Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3555: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
Red Hat Security Data
#vulnerability#linux#red_hat#ibm

Synopsis

Important: python security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: urllib.parse url blocklisting bypass (CVE-2023-24329)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass

Red Hat Enterprise Linux Server 7

SRPM

python-2.7.5-93.el7_9.src.rpm

SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8

x86_64

python-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 8184362be05fc82c8c7fa7e9d84f18ddbb2001fa3a8257287c593040e9d1c529

python-debug-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 8f8237f5cb1e4bd32f1cf44ef5475f9bdb0a08ab0e8f1183aafdc349a17e35d2

python-debuginfo-2.7.5-93.el7_9.i686.rpm

SHA-256: d9b9be07bdf889771f611914f090aac41ec586b919958d9ae15bdcdfa68f07b2

python-debuginfo-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858

python-debuginfo-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858

python-devel-2.7.5-93.el7_9.x86_64.rpm

SHA-256: e3be1a1f20437d5268121db41ec19e6127bbfa804ce40ae31de2c5cfc837cd55

python-libs-2.7.5-93.el7_9.i686.rpm

SHA-256: 1789291fb04b7232568697310d1689fe9fe2a775045df7c61332264351a2e194

python-libs-2.7.5-93.el7_9.x86_64.rpm

SHA-256: ef25b9a46a9ae8f88aea5dbfc6c5bfa79d122aeb081ec34e3c6298515a4c80b2

python-test-2.7.5-93.el7_9.x86_64.rpm

SHA-256: cba54d589702d8cc07383edbe78d2c6456b148bb1ec364b704c356a5258df812

python-tools-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5f148069e6a7bebc53e088ed221c7cf254507e55254da264593877d84dfee090

tkinter-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 542f33d28eba2ed7c27268392638ef6a1f5031c8497de6500534f12241b7b23c

Red Hat Enterprise Linux Workstation 7

SRPM

python-2.7.5-93.el7_9.src.rpm

SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8

x86_64

python-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 8184362be05fc82c8c7fa7e9d84f18ddbb2001fa3a8257287c593040e9d1c529

python-debug-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 8f8237f5cb1e4bd32f1cf44ef5475f9bdb0a08ab0e8f1183aafdc349a17e35d2

python-debuginfo-2.7.5-93.el7_9.i686.rpm

SHA-256: d9b9be07bdf889771f611914f090aac41ec586b919958d9ae15bdcdfa68f07b2

python-debuginfo-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858

python-debuginfo-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858

python-devel-2.7.5-93.el7_9.x86_64.rpm

SHA-256: e3be1a1f20437d5268121db41ec19e6127bbfa804ce40ae31de2c5cfc837cd55

python-libs-2.7.5-93.el7_9.i686.rpm

SHA-256: 1789291fb04b7232568697310d1689fe9fe2a775045df7c61332264351a2e194

python-libs-2.7.5-93.el7_9.x86_64.rpm

SHA-256: ef25b9a46a9ae8f88aea5dbfc6c5bfa79d122aeb081ec34e3c6298515a4c80b2

python-test-2.7.5-93.el7_9.x86_64.rpm

SHA-256: cba54d589702d8cc07383edbe78d2c6456b148bb1ec364b704c356a5258df812

python-tools-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5f148069e6a7bebc53e088ed221c7cf254507e55254da264593877d84dfee090

tkinter-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 542f33d28eba2ed7c27268392638ef6a1f5031c8497de6500534f12241b7b23c

Red Hat Enterprise Linux Desktop 7

SRPM

python-2.7.5-93.el7_9.src.rpm

SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8

x86_64

python-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 8184362be05fc82c8c7fa7e9d84f18ddbb2001fa3a8257287c593040e9d1c529

python-debug-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 8f8237f5cb1e4bd32f1cf44ef5475f9bdb0a08ab0e8f1183aafdc349a17e35d2

python-debuginfo-2.7.5-93.el7_9.i686.rpm

SHA-256: d9b9be07bdf889771f611914f090aac41ec586b919958d9ae15bdcdfa68f07b2

python-debuginfo-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858

python-debuginfo-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858

python-devel-2.7.5-93.el7_9.x86_64.rpm

SHA-256: e3be1a1f20437d5268121db41ec19e6127bbfa804ce40ae31de2c5cfc837cd55

python-libs-2.7.5-93.el7_9.i686.rpm

SHA-256: 1789291fb04b7232568697310d1689fe9fe2a775045df7c61332264351a2e194

python-libs-2.7.5-93.el7_9.x86_64.rpm

SHA-256: ef25b9a46a9ae8f88aea5dbfc6c5bfa79d122aeb081ec34e3c6298515a4c80b2

python-test-2.7.5-93.el7_9.x86_64.rpm

SHA-256: cba54d589702d8cc07383edbe78d2c6456b148bb1ec364b704c356a5258df812

python-tools-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5f148069e6a7bebc53e088ed221c7cf254507e55254da264593877d84dfee090

tkinter-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 542f33d28eba2ed7c27268392638ef6a1f5031c8497de6500534f12241b7b23c

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

python-2.7.5-93.el7_9.src.rpm

SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8

s390x

python-2.7.5-93.el7_9.s390x.rpm

SHA-256: d084a2dec053ea3138af89615325d64cafca2957c8df7a3afdfaf791b746b190

python-debug-2.7.5-93.el7_9.s390x.rpm

SHA-256: 0d2c034cc0131ccbda8c024db77ae5145cbdbd731557f50e16f15f93bd1f3efe

python-debuginfo-2.7.5-93.el7_9.s390.rpm

SHA-256: 3c1818dbfbd549ee732193a64ef3a37f2c753dce44d0c74977491eb51342e080

python-debuginfo-2.7.5-93.el7_9.s390x.rpm

SHA-256: 31d2854054c773202f2f97490d57a80b49f7bebd15045e031251d1860ed410bc

python-debuginfo-2.7.5-93.el7_9.s390x.rpm

SHA-256: 31d2854054c773202f2f97490d57a80b49f7bebd15045e031251d1860ed410bc

python-devel-2.7.5-93.el7_9.s390x.rpm

SHA-256: 40100d61c88f02b31cb977b34783624ee3fb8aacfc3df09dfc1277de2e6c47bb

python-libs-2.7.5-93.el7_9.s390.rpm

SHA-256: 22ddded1d7d03bfbd41c3dff85c62b42effd53da08e9e775f5632f5ff2c3994f

python-libs-2.7.5-93.el7_9.s390x.rpm

SHA-256: c3d82485836a7aa88ee953737149bca6698d736482612288aa2072daed3888db

python-test-2.7.5-93.el7_9.s390x.rpm

SHA-256: 0ba35cee9d6c0a1462f9013c11f35fa15153e13b5956008adedbc5d25db431a9

python-tools-2.7.5-93.el7_9.s390x.rpm

SHA-256: 0933a3fae20cc686494dd97e4d1f9d93c20e9c210877d7bd36fbbc6503fa7933

tkinter-2.7.5-93.el7_9.s390x.rpm

SHA-256: 27b40da4353b6a1f6de948e63a6e06ddb26c6f59b8e2a09df50cfb153e5dd66d

Red Hat Enterprise Linux for Power, big endian 7

SRPM

python-2.7.5-93.el7_9.src.rpm

SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8

ppc64

python-2.7.5-93.el7_9.ppc64.rpm

SHA-256: 0f4221c20ba21ebde2ef2cfc6ae40b68b915950f29ff58518d294bf5b942ac3a

python-debug-2.7.5-93.el7_9.ppc64.rpm

SHA-256: b4a56d6a46e016fad2ae35fe45de006b465351e2b9a1ddec735d1db2de58341e

python-debuginfo-2.7.5-93.el7_9.ppc.rpm

SHA-256: 02033183c641b39f05eababf93e54920a47c3acffced135ecccd3748ebcca4f1

python-debuginfo-2.7.5-93.el7_9.ppc64.rpm

SHA-256: ac9bf48f943985ad89c0afa83618e37d1de3edee777b9e2e69c66a8106deefb8

python-debuginfo-2.7.5-93.el7_9.ppc64.rpm

SHA-256: ac9bf48f943985ad89c0afa83618e37d1de3edee777b9e2e69c66a8106deefb8

python-devel-2.7.5-93.el7_9.ppc64.rpm

SHA-256: 3f55a126c10e216c020e7e665ee0a299da83f7c6003ecd4244bcefb9815cb102

python-libs-2.7.5-93.el7_9.ppc.rpm

SHA-256: 0eaf816307e5bbe1b435be638e4ce921a4f3368af788af217f3cc619a16c2086

python-libs-2.7.5-93.el7_9.ppc64.rpm

SHA-256: 794dcc35e0267ec97dc88aea58ed74bfa7df83775b7b6b395fecac9bb34e23ac

python-test-2.7.5-93.el7_9.ppc64.rpm

SHA-256: e15fce514a711ed68ebcd34b34c3dec716636ba1415386abdc848bd2c1b048ff

python-tools-2.7.5-93.el7_9.ppc64.rpm

SHA-256: 4b27e63fa7cb0f6214e3f05c653f7d0fdeeb05fb86997a1b5a258f5dd3e198ae

tkinter-2.7.5-93.el7_9.ppc64.rpm

SHA-256: 91ead7f32d2460852eed9223490c49b3989aaa1d084a41b9714031d3130d0833

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

python-2.7.5-93.el7_9.src.rpm

SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8

x86_64

python-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 8184362be05fc82c8c7fa7e9d84f18ddbb2001fa3a8257287c593040e9d1c529

python-debug-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 8f8237f5cb1e4bd32f1cf44ef5475f9bdb0a08ab0e8f1183aafdc349a17e35d2

python-debuginfo-2.7.5-93.el7_9.i686.rpm

SHA-256: d9b9be07bdf889771f611914f090aac41ec586b919958d9ae15bdcdfa68f07b2

python-debuginfo-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858

python-debuginfo-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5dc5451e3d02cd45b6e6bee54c693dd9f96509641df54d4bcd65681f33734858

python-devel-2.7.5-93.el7_9.x86_64.rpm

SHA-256: e3be1a1f20437d5268121db41ec19e6127bbfa804ce40ae31de2c5cfc837cd55

python-libs-2.7.5-93.el7_9.i686.rpm

SHA-256: 1789291fb04b7232568697310d1689fe9fe2a775045df7c61332264351a2e194

python-libs-2.7.5-93.el7_9.x86_64.rpm

SHA-256: ef25b9a46a9ae8f88aea5dbfc6c5bfa79d122aeb081ec34e3c6298515a4c80b2

python-test-2.7.5-93.el7_9.x86_64.rpm

SHA-256: cba54d589702d8cc07383edbe78d2c6456b148bb1ec364b704c356a5258df812

python-tools-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 5f148069e6a7bebc53e088ed221c7cf254507e55254da264593877d84dfee090

tkinter-2.7.5-93.el7_9.x86_64.rpm

SHA-256: 542f33d28eba2ed7c27268392638ef6a1f5031c8497de6500534f12241b7b23c

Red Hat Enterprise Linux for Power, little endian 7

SRPM

python-2.7.5-93.el7_9.src.rpm

SHA-256: 61348c4fe27e61697a6e0447bca237b7ea8951799927c560fbcb99fb612f9fb8

ppc64le

python-2.7.5-93.el7_9.ppc64le.rpm

SHA-256: d3a44f86db386af5eb31180fc86cb2953f35dce8ff8dc71e56aeaa3fb77c16e6

python-debug-2.7.5-93.el7_9.ppc64le.rpm

SHA-256: 2f1880ca84ec3bdc51dcbe5a34122f31addf09384b9378af5761ca8583ee5db8

python-debuginfo-2.7.5-93.el7_9.ppc64le.rpm

SHA-256: 205faaccdeb0920b18d5416705784c23bd31d2daea35b10e78065a2090b498d5

python-debuginfo-2.7.5-93.el7_9.ppc64le.rpm

SHA-256: 205faaccdeb0920b18d5416705784c23bd31d2daea35b10e78065a2090b498d5

python-devel-2.7.5-93.el7_9.ppc64le.rpm

SHA-256: 77fa90df5844056495eea75580d6208137638ce1572e2f4a43ea4b04dd236f4e

python-libs-2.7.5-93.el7_9.ppc64le.rpm

SHA-256: c06f9e729102be743d0adbf330524cfed0beb0387287ea67f4cbec5f615f4079

python-test-2.7.5-93.el7_9.ppc64le.rpm

SHA-256: fdf4f1227a89d3b94a77e221644df6b1356dc112c2d8057912f8484d6c55ccdd

python-tools-2.7.5-93.el7_9.ppc64le.rpm

SHA-256: 28f9445533b9fd23ec2fbc1d8c3282bf9af8b73c414895dff29f85d406c21ab3

tkinter-2.7.5-93.el7_9.ppc64le.rpm

SHA-256: 9558cefe63bc27df308091b535128c4b46ccd06ab6b931ab71a5c501fe631097

Related news

Red Hat Security Advisory 2023-4875-01

Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.

Red Hat Security Advisory 2023-4421-01

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

Red Hat Security Advisory 2023-4287-01

Red Hat Security Advisory 2023-4287-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2023:4290: Red Hat Security Advisory: OpenShift sandboxed containers 1.4.1 security update

OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4225: Red Hat Security Advisory: OpenShift Container Platform 4.13.6 security and extras update

Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

RHSA-2023:4282: Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.

Red Hat Security Advisory 2023-4241-01

Red Hat Security Advisory 2023-4241-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

RHSA-2023:4091: Red Hat Security Advisory: OpenShift Container Platform 4.13.5 security update

Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server c...

RHSA-2023:4053: Red Hat Security Advisory: OpenShift Container Platform 4.11.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...

RHSA-2023:4113: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.3.5 security update

Red Hat OpenShift Service Mesh 2.3.5 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptog...

Red Hat Security Advisory 2023-4038-01

Red Hat Security Advisory 2023-4038-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3925-01

Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.

Red Hat Security Advisory 2023-3915-01

Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.

RHSA-2023:3943: Red Hat Security Advisory: ACS 4.1 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability. * CVE...

RHSA-2023:3934: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blan...

Red Hat Security Advisory 2023-3888-01

Red Hat Security Advisory 2023-3888-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.4 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.12 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2023-3796-01

Red Hat Security Advisory 2023-3796-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3614-01

Red Hat Security Advisory 2023-3614-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.4.

Red Hat Security Advisory 2023-3777-01

Red Hat Security Advisory 2023-3777-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3776-01

Red Hat Security Advisory 2023-3776-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3780-01

Red Hat Security Advisory 2023-3780-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

RHSA-2023:3614: Red Hat Security Advisory: OpenShift Container Platform 4.13.4 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Red Hat Security Advisory 2023-3664-01

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

RHSA-2023:3664: Red Hat Security Advisory: OpenShift Jenkins image and Jenkins agent base image security update

Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...

Red Hat Security Advisory 2023-3555-01

Red Hat Security Advisory 2023-3555-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3556-01

Red Hat Security Advisory 2023-3556-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

RHSA-2023:3556: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.

Red Hat Security Advisory 2023-3550-01

Red Hat Security Advisory 2023-3550-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

RHSA-2023:3550: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

Ubuntu Security Notice USN-5960-1

Ubuntu Security Notice 5960-1 - Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters.

Ubuntu Security Notice USN-5888-1

Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.

CVE-2023-24329: Python URL Parse Problem – PointerNull

An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.