Headline
RHSA-2023:5528: Red Hat Security Advisory: python3 security update
An update for python3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-40217: Python 3 ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.
Synopsis
Important: python3 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for python3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- python: TLS handshake bypass (CVE-2023-40217)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2235789 - CVE-2023-40217 python: TLS handshake bypass
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
python3-3.6.8-24.el8_2.2.src.rpm
SHA-256: 8c62b273cbd2a17f927d0539758cb7641dddbe1a8ec07b9752eba412b054f9a3
x86_64
platform-python-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 99fb4c67f2691c38d0c61d41fb59485d697bc0c1b6eabac22fbfc6d22541bdc4
platform-python-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 2cf3566767c3f4e7a55d22a7bda27dce7ef39af74091caacfe9428c2dd593d23
platform-python-debug-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 5c383e093592bddd835a66747ab95790f9ba776ea0b01d277104dad3205e56e9
platform-python-debug-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 3a6925266480dd57d52b338ce9eb21b35d8d957bc97451108ad501ab563c19d3
platform-python-devel-3.6.8-24.el8_2.2.i686.rpm
SHA-256: bd33bd1271d6694197228487b84a0898d58ba23ba7203ca8533c927b2131ceee
platform-python-devel-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 4bf1f0c3e6c95df80d4db083a9886c6c431b1c341fb13b5ce871ee0b8a1f87da
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 572aa564ccb62d1eaa5d3343c4909f30dbf167dc5682a41379f6bd88a359e93c
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 572aa564ccb62d1eaa5d3343c4909f30dbf167dc5682a41379f6bd88a359e93c
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: a952f455a6bd6496f25083663ec45e30f5104bf3d5ee759feeb914a681f6c115
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: a952f455a6bd6496f25083663ec45e30f5104bf3d5ee759feeb914a681f6c115
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm
SHA-256: f9a3e5f69bcfb7cd317b6fc875a751c65368f4076a5bc1e97e67e501ef533f29
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm
SHA-256: f9a3e5f69bcfb7cd317b6fc875a751c65368f4076a5bc1e97e67e501ef533f29
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 8a7aa27d2125b153846cb357d73f196663d818fc735b40e5af7b415c8b2cd7de
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 8a7aa27d2125b153846cb357d73f196663d818fc735b40e5af7b415c8b2cd7de
python3-idle-3.6.8-24.el8_2.2.i686.rpm
SHA-256: bd1541dbb3a5354b7d0b4326357da5cf8baac8e357b163b766bdcb6df4b0d9e2
python3-idle-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 5490601e9267064fb17d0744c5a78e062c77b528a6972438bf3831c464a272df
python3-libs-3.6.8-24.el8_2.2.i686.rpm
SHA-256: c3935d6b8e8dfd0b69414ff36b5209db8ebbaf8419e3c006ff49ce30cb19dea9
python3-libs-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: b02b47167a5a5f138cac9b2aed6922240aaa09144732a58a507ef27623ef27be
python3-test-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 228d0b9c55b6b5c17a4b890c2a17d161a87ddb695645403388bd3c2387904b60
python3-test-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 9da00b416b0349a78ad669afa51dccc2bb453883d6f3bca91eabe35bcaa82cba
python3-tkinter-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 48da35df71655d6691c8fcb3b8cb1485e03b5dcd4c214b9ae8955061be3b33a9
python3-tkinter-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 6bfc5949ceb5500b38d5fb238c60b2147fd75949f2e9f92677e85c85d42ec232
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
python3-3.6.8-24.el8_2.2.src.rpm
SHA-256: 8c62b273cbd2a17f927d0539758cb7641dddbe1a8ec07b9752eba412b054f9a3
x86_64
platform-python-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 99fb4c67f2691c38d0c61d41fb59485d697bc0c1b6eabac22fbfc6d22541bdc4
platform-python-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 2cf3566767c3f4e7a55d22a7bda27dce7ef39af74091caacfe9428c2dd593d23
platform-python-debug-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 5c383e093592bddd835a66747ab95790f9ba776ea0b01d277104dad3205e56e9
platform-python-debug-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 3a6925266480dd57d52b338ce9eb21b35d8d957bc97451108ad501ab563c19d3
platform-python-devel-3.6.8-24.el8_2.2.i686.rpm
SHA-256: bd33bd1271d6694197228487b84a0898d58ba23ba7203ca8533c927b2131ceee
platform-python-devel-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 4bf1f0c3e6c95df80d4db083a9886c6c431b1c341fb13b5ce871ee0b8a1f87da
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 572aa564ccb62d1eaa5d3343c4909f30dbf167dc5682a41379f6bd88a359e93c
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 572aa564ccb62d1eaa5d3343c4909f30dbf167dc5682a41379f6bd88a359e93c
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: a952f455a6bd6496f25083663ec45e30f5104bf3d5ee759feeb914a681f6c115
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: a952f455a6bd6496f25083663ec45e30f5104bf3d5ee759feeb914a681f6c115
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm
SHA-256: f9a3e5f69bcfb7cd317b6fc875a751c65368f4076a5bc1e97e67e501ef533f29
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm
SHA-256: f9a3e5f69bcfb7cd317b6fc875a751c65368f4076a5bc1e97e67e501ef533f29
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 8a7aa27d2125b153846cb357d73f196663d818fc735b40e5af7b415c8b2cd7de
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 8a7aa27d2125b153846cb357d73f196663d818fc735b40e5af7b415c8b2cd7de
python3-idle-3.6.8-24.el8_2.2.i686.rpm
SHA-256: bd1541dbb3a5354b7d0b4326357da5cf8baac8e357b163b766bdcb6df4b0d9e2
python3-idle-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 5490601e9267064fb17d0744c5a78e062c77b528a6972438bf3831c464a272df
python3-libs-3.6.8-24.el8_2.2.i686.rpm
SHA-256: c3935d6b8e8dfd0b69414ff36b5209db8ebbaf8419e3c006ff49ce30cb19dea9
python3-libs-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: b02b47167a5a5f138cac9b2aed6922240aaa09144732a58a507ef27623ef27be
python3-test-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 228d0b9c55b6b5c17a4b890c2a17d161a87ddb695645403388bd3c2387904b60
python3-test-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 9da00b416b0349a78ad669afa51dccc2bb453883d6f3bca91eabe35bcaa82cba
python3-tkinter-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 48da35df71655d6691c8fcb3b8cb1485e03b5dcd4c214b9ae8955061be3b33a9
python3-tkinter-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 6bfc5949ceb5500b38d5fb238c60b2147fd75949f2e9f92677e85c85d42ec232
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
python3-3.6.8-24.el8_2.2.src.rpm
SHA-256: 8c62b273cbd2a17f927d0539758cb7641dddbe1a8ec07b9752eba412b054f9a3
ppc64le
platform-python-3.6.8-24.el8_2.2.ppc64le.rpm
SHA-256: fd067d4d65ca412be59c94c2f6b85f57c6d53390c19106ca9a696fdf67f88038
platform-python-debug-3.6.8-24.el8_2.2.ppc64le.rpm
SHA-256: 760589676144e58c1e3ca8a51effc20b350d44db2234d0fc8ac5a7f1a3c49676
platform-python-devel-3.6.8-24.el8_2.2.ppc64le.rpm
SHA-256: 38cbfa3a89f48c2c1e3641c1ebf4ef49fc0f206075ff67253d2c5df3b8bdfe8b
python3-debuginfo-3.6.8-24.el8_2.2.ppc64le.rpm
SHA-256: b514c82db534e5acdf23d5adc480d5f56314083ce0916f54f660affad2caf5cb
python3-debuginfo-3.6.8-24.el8_2.2.ppc64le.rpm
SHA-256: b514c82db534e5acdf23d5adc480d5f56314083ce0916f54f660affad2caf5cb
python3-debugsource-3.6.8-24.el8_2.2.ppc64le.rpm
SHA-256: 949c0ae4d7becf07a52e47cf965eb1d07813447b8dd81c31afcec4b91c10c953
python3-debugsource-3.6.8-24.el8_2.2.ppc64le.rpm
SHA-256: 949c0ae4d7becf07a52e47cf965eb1d07813447b8dd81c31afcec4b91c10c953
python3-idle-3.6.8-24.el8_2.2.ppc64le.rpm
SHA-256: cf1ef86707e1fba63edcd2fe44cdb55158962d76e642bf04c64c39d3c38e3b09
python3-libs-3.6.8-24.el8_2.2.ppc64le.rpm
SHA-256: e3f6b17c5a0875072fe49cf69ccbb8c389c957a08b8c023cef782227467abb28
python3-test-3.6.8-24.el8_2.2.ppc64le.rpm
SHA-256: cdea7ea20563fd1c4c0eec71df2775465f7e69aa2104da23c46abb0bdc9304db
python3-tkinter-3.6.8-24.el8_2.2.ppc64le.rpm
SHA-256: 7910397435c6275362a33ed36560979d6c2bd8c3d731292fa15f059790c1a240
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
python3-3.6.8-24.el8_2.2.src.rpm
SHA-256: 8c62b273cbd2a17f927d0539758cb7641dddbe1a8ec07b9752eba412b054f9a3
x86_64
platform-python-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 99fb4c67f2691c38d0c61d41fb59485d697bc0c1b6eabac22fbfc6d22541bdc4
platform-python-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 2cf3566767c3f4e7a55d22a7bda27dce7ef39af74091caacfe9428c2dd593d23
platform-python-debug-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 5c383e093592bddd835a66747ab95790f9ba776ea0b01d277104dad3205e56e9
platform-python-debug-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 3a6925266480dd57d52b338ce9eb21b35d8d957bc97451108ad501ab563c19d3
platform-python-devel-3.6.8-24.el8_2.2.i686.rpm
SHA-256: bd33bd1271d6694197228487b84a0898d58ba23ba7203ca8533c927b2131ceee
platform-python-devel-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 4bf1f0c3e6c95df80d4db083a9886c6c431b1c341fb13b5ce871ee0b8a1f87da
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 572aa564ccb62d1eaa5d3343c4909f30dbf167dc5682a41379f6bd88a359e93c
python3-debuginfo-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 572aa564ccb62d1eaa5d3343c4909f30dbf167dc5682a41379f6bd88a359e93c
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: a952f455a6bd6496f25083663ec45e30f5104bf3d5ee759feeb914a681f6c115
python3-debuginfo-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: a952f455a6bd6496f25083663ec45e30f5104bf3d5ee759feeb914a681f6c115
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm
SHA-256: f9a3e5f69bcfb7cd317b6fc875a751c65368f4076a5bc1e97e67e501ef533f29
python3-debugsource-3.6.8-24.el8_2.2.i686.rpm
SHA-256: f9a3e5f69bcfb7cd317b6fc875a751c65368f4076a5bc1e97e67e501ef533f29
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 8a7aa27d2125b153846cb357d73f196663d818fc735b40e5af7b415c8b2cd7de
python3-debugsource-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 8a7aa27d2125b153846cb357d73f196663d818fc735b40e5af7b415c8b2cd7de
python3-idle-3.6.8-24.el8_2.2.i686.rpm
SHA-256: bd1541dbb3a5354b7d0b4326357da5cf8baac8e357b163b766bdcb6df4b0d9e2
python3-idle-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 5490601e9267064fb17d0744c5a78e062c77b528a6972438bf3831c464a272df
python3-libs-3.6.8-24.el8_2.2.i686.rpm
SHA-256: c3935d6b8e8dfd0b69414ff36b5209db8ebbaf8419e3c006ff49ce30cb19dea9
python3-libs-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: b02b47167a5a5f138cac9b2aed6922240aaa09144732a58a507ef27623ef27be
python3-test-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 228d0b9c55b6b5c17a4b890c2a17d161a87ddb695645403388bd3c2387904b60
python3-test-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 9da00b416b0349a78ad669afa51dccc2bb453883d6f3bca91eabe35bcaa82cba
python3-tkinter-3.6.8-24.el8_2.2.i686.rpm
SHA-256: 48da35df71655d6691c8fcb3b8cb1485e03b5dcd4c214b9ae8955061be3b33a9
python3-tkinter-3.6.8-24.el8_2.2.x86_64.rpm
SHA-256: 6bfc5949ceb5500b38d5fb238c60b2147fd75949f2e9f92677e85c85d42ec232
Related news
Ubuntu Security Notice 6891-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
Ubuntu Security Notice 6513-2 - USN-6513-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service.
Ubuntu Security Notice 6513-1 - It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service. It was discovered that Python instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake. An attacker could possibly use this issue to cause applications to treat unauthenticated received data before TLS handshake as authenticated data after TLS handshake.
Red Hat Security Advisory 2023-6885-01 - An update for python is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-5992-01 - An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-6069-01 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-6068-01 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-5528-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
An update for python3 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40217: Python 3 ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS c...
Red Hat Security Advisory 2023-5472-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
An update for python3.9 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40217: Python 3 ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS...
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)