Headline
RHSA-2023:3934: Red Hat Security Advisory: python3 security update
An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
Synopsis
Important: python3 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- python: urllib.parse url blocklisting bypass (CVE-2023-24329)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
python3-3.6.8-39.el8_4.2.src.rpm
SHA-256: ccc155ba6c052661a0523bc318818527c4d05d929d53f01e6616dacab6acb530
x86_64
platform-python-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 5a72f2b755f4621c669d654ff948e428f1fc4dc12e2e7bae9804b441cc79558d
platform-python-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: fa53ba9ccf7420b658d9aee3a98e141138a186408b3039b82f1c1250164de760
platform-python-debug-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 35e136282fe88b9309d15a8b7a66e1850df04023a05cfabb0193cdcbdeed9ea7
platform-python-debug-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 505735b61225576db038ffc1c61a7b30001228a8f212c0c981d9fea55246ed3f
platform-python-devel-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 3c94161e0bb6420cb59560ef5df1ca7c453b496581d39612d0c41fde324c1938
platform-python-devel-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: b450c29a236a93899e6851a18b539adebfa6c8f50a16f23baa705a77454db54d
python3-debuginfo-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 9ebe25a1518ac887bbffbc27fae9cdda5101d0ea342a1590365ac2c371d34a8f
python3-debuginfo-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 9ebe25a1518ac887bbffbc27fae9cdda5101d0ea342a1590365ac2c371d34a8f
python3-debuginfo-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 122121fafa9913467ef83a543289980405f3f1440b76caa064a1e2135e9a7ff8
python3-debuginfo-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 122121fafa9913467ef83a543289980405f3f1440b76caa064a1e2135e9a7ff8
python3-debugsource-3.6.8-39.el8_4.2.i686.rpm
SHA-256: c6a3cec0a75137f17f9116e3a151b02fdd8a6c5ea6da9dcaaeb2ff5e297fce85
python3-debugsource-3.6.8-39.el8_4.2.i686.rpm
SHA-256: c6a3cec0a75137f17f9116e3a151b02fdd8a6c5ea6da9dcaaeb2ff5e297fce85
python3-debugsource-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 5f325c6c71c0de3a02f9f198438351a5ffd044c3070d90cf2f8055f842576f4f
python3-debugsource-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 5f325c6c71c0de3a02f9f198438351a5ffd044c3070d90cf2f8055f842576f4f
python3-idle-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 62a1c2eafad9b5c6673a1fd8818326a41061ff9af8cb7b20bf9721f63ac2ec06
python3-idle-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 0563ff6c499bfde1e90dcc71d00057bd7470d4f66ca3266d5e3d3150f1ce2d63
python3-libs-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 5d48c75f7cf8d9d82277a2d76edc9f41c18db1bcb569899201e197a647029e69
python3-libs-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 71ccdc54d2d0e876af23c8e31b505d2ba05bc3fd25aeb0f6a0af253f694a5eed
python3-test-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 534cf0f8191bffe124f384033fc69f4e9b2fc5a414ae75d9a9fd132c852a2616
python3-test-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 473d0f293d470c3e37478e347038d7239121a036c73388956a2ac4a0682b766c
python3-tkinter-3.6.8-39.el8_4.2.i686.rpm
SHA-256: bb0d037f10c9df079fb2e2d4a03cea364c50709113feefc6c1db9445b1dd7dda
python3-tkinter-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 7b0af138ec8086dbcf7a0b2adc45151deac5541dfaf378dc2770feb11c898afc
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
python3-3.6.8-39.el8_4.2.src.rpm
SHA-256: ccc155ba6c052661a0523bc318818527c4d05d929d53f01e6616dacab6acb530
x86_64
platform-python-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 5a72f2b755f4621c669d654ff948e428f1fc4dc12e2e7bae9804b441cc79558d
platform-python-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: fa53ba9ccf7420b658d9aee3a98e141138a186408b3039b82f1c1250164de760
platform-python-debug-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 35e136282fe88b9309d15a8b7a66e1850df04023a05cfabb0193cdcbdeed9ea7
platform-python-debug-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 505735b61225576db038ffc1c61a7b30001228a8f212c0c981d9fea55246ed3f
platform-python-devel-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 3c94161e0bb6420cb59560ef5df1ca7c453b496581d39612d0c41fde324c1938
platform-python-devel-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: b450c29a236a93899e6851a18b539adebfa6c8f50a16f23baa705a77454db54d
python3-debuginfo-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 9ebe25a1518ac887bbffbc27fae9cdda5101d0ea342a1590365ac2c371d34a8f
python3-debuginfo-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 9ebe25a1518ac887bbffbc27fae9cdda5101d0ea342a1590365ac2c371d34a8f
python3-debuginfo-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 122121fafa9913467ef83a543289980405f3f1440b76caa064a1e2135e9a7ff8
python3-debuginfo-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 122121fafa9913467ef83a543289980405f3f1440b76caa064a1e2135e9a7ff8
python3-debugsource-3.6.8-39.el8_4.2.i686.rpm
SHA-256: c6a3cec0a75137f17f9116e3a151b02fdd8a6c5ea6da9dcaaeb2ff5e297fce85
python3-debugsource-3.6.8-39.el8_4.2.i686.rpm
SHA-256: c6a3cec0a75137f17f9116e3a151b02fdd8a6c5ea6da9dcaaeb2ff5e297fce85
python3-debugsource-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 5f325c6c71c0de3a02f9f198438351a5ffd044c3070d90cf2f8055f842576f4f
python3-debugsource-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 5f325c6c71c0de3a02f9f198438351a5ffd044c3070d90cf2f8055f842576f4f
python3-idle-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 62a1c2eafad9b5c6673a1fd8818326a41061ff9af8cb7b20bf9721f63ac2ec06
python3-idle-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 0563ff6c499bfde1e90dcc71d00057bd7470d4f66ca3266d5e3d3150f1ce2d63
python3-libs-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 5d48c75f7cf8d9d82277a2d76edc9f41c18db1bcb569899201e197a647029e69
python3-libs-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 71ccdc54d2d0e876af23c8e31b505d2ba05bc3fd25aeb0f6a0af253f694a5eed
python3-test-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 534cf0f8191bffe124f384033fc69f4e9b2fc5a414ae75d9a9fd132c852a2616
python3-test-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 473d0f293d470c3e37478e347038d7239121a036c73388956a2ac4a0682b766c
python3-tkinter-3.6.8-39.el8_4.2.i686.rpm
SHA-256: bb0d037f10c9df079fb2e2d4a03cea364c50709113feefc6c1db9445b1dd7dda
python3-tkinter-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 7b0af138ec8086dbcf7a0b2adc45151deac5541dfaf378dc2770feb11c898afc
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4
SRPM
python3-3.6.8-39.el8_4.2.src.rpm
SHA-256: ccc155ba6c052661a0523bc318818527c4d05d929d53f01e6616dacab6acb530
ppc64le
platform-python-3.6.8-39.el8_4.2.ppc64le.rpm
SHA-256: fa3d7293913700288342ed240c1be31bdabc9a8b8a28766e45e08f1bebad9fba
platform-python-debug-3.6.8-39.el8_4.2.ppc64le.rpm
SHA-256: 8c10d9b03fedb425813ee20aab4d843cef645b37d180721b084138c009c4a986
platform-python-devel-3.6.8-39.el8_4.2.ppc64le.rpm
SHA-256: ebe7db830a05d170eef4646a20cad30aa2b1afc0bfe6ea3ce60bec247cbed622
python3-debuginfo-3.6.8-39.el8_4.2.ppc64le.rpm
SHA-256: 8faf7ba466a46c35176d376157df7d943416c3cf70e4f3dd93adc9672fa70f7c
python3-debuginfo-3.6.8-39.el8_4.2.ppc64le.rpm
SHA-256: 8faf7ba466a46c35176d376157df7d943416c3cf70e4f3dd93adc9672fa70f7c
python3-debugsource-3.6.8-39.el8_4.2.ppc64le.rpm
SHA-256: 797fce5b6b6d400952c1adbaf72843acf2bf6933e99624f0ac869a121769ed95
python3-debugsource-3.6.8-39.el8_4.2.ppc64le.rpm
SHA-256: 797fce5b6b6d400952c1adbaf72843acf2bf6933e99624f0ac869a121769ed95
python3-idle-3.6.8-39.el8_4.2.ppc64le.rpm
SHA-256: cdfdc3df22fb3ecb5e5e26fb664a5e22bbbe41b2d92ee700252c14127d506580
python3-libs-3.6.8-39.el8_4.2.ppc64le.rpm
SHA-256: 4b34ac94ded7205bacd947c971f4977e0d4fd021bea5ced60cebd1017d7be0ab
python3-test-3.6.8-39.el8_4.2.ppc64le.rpm
SHA-256: dfc27d8e79a1091dd3e07303fee69ae2a2dc5bdc2b442b240bc98ffbc70f450b
python3-tkinter-3.6.8-39.el8_4.2.ppc64le.rpm
SHA-256: fd2ac192ff625b265f5ddaafbbf28df4df8b768b51a34586fe67ebbfdd7ae70c
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
SRPM
python3-3.6.8-39.el8_4.2.src.rpm
SHA-256: ccc155ba6c052661a0523bc318818527c4d05d929d53f01e6616dacab6acb530
x86_64
platform-python-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 5a72f2b755f4621c669d654ff948e428f1fc4dc12e2e7bae9804b441cc79558d
platform-python-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: fa53ba9ccf7420b658d9aee3a98e141138a186408b3039b82f1c1250164de760
platform-python-debug-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 35e136282fe88b9309d15a8b7a66e1850df04023a05cfabb0193cdcbdeed9ea7
platform-python-debug-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 505735b61225576db038ffc1c61a7b30001228a8f212c0c981d9fea55246ed3f
platform-python-devel-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 3c94161e0bb6420cb59560ef5df1ca7c453b496581d39612d0c41fde324c1938
platform-python-devel-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: b450c29a236a93899e6851a18b539adebfa6c8f50a16f23baa705a77454db54d
python3-debuginfo-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 9ebe25a1518ac887bbffbc27fae9cdda5101d0ea342a1590365ac2c371d34a8f
python3-debuginfo-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 9ebe25a1518ac887bbffbc27fae9cdda5101d0ea342a1590365ac2c371d34a8f
python3-debuginfo-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 122121fafa9913467ef83a543289980405f3f1440b76caa064a1e2135e9a7ff8
python3-debuginfo-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 122121fafa9913467ef83a543289980405f3f1440b76caa064a1e2135e9a7ff8
python3-debugsource-3.6.8-39.el8_4.2.i686.rpm
SHA-256: c6a3cec0a75137f17f9116e3a151b02fdd8a6c5ea6da9dcaaeb2ff5e297fce85
python3-debugsource-3.6.8-39.el8_4.2.i686.rpm
SHA-256: c6a3cec0a75137f17f9116e3a151b02fdd8a6c5ea6da9dcaaeb2ff5e297fce85
python3-debugsource-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 5f325c6c71c0de3a02f9f198438351a5ffd044c3070d90cf2f8055f842576f4f
python3-debugsource-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 5f325c6c71c0de3a02f9f198438351a5ffd044c3070d90cf2f8055f842576f4f
python3-idle-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 62a1c2eafad9b5c6673a1fd8818326a41061ff9af8cb7b20bf9721f63ac2ec06
python3-idle-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 0563ff6c499bfde1e90dcc71d00057bd7470d4f66ca3266d5e3d3150f1ce2d63
python3-libs-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 5d48c75f7cf8d9d82277a2d76edc9f41c18db1bcb569899201e197a647029e69
python3-libs-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 71ccdc54d2d0e876af23c8e31b505d2ba05bc3fd25aeb0f6a0af253f694a5eed
python3-test-3.6.8-39.el8_4.2.i686.rpm
SHA-256: 534cf0f8191bffe124f384033fc69f4e9b2fc5a414ae75d9a9fd132c852a2616
python3-test-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 473d0f293d470c3e37478e347038d7239121a036c73388956a2ac4a0682b766c
python3-tkinter-3.6.8-39.el8_4.2.i686.rpm
SHA-256: bb0d037f10c9df079fb2e2d4a03cea364c50709113feefc6c1db9445b1dd7dda
python3-tkinter-3.6.8-39.el8_4.2.x86_64.rpm
SHA-256: 7b0af138ec8086dbcf7a0b2adc45151deac5541dfaf378dc2770feb11c898afc
Related news
Ubuntu Security Notice 6891-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.
Red Hat Security Advisory 2023-4980-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.7 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4875-01 - Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security updates and fix several bugs. Issues addressed include bypass and privilege escalation vulnerabilities.
A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution. "urlparse has a parsing problem when the entire URL starts with blank characters," the CERT Coordination Center (CERT/CC) said in a Friday
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.1 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Red Hat Security Advisory 2023-4090-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5.
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server c...
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.11.9 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...
Red Hat OpenShift Service Mesh 2.3.5 Containers Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptog...
Red Hat Security Advisory 2023-4032-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-4004-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.
A new image is available for Red Hat Single Sign-On 7.6.4, running on OpenShift Container Platform 3.10 and 3.11, and 4.12.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4361: Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. * CVE-2023...
Red Hat Security Advisory 2023-3781-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
An update for python3 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
Red Hat Security Advisory 2023-3777-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-3780-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
An update for python is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
Ubuntu Security Notice 5960-1 - Yebo Cao discovered that Python incorrectly handled certain URLs. An attacker could possibly use this issue to bypass blocklisting methods by supplying a URL that starts with blank characters.
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.