aeb081ec34e3c6298515a4c80b2
python-test-2.7.5-93.el7_9.x86_64.rpm
SHA-256: cba54d589702d8cc07383edbe78d2c6456b148bb1ec364b704c356a5258df812
python-tools-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5f148069e6a7bebc53e088ed221c7cf254507e55254da264593877d84dfee090
tkinter-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 542f33d28eba2ed7c27268392638ef6a1f5031c8497de6500534f12241b7b23c
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
python-2.7.5-93.el7_9.src.rpm
SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8
s390x
python-2.7.5-93.el7_9.s390x.rpm
SHA-256: d084a2dec053ea3138af89615325d64cafca2957c8df7a3afdfaf791b746b190
python-debug-2.7.5-93.el7_9.s390x.rpm
SHA-256: 0d2c034cc0131ccbda8c024db77ae5145cbdbd731557f50e16f15f93bd1f3efe
python-debuginfo-2.7.5-93.el7_9.s390.rpm
SHA-256: 3c1818dbfbd549ee732193a64ef3a37f2c753dce44d0c74977491eb51342e080
python-debuginfo-2.7.5-93.el7_9.s390x.rpm
SHA-256: 31d2854054c773202f2f97490d57a80b49f7bebd15045e031251d1860ed410bc
python-debuginfo-2.7.5-93.el7_9.s390x.rpm
SHA-256: 31d2854054c773202f2f97490d57a80b49f7bebd15045e031251d1860ed410bc
python-devel-2.7.5-93.el7_9.s390x.rpm
SHA-256: 40100d61c88f02b31cb977b34783624ee3fb8aacfc3df09dfc1277de2e6c47bb
python-libs-2.7.5-93.el7_9.s390.rpm
SHA-256: 22ddded1d7d03bfbd41c3dff85c62b42effd53da08e9e775f5632f5ff2c3994f
python-libs-2.7.5-93.el7_9.s390x.rpm
SHA-256: c3d82485836a7aa88ee953737149bca6698d736482612288aa2072daed3888db
python-test-2.7.5-93.el7_9.s390x.rpm
SHA-256: 0ba35cee9d6c0a1462f9013c11f35fa15153e13b5956008adedbc5d25db431a9
python-tools-2.7.5-93.el7_9.s390x.rpm
SHA-256: 0933a3fae20cc686494dd97e4d1f9d93c20e9c210877d7bd36fbbc6503fa7933
tkinter-2.7.5-93.el7_9.s390x.rpm
SHA-256: 27b40da4353b6a1f6de948e63a6e06ddb26c6f59b8e2a09df50cfb153e5dd66d
Red Hat Enterprise Linux for Power, big endian 7
SRPM
python-2.7.5-93.el7_9.src.rpm
SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8
ppc64
python-2.7.5-93.el7_9.ppc64.rpm
SHA-256: 0f4221c20ba21ebde2ef2cfc6ae40b68b915950f29ff58518d294bf5b942ac3a
python-debug-2.7.5-93.el7_9.ppc64.rpm
SHA-256: b4a56d6a46e016fad2ae35fe45de006b465351e2b9a1ddec735d1db2de58341e
python-debuginfo-2.7.5-93.el7_9.ppc.rpm
SHA-256: 02033183c641b39f05eababf93e54920a47c3acffced135ecccd3748ebcca4f1
python-debuginfo-2.7.5-93.el7_9.ppc64.rpm
SHA-256: ac9bf48f943985ad89c0afa83618e37d1de3edee777b9e2e69c66a8106deefb8
python-debuginfo-2.7.5-93.el7_9.ppc64.rpm
SHA-256: ac9bf48f943985ad89c0afa83618e37d1de3edee777b9e2e69c66a8106deefb8
python-devel-2.7.5-93.el7_9.ppc64.rpm
SHA-256: 3f55a126c10e216c020e7e665ee0a299da83f7c6003ecd4244bcefb9815cb102
python-libs-2.7.5-93.el7_9.ppc.rpm
SHA-256: 0eaf816307e5bbe1b435be638e4ce921a4f3368af788af217f3cc619a16c2086
python-libs-2.7.5-93.el7_9.ppc64.rpm
SHA-256: 794dcc35e0267ec97dc88aea58ed74bfa7df83775b7b6b395fecac9bb34e23ac
python-test-2.7.5-93.el7_9.ppc64.rpm
SHA-256: e15fce514a711ed68ebcd34b34c3dec716636ba1415386abdc848bd2c1b048ff
python-tools-2.7.5-93.el7_9.ppc64.rpm
SHA-256: 4b27e63fa7cb0f6214e3f05c653f7d0fdeeb05fb86997a1b5a258f5dd3e198ae
tkinter-2.7.5-93.el7_9.ppc64.rpm
SHA-256: 91ead7f32d2460852eed9223490c49b3989aaa1d084a41b9714031d3130d0833
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
python-2.7.5-93.el7_9.src.rpm
SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8
x86_64
python-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 8184362be05fc82c8c7fa7e9d84f18ddbb2001fa3a8257287c593040e9d1c529
python-debug-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 8f8237f5cb1e4bd32f1cf44ef5475f9bdb0a08ab0e8f1183aafdc349a17e35d2
python-debuginfo-2.7.5-93.el7_9.i686.rpm
SHA-256: d9b9be07bdf889771f611914f090aac41ec586b919958d9ae15bdcdfa68f07b2
python-debuginfo-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858
python-debuginfo-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858
python-devel-2.7.5-93.el7_9.x86_64.rpm
SHA-256: e3be1a1f20437d5268121db41ec19e6127bbfa804ce40ae31de2c5cfc837cd55
python-libs-2.7.5-93.el7_9.i686.rpm
SHA-256: 1789291fb04b7232568697310d1689fe9fe2a775045df7c61332264351a2e194
python-libs-2.7.5-93.el7_9.x86_64.rpm
SHA-256: ef25b9a46a9ae8f88aea5dbfc6c5bfa79d122aeb081ec34e3c6298515a4c80b2
python-test-2.7.5-93.el7_9.x86_64.rpm
SHA-256: cba54d589702d8cc07383edbe78d2c6456b148bb1ec364b704c356a5258df812
python-tools-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 5f148069e6a7bebc53e088ed221c7cf254507e55254da264593877d84dfee090
tkinter-2.7.5-93.el7_9.x86_64.rpm
SHA-256: 542f33d28eba2ed7c27268392638ef6a1f5031c8497de6500534f12241b7b23c
Red Hat Enterprise Linux for Power, little endian 7
SRPM
python-2.7.5-93.el7_9.src.rpm
SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8
ppc64le
python-2.7.5-93.el7_9.ppc64le.rpm
SHA-256: d3a44f86db386af5eb31180fc86cb2953f35dce8ff8dc71e56aeaa3fb77c16e6
python-debug-2.7.5-93.el7_9.ppc64le.rpm
SHA-256: 2f1880ca84ec3bdc51dcbe5a34122f31addf09384b9378af5761ca8583ee5db8
python-debuginfo-2.7.5-93.el7_9.ppc64le.rpm
SHA-256: 205faaccdeb0920b18d5416705784c23bd31d2daea35b10e78065a2090b498d5
python-debuginfo-2.7.5-93.el7_9.ppc64le.rpm
SHA-256: 205faaccdeb0920b18d5416705784c23bd31d2daea35b10e78065a2090b498d5
python-devel-2.7.5-93.el7_9.ppc64le.rpm
SHA-256: 77fa90df5844056495eea75580d6208137638ce1572e2f4a43ea4b04dd236f4e
python-libs-2.7.5-93.el7_9.ppc64le.rpm
SHA-256: c06f9e729102be743d0adbf330524cfed0beb0387287ea67f4cbec5f615f4079
python-test-2.7.5-93.el7_9.ppc64le.rpm
SHA-256: fdf4f1227a89d3b94a77e221644df6b1356dc112c2d8057912f8484d6c55ccdd
python-tools-2.7.5-93.el7_9.ppc64le.rpm
SHA-256: 28f9445533b9fd23ec2fbc1d8c3282bf9af8b73c414895dff29f85d406c21ab3
tkinter-2.7.5-93.el7_9.ppc64le.rpm
SHA-256: 9558cefe63bc27df308091b535128c4b46ccd06ab6b931ab71a5c501fe631097
Related news
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.
Red Hat Security Advisory 2023-4287-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
Red Hat Security Advisory 2023-4241-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server c...
Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...
Red Hat OpenShift Service Mesh 2.3.5 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptog...
Red Hat Security Advisory 2023-4038-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.
Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.
Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability. * CVE...
An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blan...
Red Hat Security Advisory 2023-3888-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.4 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.12 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a cross site scripting vulnerability.
Red Hat Security Advisory 2023-3796-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-3614-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.4.
Red Hat Security Advisory 2023-3777-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-3776-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-3780-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
Red Hat OpenShift Container Platform release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...
Red Hat Security Advisory 2023-3555-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-3556-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
An update for python3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
Red Hat Security Advisory 2023-3550-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
An update for python is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
Ubuntu Security Notice 5960-1 - Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters.
Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.