Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3936: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-06-29

Updated:

2023-06-29

RHSA-2023:3936 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: python3 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python3 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: urllib.parse url blocklisting bypass (CVE-2023-24329)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

python3-3.6.8-15.1.el8_1.1.src.rpm

SHA-256: 96a492a33e3733e9c8e8ba78abf4120cbb85c9feb4f81b3699425ce8a64026f0

ppc64le

platform-python-3.6.8-15.1.el8_1.1.ppc64le.rpm

SHA-256: e2b348b9f981c2c5e9fd28c24e97f33be1eac1861ce842b33dd910cb7207fb85

platform-python-debug-3.6.8-15.1.el8_1.1.ppc64le.rpm

SHA-256: 675d86856724522b7a2b9823a605f9bfe0e869c328b8465bb83b580db7d94d26

platform-python-devel-3.6.8-15.1.el8_1.1.ppc64le.rpm

SHA-256: 3a5876610b7f7e5c7fe3dd4f108f3fe180e1008de38a058b20bd1342d3df25ef

python3-debuginfo-3.6.8-15.1.el8_1.1.ppc64le.rpm

SHA-256: 1fe65f34f2d8a5be471159b0f324a44f7bc32b42c6e2af273364cf0ad2efa34a

python3-debuginfo-3.6.8-15.1.el8_1.1.ppc64le.rpm

SHA-256: 1fe65f34f2d8a5be471159b0f324a44f7bc32b42c6e2af273364cf0ad2efa34a

python3-debugsource-3.6.8-15.1.el8_1.1.ppc64le.rpm

SHA-256: 0fac70fa4e70a971a39844fc334c18fe65ae8a787bb67d710b2da17aab941bfd

python3-debugsource-3.6.8-15.1.el8_1.1.ppc64le.rpm

SHA-256: 0fac70fa4e70a971a39844fc334c18fe65ae8a787bb67d710b2da17aab941bfd

python3-idle-3.6.8-15.1.el8_1.1.ppc64le.rpm

SHA-256: 2af3216aa85cb9510a6cf102100cf598a1fb68611f13f742e003ec84f8e1206f

python3-libs-3.6.8-15.1.el8_1.1.ppc64le.rpm

SHA-256: 1f93e6d3b12ca5f0e7f5a42d8ce1dc6dc27e38707480360eecc6ba8c0ad8e01e

python3-test-3.6.8-15.1.el8_1.1.ppc64le.rpm

SHA-256: 72df45a1b83688703239db26ef3b566ce06e88bd0e137ecf247aabda7b3c56da

python3-tkinter-3.6.8-15.1.el8_1.1.ppc64le.rpm

SHA-256: d082d913302a1f0723df54292350e217ec98d1d0af58236c4c412189802ee647

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM

python3-3.6.8-15.1.el8_1.1.src.rpm

SHA-256: 96a492a33e3733e9c8e8ba78abf4120cbb85c9feb4f81b3699425ce8a64026f0

x86_64

platform-python-3.6.8-15.1.el8_1.1.i686.rpm

SHA-256: ad966e18d26844be444abe15a0e60545c17eab1580bfcd4925ca863fbeda4b29

platform-python-3.6.8-15.1.el8_1.1.x86_64.rpm

SHA-256: e87590fe421143e8755d58d85171ef6df5df55d3617932984fcbcd4fa6c9e386

platform-python-debug-3.6.8-15.1.el8_1.1.i686.rpm

SHA-256: 122cdf96136d5a89276d4360de107bef2beba1fcdd86e45f77dca52c3234c737

platform-python-debug-3.6.8-15.1.el8_1.1.x86_64.rpm

SHA-256: e2cf13d59d92457af1fedde2f6a2fab05eef7cdc9d384112c3169f080dd153f1

platform-python-devel-3.6.8-15.1.el8_1.1.i686.rpm

SHA-256: 8a12fbb96e24da98606fd4c4746ecc460dfd1ae4d80fbfc2cc42d69061bbdd09

platform-python-devel-3.6.8-15.1.el8_1.1.x86_64.rpm

SHA-256: bcdd9d30bde826cfa1dca0f4777f68c368887a11003cfbd3014348fe44bc2863

python3-debuginfo-3.6.8-15.1.el8_1.1.i686.rpm

SHA-256: ca34fba600063e04bcee6c298d32f221348c0f839c36db7899988dbf49d17742

python3-debuginfo-3.6.8-15.1.el8_1.1.i686.rpm

SHA-256: ca34fba600063e04bcee6c298d32f221348c0f839c36db7899988dbf49d17742

python3-debuginfo-3.6.8-15.1.el8_1.1.x86_64.rpm

SHA-256: 175eb306f49bc7d2058229931b98407aa780fce622a379f6751a08b4c06ab4f2

python3-debuginfo-3.6.8-15.1.el8_1.1.x86_64.rpm

SHA-256: 175eb306f49bc7d2058229931b98407aa780fce622a379f6751a08b4c06ab4f2

python3-debugsource-3.6.8-15.1.el8_1.1.i686.rpm

SHA-256: c6c78d0eb0c77b78979cee9f756834ca71c60c0c5b58e5757cd07045e4baa227

python3-debugsource-3.6.8-15.1.el8_1.1.i686.rpm

SHA-256: c6c78d0eb0c77b78979cee9f756834ca71c60c0c5b58e5757cd07045e4baa227

python3-debugsource-3.6.8-15.1.el8_1.1.x86_64.rpm

SHA-256: 812cb552caea7bb6aaf6b00e4a291d77d33e5ee6376a6050f3bd02bb17fcfce6

python3-debugsource-3.6.8-15.1.el8_1.1.x86_64.rpm

SHA-256: 812cb552caea7bb6aaf6b00e4a291d77d33e5ee6376a6050f3bd02bb17fcfce6

python3-idle-3.6.8-15.1.el8_1.1.i686.rpm

SHA-256: 592d993a845eb07f2869d54208f3eac6770efb8222502caa838577a6b52aa6db

python3-idle-3.6.8-15.1.el8_1.1.x86_64.rpm

SHA-256: bb1a3788aa010f54fc988a480176eec1a1825ae29f61840e6b81bc5dc59e76c5

python3-libs-3.6.8-15.1.el8_1.1.i686.rpm

SHA-256: 42b7bc58ac390b0df0636648d534312ca8cbf62386bb43e5bb740dddad16c4fa

python3-libs-3.6.8-15.1.el8_1.1.x86_64.rpm

SHA-256: de76f61efcb4fb6c4fe1980a46aac8c0990dd0d800e58a25a8bfa2224c1ffac2

python3-test-3.6.8-15.1.el8_1.1.i686.rpm

SHA-256: 515ffcb5b3db9f870303a058cdf674164aca86f62c56040b43c9d27891ab05bf

python3-test-3.6.8-15.1.el8_1.1.x86_64.rpm

SHA-256: d7993848c24d55da331ea4f0faff7e597123fe30aa657f55899110c5d04b7310

python3-tkinter-3.6.8-15.1.el8_1.1.i686.rpm

SHA-256: d7c269bf7fb21d02b16498da07f86a808943daba77d2b6b2bd8d93d083946c02

python3-tkinter-3.6.8-15.1.el8_1.1.x86_64.rpm

SHA-256: ea481659ffec29db5bfff97aa927b5db9a690c33af47dba4d67f49808bbdc7ff

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Security vulnerability reporting: Who can you trust?

Good cyber security practices depend on trustworthy information sources about security vulnerabilities. This article offers guidance around who to trust for this information.In 1999, MITRE Corporation, a US Government-funded research and development company, realized the world needed a uniform standard for reporting and tracking software security bugs. MITRE worked with the IT industry to invent a concept called CVE, for Common Vulnerabilities and Exposures. The CVE concept caught on, and today, the industry acknowledges CVE as the universal standard for security vulnerability reporting.Softw

Red Hat Security Advisory 2023-4972-01

Red Hat Security Advisory 2023-4972-01 - Multicluster Engine for Kubernetes 2.1.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4576-01

Red Hat Security Advisory 2023-4576-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters.

RHSA-2023:4472: Red Hat Security Advisory: Release of OpenShift Serverless 1.29.1

Red Hat OpenShift Serverless version 1.29.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containin...

Red Hat Security Advisory 2023-4421-01

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

Red Hat Security Advisory 2023-4290-01

Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4226: Red Hat Security Advisory: OpenShift Container Platform 4.13.6 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

Red Hat Security Advisory 2023-4282-01

Red Hat Security Advisory 2023-4282-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4090-01

Red Hat Security Advisory 2023-4090-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5.

RHSA-2023:4241: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.14 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.10.14 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4204: Red Hat Security Advisory: VolSync 0.7.3 security fixes and enhancements

VolSync v0.7.3 enhancements and security fixes Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

RHSA-2023:4113: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.3.5 security update

Red Hat OpenShift Service Mesh 2.3.5 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptog...

Red Hat Security Advisory 2023-4038-01

Red Hat Security Advisory 2023-4038-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3925-01

Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.

Red Hat Security Advisory 2023-3932-01

Red Hat Security Advisory 2023-3932-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3888-01

Red Hat Security Advisory 2023-3888-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.4 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.12 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a cross site scripting vulnerability.

RHSA-2023:3888: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 for OpenShift image security enhancement update

A new image is available for Red Hat Single Sign-On 7.6.4, running on OpenShift Container Platform 3.10 and 3.11, and 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4361: Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. * CVE-2023...

Red Hat Security Advisory 2023-3796-01

Red Hat Security Advisory 2023-3796-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3781-01

Red Hat Security Advisory 2023-3781-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3742-02

Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-3780-01

Red Hat Security Advisory 2023-3780-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

Red Hat Security Advisory 2023-3555-01

Red Hat Security Advisory 2023-3555-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

CVE-2023-28043: DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.